Post by justme » Sun Aug 16, 2015 1:39 pm

Is the a way to secure an entire site so that get a better sense of security

My site is http://dealo.com.au

TIA

Newbie

Posts

Joined
Wed Jul 11, 2012 2:21 pm

Post by IP_CAM » Mon Aug 17, 2015 4:50 am

look here to find many answers to this:
https://www.google.com/search?q=update+ ... 8&oe=utf-8
Ernie

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by Dhaupin » Tue Aug 18, 2015 3:43 am

We made a mod here that takes care of all the little things needed to run https, multistore friendly: http://www.opencart.com/index.php?route ... n_id=19396 Sorry it doesnt work with 2.x yet, been so stinking busy....

Or, alternatively you can use cloudflare with a forced page rule, but you might still need that mod for relative assets and the header switching

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA

Post by JAY6390 » Thu Oct 22, 2015 6:40 pm

The simplest solution is to simply open your config file and add an 's' to the 'http://' changing it to 'https://' for all the necessary urls

Image


User avatar
Guru Member

Posts

Joined
Wed May 26, 2010 11:47 pm
Location - United Kingdom

Post by GraemeH » Thu Oct 29, 2015 10:27 pm

JAY6390 wrote:The simplest solution is to simply open your config file and add an 's' to the 'http://' changing it to 'https://' for all the necessary urls
Hi Jay,

I was told there were also some core files that needed to be changed for this?

New member

Posts

Joined
Fri Apr 20, 2012 4:56 pm

Post by herischarles » Wed Nov 04, 2015 2:32 pm

You can make your whole site https secured by adding this following code in your .htaccess file:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]
</IfModule>

Newbie

Posts

Joined
Wed Nov 04, 2015 1:54 pm
Location - canada

Post by JAY6390 » Thu Nov 05, 2015 3:39 am

@GraemeH - That's not true

@herischarles - that would actually cause some major issues with things like payment gateway callbacks and some forms being submitted

Image


User avatar
Guru Member

Posts

Joined
Wed May 26, 2010 11:47 pm
Location - United Kingdom

Post by paynetech » Mon Mar 07, 2016 10:47 pm

herischarles wrote:You can make your whole site https secured by adding this following code in your .htaccess file:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]
</IfModule>
Works beautifully but I can confirm it breaks OpenBay Pro. I even tried all workarounds which excluded openbaypro traffic (under their instruction) but to no avail. Ended up using the config.php "add an s to the http url" hack, works great. Still possible for old links to route to non ssl, and this in turn breaks font loading etc. but as long as you fix all the links and google isn't indexing old links you should be grand.

Newbie

Posts

Joined
Wed Apr 01, 2015 12:16 am

Post by paulfeakins » Fri Mar 11, 2016 6:16 pm

paynetech wrote:Works beautifully but I can confirm it breaks OpenBay Pro.
I agree with Jay, I don't recommend anyone uses that method.
paynetech wrote:Ended up using the config.php "add an s to the http url" hack, works great.

This is not a hack, this is a good solution.
paynetech wrote:Still possible for old links to route to non ssl, and this in turn breaks font loading etc. but as long as you fix all the links and google isn't indexing old links you should be grand.
Correct, you'll need to make sure that all 3rd party external resources you're loading are also being loaded over HTTPS. This could be fonts, JavaScript libraries, widgets etc.

You should also add this to .htaccess:

Code: Select all

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by burrito » Fri Mar 11, 2016 6:19 pm

easiest way for loading external content is to use leading // instead of http:// or https:// it'll use the correct protocol either way.

Image
Opencart specialist | Our website | Our modules


User avatar
Active Member

Posts

Joined
Tue Dec 15, 2009 6:10 pm
Location - Amsterdam, The Netherlands

Post by dmsims » Sun Mar 13, 2016 4:30 am

If you alter the config files and don't use a redirect how are inbound links handled ?

Active Member

Posts

Joined
Sat Apr 13, 2013 6:05 pm

Post by IP_CAM » Sun Mar 13, 2016 8:49 am

this could possibly be of help as well, to handle 'inbound' links:

Full Site HTTPS OC v.1.5.6 - 2.1.0.2 free
http://www.opencart.com/index.php?route ... n_id=25769

Ernie
openshop.li

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by paulfeakins » Mon Mar 14, 2016 6:05 pm

dmsims wrote:If you alter the config files and don't use a redirect how are inbound links handled ?
The answer's in the question - they don't get redirected ;)

However, all links on the page will be https, so once they click something they'll be on https.

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by davidcropley » Thu Jun 09, 2016 6:11 am

I believe the best way is to create a mirror of your site and have https traffic rerouted to this directory. This was you keep both http and https versions to avoid errors. Don't ask me the best way to do this though - I don't know! :drunk:

New member

Posts

Joined
Thu Jul 12, 2012 2:18 am

Post by calderwood » Tue Jan 10, 2017 8:02 am

Works beautifully but I can confirm it breaks OpenBay Pro. I even tried all workarounds which excluded openbaypro traffic (under their instruction) but to no avail. Ended up using the config.php "add an s to the http url" hack, works great. Still possible for old links to route to non ssl, and this in turn breaks font loading etc. but as long as you fix all the links and google isn't indexing old links you should be grand.[/quote]

Did you ever solve this problem? We have the same with OpenBay broken and OB support says it is the use of SSL

David C.
I wonder if the sun is shining outside? :laugh:


User avatar
New member

Posts

Joined
Tue Jan 03, 2012 7:59 am
Location - Somerville, NJ

Post by bellafred » Mon Jan 16, 2017 4:35 pm

Thank you for this information.

Ballarat florist


Newbie

Posts

Joined
Sun Dec 18, 2016 5:46 pm
Location - Forster

Post by BigLen » Mon Mar 13, 2017 1:17 pm

PLEASE HELP!! OC Version 1.5.6.4
I have used the 'add an S to the Http in config.php' method mentioned earlier in this thread, along with

Code: Select all

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
inserted within the htaccess file to redirect my site fully to SSL.
I thought that it was working fine, but for some reason now if you direct your browser to either the plain 'http' or 'www' address of my site, it no longer redirects to the https address? Once you click on a link, then the site redirects properly to https. I wouldn't be so concerned, however some parts of the site don't load properly if accessed at the non-ssl addresses.
I have tried to enter a redirect via CPanel to see if that would work, however it results in an error for excessive redirects.
The funny thing is; I went into my site and changed the config.php back to default setting, and commented out the code in htaccess, yet my site remains down with the "too many redirects" error, as long as I try to redirect at CPanel. How can I get my site to load with https:// regardless of how a visitor enters the address?
Thanks in advance!

Big Len
https://BigLensCycles.com

Image
Quality Motorcycle ATV and UTV Parts & Accessories - Discount Prices


New member

Posts

Joined
Sun Sep 07, 2014 7:04 am
Who is online

Users browsing this forum: No registered users and 41 guests