R6 - FORCE SSL

For general questions and discussions specific to the AbleCommerce GOLD ASP.Net shopping cart software.
Post Reply
sfeher
Captain (CAPT)
Captain (CAPT)
Posts: 220
Joined: Fri Jun 04, 2004 1:58 pm
Location: Steubenville, Ohio

R6 - FORCE SSL

Post by sfeher » Fri Sep 22, 2017 6:11 am

AbleCommerce Team --

We have a very customized AC installation of Gold R6 and we've been waiting for the new release of the next version before updating.
However, due to the impending Google Chrome "SSL Everywhere" enforcement, we're looking for a good way to "force" SSL throughout the whole website.

Any recommendations on best-practices for doing this on R6??

Thanks!

User avatar
Katie
AbleCommerce Admin
AbleCommerce Admin
Posts: 2651
Joined: Tue Dec 02, 2003 1:54 am
Contact:

Re: R6 - FORCE SSL

Post by Katie » Tue Sep 26, 2017 2:30 am

Sorry, there is no easy way to switch the store to SSL without running into the same issues we fixed when adding the feature to Gold R11, which is also PA-DSS certified by the way.
Here is a short post where the feature is discussed - viewtopic.php?f=65&t=18963&p=83512&hili ... ssl#p83512

The version you are using was released on 09/17/2013. I would not recommend waiting to upgrade.

Thanks
Katie
Thank you for choosing AbleCommerce!

http://help.ablecommerce.com - product support
http://wiki.ablecommerce.com - developer support

Odettes
Lieutenant Commander (LCDR)
Lieutenant Commander (LCDR)
Posts: 102
Joined: Wed Apr 02, 2008 11:00 am
Location: Stockholm, Sweden
Contact:

Re: R6 - FORCE SSL

Post by Odettes » Fri Sep 29, 2017 2:51 am

sfeher wrote:AbleCommerce Team --

We have a very customized AC installation of Gold R6 and we've been waiting for the new release of the next version before updating.
However, due to the impending Google Chrome "SSL Everywhere" enforcement, we're looking for a good way to "force" SSL throughout the whole website.

Any recommendations on best-practices for doing this on R6??

Thanks!
This works great for me:

Code: Select all

    <rewrite>
      <rules>
        <rule name="HTTP to HTTPS Redirect" stopProcessing="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTPS}" pattern="off" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
        </rule>
      </rules>
    </rewrite>
Sincerely,
Thomas Berglund

https://traileronline.se
AbleCommerce Gold R11 Custom

sfeher
Captain (CAPT)
Captain (CAPT)
Posts: 220
Joined: Fri Jun 04, 2004 1:58 pm
Location: Steubenville, Ohio

Re: R6 - FORCE SSL

Post by sfeher » Fri Sep 29, 2017 3:22 am

Yes, Odettes -- that's similar to what we were doing in our web.config files too....

The 'magic' was found when we eliminated the "SSL Enabled" checkbox on the Store security settings.
For some reason, in R6, that disallows SSL on regular pages. By eliminating that checkbox and using these web re-write rules we accomplished our goal.

Of course, you must ensure that all the URLs inside the site are using relative links or explicit https: calls, but that's already done in our case.

Thanks,
Steve

rpb3
Lieutenant (LT)
Lieutenant (LT)
Posts: 60
Joined: Fri Jan 23, 2009 11:20 am

Re: R6 - FORCE SSL

Post by rpb3 » Fri Oct 06, 2017 7:18 am

This sounds like just the thing we're looking for. Search rankings are getting hammered by Google and probably others partly because of this.

So you
1 - add the rewrite rules to your web config
2 - Uncheck the "SSL Enabled" box in Configure - Security - System Settings

Did you
3 - Change the "Store URL" on the System Settings page to use HTTPS?

This will basically disallow any http traffic to your site right? The problem we found was that (some, maybe all) crawlers were not able to access our sitemap or robots.txt file over HTTPS because it was being redirected to the HTTP URL but the crawler was actually interpreting the redirect command and was not looking for HTML or Javascript so it would just throw an invalid format error on both files.

Not sure how big of hit that was but it was definitely flagged.

We are running Gold R10 by the way... one version too early to the party. Also heavily customized so not easy to upgrade.

Post Reply