Page 1 of 1

Force HTTPS on certain pages

Posted: Tue Nov 24, 2009 2:01 am
by ThatBlokeRob
Hey everyone,

I've had a couple of customers getting to the 'order/confirm' page with http not https.
This is causing problems with ajax calls when https is declared in the config.php.

Any ideas how I can force the page to use https on certain pages?
ht.access is possible, but how to define certain urls...

Robin

Re: Force HTTPS on certain pages

Posted: Tue Nov 24, 2009 2:29 am
by Daniel
which payment gateway?

sagepay?

Re: Force HTTPS on certain pages

Posted: Tue Nov 24, 2009 2:35 am
by Qphoria
Did you enable SSL? The checkout pages will automatically switch to https mode if https is configured correctly. It has nothing to do with the payment modules themselves. The main checkout pages handle it already.

Re: Force HTTPS on certain pages

Posted: Sat Dec 12, 2009 1:11 am
by iloveopencart
I stumbled on this article today since I was looking for the same solution. My concern was that even though all the links within the code specify https, there's always that person who gets to the url using http. So to prevent that and force https, it's a simple .htaccess edit. Here's the article: http://joseph.randomnetworks.com/archiv ... -htaccess/.

Re: Force HTTPS on certain pages

Posted: Wed Dec 16, 2009 7:41 am
by ThatBlokeRob
Hey Everyone,

Yep - using SagePay direct, I haven't had any users do it recently...
Just a worry because things start to break when they do! :(

@iloveopencart - I've seen that idea before, however how do I force it for only certain pages? Maybe I should read every comment :)

Robin

Re: Force HTTPS on certain pages

Posted: Mon Mar 29, 2010 10:00 pm
by Raspo
Did anyone find a solution for this?

I want to redirect the pages under index.php?route=checkout/ to the "https version" but I don't know how to do that in the .htaccess file.

Re: Force HTTPS on certain pages

Posted: Mon Mar 29, 2010 11:20 pm
by rph
If you set up your store to use SSL in Admin it'll be done automatically.

Re: Force HTTPS on certain pages

Posted: Tue Mar 30, 2010 6:31 am
by Raspo
rph wrote:If you set up your store to use SSL in Admin it'll be done automatically.
I know that, but I wanted to FORCE the SSL on certain pages like the title of the topic suggests.

By default, OpenCart let you type in an URL like this:

Code: Select all

http://www.sitename.com/index.php?route=checkout/payment
Note the non-ssl url
I want to redirect that URL to the "https version".

Anyway, I find a solution myself. I added this string in the .htaccess file:

Code: Select all

#no non-ssl access
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Now, when I type in URL like:

Code: Select all

http://www.sitename.com/index.php?route=checkout/payment
or

Code: Select all

http://www.sitename.com/index.php?route=account/create
it redirects me to

Code: Select all

https://www.sitename.com/index.php?route=checkout/payment
or

Code: Select all

https://www.sitename.com/index.php?route=account/create
Hope this helps someone, cause i've lost days in it

Re: Force HTTPS on certain pages

Posted: Tue Mar 30, 2010 7:11 am
by rph
I guess I don't see this as an issue. Even if a user manually changed the URL for some odd reason OpenCart forces them back to https when submitting information.

Re: Force HTTPS on certain pages

Posted: Tue Mar 30, 2010 6:00 pm
by Raspo
I know, but the CC company of my client find this as an issue -.-

Re: Force HTTPS on certain pages

Posted: Wed Jul 27, 2011 5:57 am
by wyocrook
Thank you thank you thank you thank you!

I posted your data in htaccess. But then I had one additional problem. For some reason my config had this:
// HTTPS
define('HTTPS_SERVER', 'http://www.qhgraphics.com/');
define('HTTPS_IMAGE', 'http://www.qhgraphics.com/image/');

I just added the 's':
// HTTPS
define('HTTPS_SERVER', 'https://www.qhgraphics.com/');
define('HTTPS_IMAGE', 'https://www.qhgraphics.com/image/');

After that I am good to go! Thanks again for the help!

Re: Force HTTPS on certain pages

Posted: Tue Nov 15, 2011 8:56 pm
by BobHL
Raspo,
I tried this change of .htaaccess on v1.5.1.3, it made shopping cart not working - when clicked "Add to Cart", nothing happened.
Raspo wrote:
rph wrote:If you set up your store to use SSL in Admin it'll be done automatically.
I know that, but I wanted to FORCE the SSL on certain pages like the title of the topic suggests.

By default, OpenCart let you type in an URL like this:

Code: Select all

http://www.sitename.com/index.php?route=checkout/payment
Note the non-ssl url
I want to redirect that URL to the "https version".

Anyway, I find a solution myself. I added this string in the .htaccess file:

Code: Select all

#no non-ssl access
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Now, when I type in URL like:

Code: Select all

http://www.sitename.com/index.php?route=checkout/payment
or

Code: Select all

http://www.sitename.com/index.php?route=account/create
it redirects me to

Code: Select all

https://www.sitename.com/index.php?route=checkout/payment
or

Code: Select all

https://www.sitename.com/index.php?route=account/create
Hope this helps someone, cause i've lost days in it

Re: Force HTTPS on certain pages

Posted: Mon Jan 09, 2012 6:45 am
by peakto
Hi Everyone!

I need a little help!

I'd like my whole OpenCart shop to be SSL protected, but here is a little problem.

I using OpenCart 1.4.9.6. and SEO enabled.

I put this code the the .htaccess file:

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
It works fine, after this, I got all pages https secured, BUT... it messing to the SEO URL-s :-(

Like:

SEO URL before the forced SSL:
http://www.mywebshop.com/goodstuff.html

and after forcing the SSL by the code:
https://www.mywebshop.com/index.php?_route_=goodstuff.html

Is anybody knows, how to fix this problem?

Thank You very much!

Re: Force HTTPS on certain pages

Posted: Tue Mar 06, 2012 5:56 pm
by jollyrobin
BobHL wrote:Raspo,
I tried this change of .htaaccess on v1.5.1.3, it made shopping cart not working - when clicked "Add to Cart", nothing happened.
Did you manage to sort this out? I'm interested in this too

Re: Force HTTPS on certain pages

Posted: Thu Mar 08, 2012 5:53 pm
by rsmck
If this breaks the 'add to cart' function on your shopping cart change the .htaccess as follows;

Code: Select all

# Require SSL for sensitive areas
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account [NC]
RewriteCond %{QUERY_STRING} !checkout/cart/update [NC]
RewriteRule (.*) https://www.yourstore.com%{REQUEST_URI} [R]

Re: Force HTTPS on certain pages

Posted: Thu Mar 08, 2012 8:00 pm
by jollyrobin
rsmck wrote:If this breaks the 'add to cart' function on your shopping cart change the .htaccess as follows;

Code: Select all

# Require SSL for sensitive areas
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account [NC]
RewriteCond %{QUERY_STRING} !checkout/cart/update [NC]
RewriteRule (.*) https://www.yourstore.com%{REQUEST_URI} [R]
This doesn't force the redirect though, so users can manually type http (which was a problem for my pci)

This seems to work though, and I added the admin login which wasn't https before.

Code: Select all

#Force https redirect
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(checkout|account|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=off

Re: Force HTTPS on certain pages

Posted: Sun Oct 06, 2013 7:56 am
by jon.mosier@mac.com
A REALLY EASY WAY TO FORCE CERTAIN PAGES TO USE HTTPS!

Just add this to the top of any php page (after the opening <?php tag).

Code: Select all

if (!isset($_SERVER['HTTPS']) || !$_SERVER['HTTPS']) { // if request is not secure, redirect to secure url
    $url = 'https://' . $_SERVER['HTTP_HOST']
                      . $_SERVER['REQUEST_URI'];

    header('Location: ' . $url);
    exit;
}

Re: Force HTTPS on certain pages

Posted: Wed Mar 12, 2014 2:29 pm
by struddyssports
When trying to force SSL for account and checkout pages, with some Add to Cart and Update Cart no longer work.

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account [NC]
RewriteCond %{QUERY_STRING} !checkout/cart [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
This code seems to have fixed it.