.htaccess proper

Post by dragonfly-ie » Sat Nov 04, 2023 4:00 am

This is the weirdest thang? also applicable for OC v2.x

If I force https in .htaccess

Code: Select all

RewriteCond %{HTTPS} off 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

The front end is working fine, but I can't get into the (admin) back end. Just loops and doesn't log in.

If I gently force SSL

Code: Select all

RewriteCond %{HTTP_HOST} !^kites-ireland\.com$ [NC]
RewriteCond %{REQUEST_URI} ^/ [NC]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://kites-ireland.com/$1 [R=301,L]

The back end is working, but the front end is not secure for card processing.

Now, I'm not a programmer, but take advice from GitHub and Stackoverflow.
Also using OC for 10 yrs building up a bit of knowledge. (Oops, me anniversary is in 5 days. )

My Q is, is there any fool proof (.htaccess) way to sort this? Sick and tired of trying ...

Have a wonderful weekend you lot!

Jay

NB: OC2.x 7.2php; OC4.x 8.1php

Dum spiro spero.

Post by halfhope » Sat Nov 04, 2023 4:22 am

My FREE extensions in marketplace. [ security | flexibility | speedup ]

Post by dragonfly-ie » Sat Nov 04, 2023 4:24 am

My config files look like this???

Code: Select all

<?php
// HTTP
define('HTTP_SERVER', 'http://kites-ireland.com/');

// HTTPS
define('HTTPS_SERVER', 'https://kites-ireland.com/');

BTW https://open.spotify.com/track/7EVQCaC9 ... 48d8ed4fed

Dum spiro spero.

Post by halfhope » Sat Nov 04, 2023 4:43 am

dragonfly-ie wrote: ↑

Sat Nov 04, 2023 4:24 am

My config files look like this???

Code: Select all

<?php
// HTTP
define('HTTP_SERVER', 'http://kites-ireland.com/');

// HTTPS
define('HTTPS_SERVER', 'https://kites-ireland.com/');

replaced

Code: Select all

<?php
// HTTP
define('HTTP_SERVER', 'https://kites-ireland.com/');

// HTTPS
define('HTTPS_SERVER', 'https://kites-ireland.com/');

My FREE extensions in marketplace. [ security | flexibility | speedup ]

Post by dragonfly-ie » Sat Nov 04, 2023 5:04 am

Thanks a bunch.

Strangely enough it only works on the oc_v4, but not for v2 ... ? Msg: This is a none secure form (to log into admin) loops again, no log in.

PS: was trying to update from v2.2.0.0. to latest 4.0.x but seems a mess. So did a new clean install of v4.

My only solution seems to be to change .htaccess every time I want to log into admin .... ? but if I do, no-one can pay by secure card payment on front page. sucks.

EDIT: removed URLs

Dum spiro spero.

Post by ADD Creative » Sat Nov 04, 2023 8:29 am

www.add-creative.co.uk

Post by dragonfly-ie » Sat Nov 04, 2023 4:59 pm

Are you saying remove above code from .htaccess
and concentrate on config.php ONLY?
Btw reminds me of MS-DOS on my first computers in the 80's, config & exec files.

Still gives me "This form is not secure" when trying to log into admin. (even the URL is https://...) ?

Any ideas what could cause this or how to fix it?
(Happened since I installed a back-up from an earlier date ...)

Cheers. Jay.

Dum spiro spero.

Post by ADD Creative » Sat Nov 04, 2023 11:02 pm

www.add-creative.co.uk

Post by dragonfly-ie » Sun Nov 05, 2023 12:07 am

ADD Creative wrote: ↑

Sat Nov 04, 2023 11:02 pm

For 2.2.0.0 you may also need to make sure site_ssl is set to true on both system/config/admin.php and /system/config/catalog.php if not already.

Cheers. Worked a treat.
'site_ssl' was set to false in both files.
Seems to have fixed the whole catalog as well.

Thanks a million.

Dum spiro spero.

Post by paulfeakins » Mon Nov 06, 2023 10:47 pm

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk