Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL for Admin area


Jellyman_4eva

Recommended Posts

Hi,

 

I finally managed (via the help of these very forums) to make sure my catalog checkout area is secured using the shared SSL area available from my web hosting company!!!!!!!

 

Excellent!! I have also passworded my admin folder, but what I want to do is make sure this area is secure so when I enter my password etc, it is done over a secure line.

 

I have tried editing a few bits such as the HTTP and HTTPS server lines in the admin/includes/configure.php but it keeps coming up with session()Start errors or something!! Then I have to reinstall cause they wont go away!

 

Can someone post up their exact code that works so I can please fix this!!!

 

Thanks

Link to comment
Share on other sites

I am having the same type of problem. I can use SSL to access the Administration section but when I add a basic but proper .htaccess I suddenly get the following error message:

 

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

 

Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

 

More information about this error may be available in the server error log.

 

 

--------------------------------------------------------------------------------

 

Apache/2.0.44 (Unix) mod_perl/1.99_08 Perl/v5.8.0 mod_ssl/2.0.44 OpenSSL/0.9.7 Server at www.mydomain.com Port 443

 

The error_log yields the following message:

 

[Mon Aug 18 08:01:46 2003] [alert] [client 65.68.2.195] /home/mydomain.com/WWW/

admin/.htaccess: AuthName not allowed here

 

I sure hope someone knows how to get both SSL and .htaccess to work in harmony, because this leaves the Administration section open to black hat hackers.

 

The answer is out there Neo. It will find you if you let it.

 

Kind Regards

Pancho Gringo

Sincerely,

Frank Funston Eckdall

[email protected]

Link to comment
Share on other sites

In catalog/admin/includes/configure.php make sure ENABLE_SSL is set to true.

 

define('ENABLE_SSL', true);

 

then you need to set up your .htaccess file so it uses an SSL connection, something like this.

 

SSLRequireSSL

AuthUserFile <you path to user file>

AuthName Secure

AuthType basic

require valid-user

 

If your server encounters an internal error it probably because your web server directive isnt set up to allow for the .htacees directives you want to use.

Link to comment
Share on other sites

Hi Larry,

 

Thank you very much for your help. My configure.php is correct in both places and I have been using a .htaccess directives similar to yours.

 

When it comes to httpd.conf I am using the most liberal permissions possible with the following:

AllowOverride ALL

order allow,deny

Allow from ALL

 

What does your httpd.conf look like, if you would be so kind.

 

Tanks beforehand

Sincerely,

Frank Funston Eckdall

[email protected]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...