schnappi Posted December 9, 2013 Share Posted December 9, 2013 Hi, We don't necessarily want to force SSL on all pages. But if a customer manually enters it we would like to allow it. Not sure how to make this happen in the .htaccess file (url rewriting is already on and want to make sure this isn't broken). Thanks for the assistance. Link to comment Share on other sites More sharing options...
ibndawood Posted December 9, 2013 Share Posted December 9, 2013 Hi, I don't think you need to do anything extra. If you have enabled SSL, this is how it will work : * By default the orders page and login page will be redirected to https if the user used http. * If the user used http, they will not be redirected to https unless we use the force SSL on all pages option. * Finally if the user just enters https, then he will stay in https and it will not throw any errors as long as all the elements are secure. Link to comment Share on other sites More sharing options...
schnappi Posted December 9, 2013 Author Share Posted December 9, 2013 Hi, I don't think you need to do anything extra. If you have enabled SSL, this is how it will work : * By default the orders page and login page will be redirected to https if the user used http. * If the user used http, they will not be redirected to https unless we use the force SSL on all pages option. * Finally if the user just enters https, then he will stay in https and it will not throw any errors as long as all the elements are secure. Just tested it before posting. If a customer enters https they are redirected to http. Link to comment Share on other sites More sharing options...
ibndawood Posted December 9, 2013 Share Posted December 9, 2013 oh..! Let me check. Link to comment Share on other sites More sharing options...
ibndawood Posted December 9, 2013 Share Posted December 9, 2013 Hi, That is not the default behaviour. But i think it could be rewritten in your htaccess file. Do you find anything like this : RewriteCond %{HTTPS} on RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} Link to comment Share on other sites More sharing options...
schnappi Posted December 9, 2013 Author Share Posted December 9, 2013 Hi, That is not the default behaviour. But i think it could be rewritten in your htaccess file. Do you find anything like this : RewriteCond %{HTTPS} on RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} RewriteEngine on RewriteCond %{HTTP_HOST} ^www..com$ RewriteRule . - [E=REWRITEBASE:/] RewriteRule ^api/?(.*)$ %{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L] Link to comment Share on other sites More sharing options...
vekia Posted December 9, 2013 Share Posted December 9, 2013 can you share url to your website? it looks like you've got some problems there by default you should be redirected from non-ssl to ssl page. Link to comment Share on other sites More sharing options...
schnappi Posted December 15, 2013 Author Share Posted December 15, 2013 can you share url to your website? it looks like you've got some problems there by default you should be redirected from non-ssl to ssl page. can you share url to your website? it looks like you've got some problems there by default you should be redirected from non-ssl to ssl page. Sent the url via private message. Link to comment Share on other sites More sharing options...
Recommended Posts