homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

Controlling Magento Secure Sections with Htaccess
Looking for aid in controlling how https behaves on a Magento installation

5+ Year Member

Msg#: 4215123 posted 12:59 pm on Oct 11, 2010 (gmt 0)

Hey Guys

I am using a Magento installation with the one step checkout plugin meanning I have very few pages that need https, I want to control https search indexing and user access by redirecting the whole https version of the site except of course for the secure checkout.

This is what I have so far but the https is not kicking in on the checkout page with this code, the redirect works in all other case (i.e. I send index https to index http) just the exception that is broken

#Redirect HTTPS to HTTP except checkout
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^onestepcheckout
RewriteRule ^(.*)$ http://www.mysite.co.uk/$1 [R=301,L]

#Require SSL on checkout
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} ^onestepcheckout\/?$
RewriteRule ^(.*)$ https://www.mysite.co.uk/$1 [R=301,L]

Although I use htaccess a lot this is quite a complex one for my none programmer head to handle so any suggestions on how to fix it would be great.



10+ Year Member

Msg#: 4215123 posted 2:02 am on Oct 12, 2010 (gmt 0)

Hi --

Keep in mind that just because a page uses HTTPS it doesn't necessarily mean it requires a userid and password. Google will crawl unsecured HTTPS pages.

I had the unfortunate experience of using Magento for a while. My first instinct would be to quickly warn you away from the product if it is not too late -- my team and I are not the only ones to conclude that the product simply makes a pretense of being free and open source, and that installation of plugin modules, even if free, prevent the product from successfully upgrading itself, and on, and on (Google "magento sucks" for a taste of what others have encountered).

But if this is the card of hands you have been dealt, here's my advice.

Rather than using .htaccess, I strongly encourage you to use the features that are available in the product for what you're trying to accomplish. We also used the one page checkout, and I believe were able to accomplish the goal you describe without messing with .htaccess.

I think you will find options in the Magento admin user interface to control which pages are and are not delivered over https.

Within the Magento installation, there is an awkward combination of .htaccess files (several, at least in our installation) as well as a settings.php file, and entries in the database -- all of these together determine whether a given page is HTTPS vs HTTP, and also which parts of the site require authentication. My recollection is that there are some options to turn off HTTPS for category and product pages.

Good luck.



5+ Year Member

Msg#: 4215123 posted 6:29 am on Oct 12, 2010 (gmt 0)

Hey sublime1, thanks for the reply.

I will take a closer look at some of the admin options but have a sneaking suspicion that the devs have turned them on for a reason so I may have to go have a chat with them.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved