Post by crunch » Fri Jul 24, 2020 5:40 am

Greetings Peoples! 8)
I'm running version 3.0.3.3 of the cart.

I have an .htaccess file at root of the dir, chmod 644. I'm trying to do simple things, like overwrite the index.php?route=common/home and make every page https, like so:

Code: Select all

RewriteEngine On
RewriteCond %{QUERY_STRING} ^route=common/home$
RewriteCond %{REQUEST_METHOD} !^POST$
RewriteRule ^index\.php$ https://%{HTTP_HOST}? [R=301,L]
#Force https redirect
RewriteCond %{HTTP_HOST} ^www.website\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.website.com/$1 [R,L]
In the admin console, I have seo urls (aliases) turned on, but I don't have any running (both IE11 and Edge did not like these AT ALL, but chrome, etc.. was fine).

Nothing in this htaccess is working, it's like the app is wrestling control of it? I tailed the error_log to see if I was throwing any errors:

sudo tail -f /var/log/httpd/error_log

nada.

This seems like it must be a config issue? Does anyone have any insight into this, we're SO CLOSE to having this ready for prime time..

Thank you!

crunch

"I have a well-thought-out plan that carries minimal risk to innocent bystanders"

"If I had a nickel for every project that went bad I'd have a bag of nickels. Then I would use that bag of nickels to beat former band members." - blackieC

"REMEMBER: The air NEVER KILLED ANYBODY. It's the ground that kills ya. KEEP THOSE METERS PINNED." - slipperman


User avatar
Newbie

Posts

Joined
Sun Aug 03, 2014 7:42 am

Post by IP_CAM » Fri Jul 24, 2020 8:41 am

Does RewriteBase / exist in your .htaccess after RewriteEngine On ?

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by crunch » Fri Jul 24, 2020 9:35 am

IP_CAM wrote:
Fri Jul 24, 2020 8:41 am
Does RewriteBase / exist in your .htaccess after RewriteEngine On ?
Why, yes it does.. commenting it out doesn't really do anything?

crunch

"I have a well-thought-out plan that carries minimal risk to innocent bystanders"

"If I had a nickel for every project that went bad I'd have a bag of nickels. Then I would use that bag of nickels to beat former band members." - blackieC

"REMEMBER: The air NEVER KILLED ANYBODY. It's the ground that kills ya. KEEP THOSE METERS PINNED." - slipperman


User avatar
Newbie

Posts

Joined
Sun Aug 03, 2014 7:42 am

Post by letxobnav » Fri Jul 24, 2020 9:48 am

rewrite rules are wrong and route=common/home should be rewritten via seo urls just like all the other routes though it does need a little adjustment.
Search for "route=common/home".

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by crunch » Fri Jul 24, 2020 9:53 am

letxobnav wrote:
Fri Jul 24, 2020 9:48 am
rewrite rules are wrong and route=common/home should be rewritten via seo urls just like all the other routes though it does need a little adjustment.
Search for "route=common/home".
You bring up an interesting point; when I use seo urls, IE11 and Edge get 404's on anything with an alias (seo url).

Any thoughts on that?

crunch

"I have a well-thought-out plan that carries minimal risk to innocent bystanders"

"If I had a nickel for every project that went bad I'd have a bag of nickels. Then I would use that bag of nickels to beat former band members." - blackieC

"REMEMBER: The air NEVER KILLED ANYBODY. It's the ground that kills ya. KEEP THOSE METERS PINNED." - slipperman


User avatar
Newbie

Posts

Joined
Sun Aug 03, 2014 7:42 am

Post by crunch » Fri Jul 24, 2020 10:03 am

IP_CAM wrote:
Fri Jul 24, 2020 8:41 am
Does RewriteBase / exist in your .htaccess after RewriteEngine On ?
[admin@server ~]$ httpd -v
Server version: Apache/2.4.6 (CentOS)

Here's what I have thus far:

Code: Select all

# 1.To use URL Alias you need to be running apache with mod_rewrite enabled.

# 2. In your opencart directory rename htaccess.txt to .htaccess.

# For any support issues please visit: http://www.opencart.com

Options +FollowSymlinks

# Prevent Directoy listing
Options -Indexes

# Prevent Direct Access to files
#<FilesMatch "(?i)((\.tpl|.twig|\.ini|\.log|(?<!robots)\.txt))">
<FilesMatch "(?i)((\.tpl|.twig|\.ini|\.log))">
 Require all denied
## For apache 2.2 and older, replace "Require all denied" with these two lines :
# Order deny,allow
# Deny from all
</FilesMatch>

# SEO URL Settings
RewriteEngine On
RewriteCond %{QUERY_STRING} ^route=common/home$
RewriteCond %{REQUEST_METHOD} !^POST$
RewriteRule ^index\.php$ https://%{HTTP_HOST}? [R=301,L]

#Force https redirect
RewriteCond %{HTTP_HOST} ^www.websitery\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.websitery.com/$1 [R,L]

# If your opencart installation does not run on the main web folder make sure you folder it does run in ie. / becomes /shop/
# RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=extension/feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=extension/feed/google_base [L]
RewriteRule ^system/storage/(.*) index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]

crunch

"I have a well-thought-out plan that carries minimal risk to innocent bystanders"

"If I had a nickel for every project that went bad I'd have a bag of nickels. Then I would use that bag of nickels to beat former band members." - blackieC

"REMEMBER: The air NEVER KILLED ANYBODY. It's the ground that kills ya. KEEP THOSE METERS PINNED." - slipperman


User avatar
Newbie

Posts

Joined
Sun Aug 03, 2014 7:42 am

Post by letxobnav » Fri Jul 24, 2020 11:44 am

first re-install the default htaccess and see if you still get 404s

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by paulfeakins » Fri Jul 24, 2020 6:31 pm

crunch wrote:
Fri Jul 24, 2020 5:40 am
overwrite the index.php?route=common/home
Free fix for this here: https://www.antropy.co.uk/blog/one-quic ... home-page/

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by letxobnav » Fri Jul 24, 2020 8:01 pm

That is a useless fix.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by crunch » Fri Jul 24, 2020 8:39 pm

letxobnav wrote:
Fri Jul 24, 2020 8:01 pm
That is a useless fix.
Word. Hard pass.

Ok, ok, swapping out the original .htaccess is working for IE/Edge stuff.. SHAME ON ME! :D

Here's what my .htaccess is, without commented lines:

Code: Select all

Options +FollowSymlinks
Options -Indexes

# Prevent Direct Access to files
<FilesMatch "(?i)((\.tpl|.twig|\.ini|\.log|(?<!robots)\.txt))">
 Require all denied
</FilesMatch>

RewriteEngine On
RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=extension/feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=extension/feed/google_base [L]
RewriteRule ^system/storage/(.*) index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
So, can't I just append:

Code: Select all

RewriteCond %{QUERY_STRING} ^route=common/home$
RewriteCond %{REQUEST_METHOD} !^POST$
RewriteRule ^index\.php$ https://%{HTTP_HOST}? [R=301,L]

#Force https redirect
RewriteCond %{HTTP_HOST} ^www.srorecords\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.srorecords.com/$1 [R,L]
to after the rewrite rule (RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA])?

Or is something else going on here?

Thank you!

crunch

"I have a well-thought-out plan that carries minimal risk to innocent bystanders"

"If I had a nickel for every project that went bad I'd have a bag of nickels. Then I would use that bag of nickels to beat former band members." - blackieC

"REMEMBER: The air NEVER KILLED ANYBODY. It's the ground that kills ya. KEEP THOSE METERS PINNED." - slipperman


User avatar
Newbie

Posts

Joined
Sun Aug 03, 2014 7:42 am

Post by letxobnav » Fri Jul 24, 2020 9:11 pm

for removing & redirecting index.php?route=common/home you can use

Code: Select all

	# remove index.php and the route=common/home query parameter
	RewriteCond %{QUERY_STRING} ^(.*)&?route=common/home(.*)$  
	RewriteRule ^/?index\.php$ /?%1%2 [R=301,L,NE]
but that will only redirect (removing route=common/home while preserving possible other query parameters) not change the url advertised on your site.
That's why I suggested; use the simple adjustment in the seo_url class for that.
(the quick fix is useless because it is like hardcoding a link, you can do it for the logo but then you would have to do it for any occurrence of common/home, including possible extensions you may install)

for ssl redirection you can use:

Code: Select all

	# force ssl for non-binaries
	RewriteCond %{HTTPS} !=on
	RewriteCond %{REQUEST_URI} !.*\.(ico|cur|mp3|webp|ttf|eot|woff|woff2|gif|jpg|JPG|jpeg|JPEG|png)$
	RewriteRule ^(.*)$ https://www.srorecords.com/$1 [R=301,L,NE]
for forcing www you can use:

Code: Select all

	# redirect any request not having www to ssl with www
	RewriteCond %{HTTP_HOST} ^srorecords\.com [NC]
	RewriteRule ^(.*)$ https://www.srorecords.com/$1 [R=301,L,NE]
To indicate to browsers that they should always address your domain in https and save you the ssl redirect in the future, you can use:

Code: Select all

	header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
along with some additional security headers:

Code: Select all

	header always set x-xss-protection "1; mode=block"
	header always set x-frame-options "SAMEORIGIN"
	header always set X-Content-Type-Options "nosniff"
	header always set referrer-policy "no-referrer-when-downgrade"	

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by crunch » Fri Jul 24, 2020 9:42 pm

letxobnav wrote:
Fri Jul 24, 2020 9:11 pm
# remove index.php and the route=common/home query parameter
RewriteCond %{QUERY_STRING} ^(.*)&?route=common/home(.*)$
RewriteRule ^/?index\.php$ /?%1%2 [R=301,L,NE]
It's placed right after RewriteBase / - still not working as expected, but maybe my expectations are at fault?

I figured I would have a link, say in the breadcrumbs, like:

https://www.srorecords.com/index.php?route=common/home

and when clicked, the htaccess would remove the string portion, i.e., making it:

https://www.srorecords.com

It really doesn't seem as excited about it as I am, lol!

letxobnav wrote:
Fri Jul 24, 2020 9:11 pm
That's why I suggested; use the simple adjustment in the seo_url class for that.
So, what specifically should it read? I mean, for the query and keyword?

They also have this fix where I add a new php page and run some queries? Not very comfortable with this, is this accurate?

https://isenselabs.com/posts/how-to-rem ... 23x-and-3x


letxobnav wrote:
Fri Jul 24, 2020 9:11 pm
(the quick fix is useless because it is like hardcoding a link, you can do it for the logo but then you would have to do it for any occurrence of common/home, including possible extensions you may install)
:D That's exactly what I did, lol!


letxobnav wrote:
Fri Jul 24, 2020 9:11 pm
To indicate to browsers that they should always address your domain in https and save you the ssl redirect in the future, you can use:

Code: Select all

	header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
along with some additional security headers:

Code: Select all

	header always set x-xss-protection "1; mode=block"
	header always set x-frame-options "SAMEORIGIN"
	header always set X-Content-Type-Options "nosniff"
	header always set referrer-policy "no-referrer-when-downgrade"	
Thank you so much. Once I get the site solid, I really need to focus on security aspects. Is there a list of 'to do' items that will help me harden this app?

crunch

"I have a well-thought-out plan that carries minimal risk to innocent bystanders"

"If I had a nickel for every project that went bad I'd have a bag of nickels. Then I would use that bag of nickels to beat former band members." - blackieC

"REMEMBER: The air NEVER KILLED ANYBODY. It's the ground that kills ya. KEEP THOSE METERS PINNED." - slipperman


User avatar
Newbie

Posts

Joined
Sun Aug 03, 2014 7:42 am

Post by letxobnav » Fri Jul 24, 2020 10:37 pm

to use this:

Code: Select all

RewriteCond %{QUERY_STRING} ^(.*)&?route=common/home(.*)$
RewriteRule ^/?index\.php$ /?%1%2 [R=301,L,NE]
you better turn seo urls off in OC or you will get strange results.
Better not use htaccess but do it in catalog/controller/startup/seo_url.php
That will cover any link initiated with common/home.

to do it in seo_url:
after:

Code: Select all

				} elseif ($key == 'path') {
					$categories = explode('_', $value);

					foreach ($categories as $category) {
						$query = $this->db->query("SELECT * FROM " . DB_PREFIX . "seo_url WHERE `query` = 'category_id=" . (int)$category . "' AND store_id = '" . (int)$this->config->get('config_store_id') . "' AND language_id = '" . (int)$this->config->get('config_language_id') . "'");

						if ($query->num_rows && $query->row['keyword']) {
							$url .= '/' . $query->row['keyword'];
						} else {
							$url = '';

							break;
						}
					}

					unset($data[$key]);
				}

add:

Code: Select all

				 elseif ($key == 'route') {
					if ($data['route'] == 'common/home') {
						if ($url == '') $url = '/';
						unset($data[$key]);
					}
				}

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by crunch » Fri Jul 24, 2020 10:47 pm

Perfect. Painless.

letxobnav wrote:
Fri Jul 24, 2020 10:37 pm

add:

Code: Select all

				 elseif ($key == 'route') {
					if ($data['route'] == 'common/home') {
						if ($url == '') $url = '/';
						unset($data[$key]);
					}
				}

That's the most elegant solution yet - why does everyone else have these crazy 'solutions'?


What do other people do for seo urls for:

Contact Us
Returns
Site Map
My Account
Order History
Newsletter

...etc?


Again, thank you very much!

crunch

"I have a well-thought-out plan that carries minimal risk to innocent bystanders"

"If I had a nickel for every project that went bad I'd have a bag of nickels. Then I would use that bag of nickels to beat former band members." - blackieC

"REMEMBER: The air NEVER KILLED ANYBODY. It's the ground that kills ya. KEEP THOSE METERS PINNED." - slipperman


User avatar
Newbie

Posts

Joined
Sun Aug 03, 2014 7:42 am

Post by letxobnav » Fri Jul 24, 2020 11:01 pm

What do other people do for seo urls for:

Contact Us
Returns
Site Map
My Account
Order History
Newsletter

...etc?
only use seo urls for urls you wish to have indexed by search engines (hence the name seo urls), any others are futile.
Additional drawbacks:
1) more complex robots.txt where you have to disallow each seo url (x language) instead of wildcarding checkout, account, etc.
2) the fact that additional seo urls slows down.
3) additional seo urls take away available keywords

Did I mention that the others are also futile?

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by crunch » Fri Jul 24, 2020 11:23 pm

letxobnav wrote:
Fri Jul 24, 2020 11:01 pm
only use seo urls for urls you wish to have indexed by search engines (hence the name seo urls), any others are futile.
Additional drawbacks:
1) more complex robots.txt where you have to disallow each seo url (x language) instead of wildcarding checkout, account, etc.
2) the fact that additional seo urls slows down.
3) additional seo urls take away available keywords

Did I mention that the others are also futile?

Yeah, I guess that devolved into 'vanity' pretty quickly, lol - fair enough.


Now I'm enjoying the thrill of getting google recaptcha working - I'm getting an error where it can't find a 'suitable wrapper'?

(NEVERMIND - server config issue with php - here's the rest of my crap for posterity - enjoy!!!)

Code: Select all

Warning: file_get_contents(): http:// wrapper is disabled in the server configuration by allow_url_fopen=0 in...
...failed to open stream: no suitable wrapper could be found in /serverpath/catalog/controller/extension/captcha/google.php on line 27

the line they are referencing is


Code: Select all

$recaptcha = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($this->config->get('captcha_google_secret')) . '&response=' . $this->request->post['g-recaptcha-response'] . '&remoteip=' . $this->request->server['REMOTE_ADDR']);

I have the php.ini running at root, which I'm not too excited by, but inside it, I have allow_url_fopen = On?


Is there anything else this needs?


Tanks.

crunch

"I have a well-thought-out plan that carries minimal risk to innocent bystanders"

"If I had a nickel for every project that went bad I'd have a bag of nickels. Then I would use that bag of nickels to beat former band members." - blackieC

"REMEMBER: The air NEVER KILLED ANYBODY. It's the ground that kills ya. KEEP THOSE METERS PINNED." - slipperman


User avatar
Newbie

Posts

Joined
Sun Aug 03, 2014 7:42 am

Post by crunch » Sat Jul 25, 2020 1:30 am

crunch wrote:
Fri Jul 24, 2020 11:23 pm
I have the php.ini running at root, which I'm not too excited by, but inside it, I have allow_url_fopen = On?


Is there anything else this needs?


Tanks.

Uhhh, I can't live with allow_url_fopen and allow_url_fopen being enabled, many other sites don't have to have these enabled to use google recaptcha, what gives?


Maybe this is 'other post' material..


Thanks again!

crunch

"I have a well-thought-out plan that carries minimal risk to innocent bystanders"

"If I had a nickel for every project that went bad I'd have a bag of nickels. Then I would use that bag of nickels to beat former band members." - blackieC

"REMEMBER: The air NEVER KILLED ANYBODY. It's the ground that kills ya. KEEP THOSE METERS PINNED." - slipperman


User avatar
Newbie

Posts

Joined
Sun Aug 03, 2014 7:42 am

Post by test9x » Mon Jul 27, 2020 6:04 pm

Dear all,
I follow your codes but It isn't work in my redirect URL https://moidichvu.com/dich-vu-seo-top.html . Please help me

Newbie

Posts

Joined
Fri Jun 03, 2011 4:51 pm

Post by IP_CAM » Mon Jul 27, 2020 10:38 pm

Well, you seem to be talking about a paid Custom SEO Extension, and you
did NOT mention anything about the OC Version and/or Theme you use,
so, better get in contact with the Extension Supplier on this.
Ernie

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland
Who is online

Users browsing this forum: Semrush [Bot] and 228 guests