Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

denying HTTP access to the admin page


martyinCO

Recommended Posts

Hello All,

 

Does anyone know of a way to deny access to the admin page via http://.......

I only want access allowed via HTTPS://........

 

I can set up .htaccess and generate an encrypted password for particular users. But have not been able to figure out a way to display an access denied page when someone tries to access the admin page via the unsecure access URL like http://www.website.com/whatever/admin

 

TIA (Thanks In Advance) for the suggestions/input.

 

Cheers,

Marty

Link to comment
Share on other sites

In your catalog/admin/includes/configure.php, specify https:// in the define HTTP_SERVER. By doing so, you will be forced to use ssl. Note tho, that on some pages the encryption might not be full, due to the linking of non-secure images. (for example, on a default install, the specials images are not secure).

Link to comment
Share on other sites

gaia, first, let me thank you for taking time to reply. : )

However, when trying what you mention, I now get a MySQL connection error. And I believe it is due to forcing an HTTPS connection. any ideas?

(anyone?) thanks again

Cheers,

Marty (MartyinCO)

Link to comment
Share on other sites

What is the connection error you are getting? Setting HTTP_SERVER should not affect how osC communicates with mysql.. In fact, if you don't set HTTP_SERVER to use https:// then all links within the administrative interface will point back to http:// dropping your secure connection. If you were to block access to non-ssl connections, then you wouldn't be able to use the admin interface.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...