AbleCommerce Shopping Cart Software


http://forums.ablecommerce.com/

R6 - FORCE SSL

http://forums.ablecommerce.com/viewtopic.php?f=65&t=19128

Page 1 of 1

R6 - FORCE SSL

Posted: Fri Sep 22, 2017 6:11 am
by sfeher
AbleCommerce Team --

We have a very customized AC installation of Gold R6 and we've been waiting for the new release of the next version before updating.
However, due to the impending Google Chrome "SSL Everywhere" enforcement, we're looking for a good way to "force" SSL throughout the whole website.

Any recommendations on best-practices for doing this on R6??

Thanks!

Re: R6 - FORCE SSL

Posted: Tue Sep 26, 2017 2:30 am
by Katie
Sorry, there is no easy way to switch the store to SSL without running into the same issues we fixed when adding the feature to Gold R11, which is also PA-DSS certified by the way.
Here is a short post where the feature is discussed - viewtopic.php?f=65&t=18963&p=83512&hili ... ssl#p83512

The version you are using was released on 09/17/2013. I would not recommend waiting to upgrade.

Thanks
Katie

Re: R6 - FORCE SSL

Posted: Fri Sep 29, 2017 2:51 am
by Odettes
sfeher wrote:AbleCommerce Team --

We have a very customized AC installation of Gold R6 and we've been waiting for the new release of the next version before updating.
However, due to the impending Google Chrome "SSL Everywhere" enforcement, we're looking for a good way to "force" SSL throughout the whole website.

Any recommendations on best-practices for doing this on R6??

Thanks!
This works great for me:

Code: Select all

    <rewrite>
      <rules>
        <rule name="HTTP to HTTPS Redirect" stopProcessing="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTPS}" pattern="off" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
        </rule>
      </rules>
    </rewrite>

Re: R6 - FORCE SSL

Posted: Fri Sep 29, 2017 3:22 am
by sfeher
Yes, Odettes -- that's similar to what we were doing in our web.config files too....

The 'magic' was found when we eliminated the "SSL Enabled" checkbox on the Store security settings.
For some reason, in R6, that disallows SSL on regular pages. By eliminating that checkbox and using these web re-write rules we accomplished our goal.

Of course, you must ensure that all the URLs inside the site are using relative links or explicit https: calls, but that's already done in our case.

Thanks,
Steve

Re: R6 - FORCE SSL

Posted: Fri Oct 06, 2017 7:18 am
by rpb3
This sounds like just the thing we're looking for. Search rankings are getting hammered by Google and probably others partly because of this.

So you
1 - add the rewrite rules to your web config
2 - Uncheck the "SSL Enabled" box in Configure - Security - System Settings

Did you
3 - Change the "Store URL" on the System Settings page to use HTTPS?

This will basically disallow any http traffic to your site right? The problem we found was that (some, maybe all) crawlers were not able to access our sitemap or robots.txt file over HTTPS because it was being redirected to the HTTP URL but the crawler was actually interpreting the redirect command and was not looking for HTML or Javascript so it would just throw an invalid format error on both files.

Not sure how big of hit that was but it was definitely flagged.

We are running Gold R10 by the way... one version too early to the party. Also heavily customized so not easy to upgrade.
All times are UTC-05:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/