I have Magento 1.9.2.0.
With this version, enabling SSL only works with account pages, and order pages.
BTW it is funny the english text in system configuration only says
"Use Secure URLs in Frontend" Yes/No
but the french translation is more explicit:
"Utiliser des URLs sécurisées pour le front office (mon compte et passage de commande)"
the part between brackets means "my account and order pages".
is there any workaround to apply HTTPS everywhere?
I had a look to the way the menu is displayed, it leverages this from the Core:
this->getUrlModel()->getCategoryUrl($this)
this does not take into account whether SSL is required or not, that also confirms the limitation.
I might need to override this method at least for the menu.
and then I need to do the same for links to other pages (product detail etc...)
is this feature only part to magento 2.0?
thanks,
Rod
note: of course a htaccess redirection is NOT the solution I am looking at.
First Goto systems->Configuration->General->Web->unsecure and secure->base URL put https://www.yourdomain.com / in both first try only with secure and SSL should be SSL_OFFLOADED if its work then don't change unsecured URL if not then you need to change both base URL
Unfortunately this is the expected behavior, to have the site serve over https protocol you can set the base secure and base unsecure urls to https://yourdomain.com/
Related
I have just launched a site . I am using the https protocol. So my domain is https:// example
I created a google webmaster tools account and verified I was the owner of https:// example and https:// example
I then tried to set my preferred domain in the site settings (https:// example) and it asked to verify that I was the owner of http://example and http://www. example
So I now have 4 different verions of the site set up in webmaster tools. I set my preferred domain as example.com , it doesnt allowed me pick a prefered protocol.
My question is , how will google know to index the https:// and not the http:// ?
Redirect
Assuming you want everything indexed under https://example.com, you can redirect all requests to http://example.com, http://www.example.com, and https://www.example.com to be sent to https://example.com.
This is the best method as it keeps everything clean and only directly accessible via the one domain and protocol. Google (and all other users) will follow the redirect if they try to access any of the other variations.
rel canonical
Another alternative is to use rel=canonical and set this to the preferred domain. This allows you to still serve the same content over both protocols, the root domain, and www. subdomain, but sets the preferred domain as the one that should be indexed as the location for accessing that content.
noindex
A third option would be to specify noindex on all content served from the non-preferred domains / protocol. This would ensure that Search Engines would only index the content served on the preferred domain (which doesn't have noindex set).
But I wouldn't recommend this as it's not good for SEO - if someone links to http://example.com and you have it noindexed, that link is disregarded by SEs. Whereas if you use redirect or rel canonical, the link is counted towards the page on your preferred domain that the canonical / redirect goes to.
To be clear, whenever using redirects or rel canonical, you must point it to the corresponding page on the preferred domain.
So http://example.com/some-page/ should redirect to https://example.com/some-page/, not just https://example.com/
You can't set any of this using Google Webmaster Tools, you'll need to set it on the server hosting your website. The way to do this depends on how your server is configured.
You can tell it to google:
https://support.google.com/webmasters/answer/139066?hl=en
Indicate the preferred URL with the rel="canonical" link element
Suppose you want https://blog.example.com/dresses/green-dresses-are-awesome/ to be the preferred URL, even though a variety of URLs can access this content. You can indicate this to search engines as follows:
Mark up the canonical page and any other variants with a rel="canonical" link element.
Add a <link> element with the attribute rel="canonical" to the <head> section of these pages:
<link rel="canonical" href="https://blog.example.com/dresses/green-dresses-are-awesome" />
I have a magento shop with 2 languages. The language switcher works with set a different store view in the url.
/shop/?___store=myshop_view for mainlanguage
/shop/?___store=myshop_view_fr for french
That works fine and how it should work.
Now first problem comes when I am in french store and switch to mainlanguage with /shop/?___store=myshop_view, now I see the shop in the mainlanguage, but when I call /shop/ without any storeview paramenters it switches back to french. Why is that and can I change that?
The second problem comes with externall add to card links. A add to card link would look like: /shop/checkout/cart/add/uenc/aHR0cDovL3d3dy5teS13aW5lLmNoLnJ1dGlzaGF1c2VyLm5pbmUuY2gv/product/2169/?___SID=U&___store=myshop_view
So this link is for the main language. If the shop was in french before and I click this link, i get the success message in the main language, but the rest of the shop is french again.
I think the first and second problem are nearly the same. Then the add to card link will redirect to the shop overview without any store view paramenter in the url.
Any idea how I can get a add to card link that can switch the language of the shop?
As #RohitS said. Magento saves the storeview in the cookie, and with the url you can change the storeview temporary, but the value in the cookie is still the same.
Good thing is, that the external add to card link is on a subdomain, so I was able to set the cookie for the hole domain (by adding a dot before the domain name: .domain.com). In the cookie I just had to set document.cookie = "store=myshop_view_fr;path=/;domain=.my-shop.com"; The path attribute was important for me, cause the shop is in /shop/.
In the Magento installation wizard, should the base url include www or not?
Ex: www.site.com or site.com
If you plan on using a cdn to distribute your images, etc. yes, it would be a really, really good idea to have your web server use a www. host name instead of using only the bare domain name.
It's not cool when your customers start having blecherous cookie problems due to not using proper host names to sort out the different cname entries in your DNS.
Changing after the fact results in humorous non-SEO friendly reindexing by Google, Bing, et. al.
I`ve been using joomla from past 2 years. As joomla is a very popular CMS for php lovers so hackers are always trying to deface the website in joomla. Anyone can easily detect the website is using on joomla or any other programming language by using wappanalyzer software. In joomla we can access the administrator panel by typing
http://phalana.com/administrator.
So my question is how to change the /administrator to something else so that hackers will not get to the administrator panel. So far i've seen the number of extensions in official joomla directory But still something is lacking on it.Can anyone help me to change the administrator path.
Changing /administrator is a very bad idea for a lot of reasons top amongst, ironically, is security. Apart from that it:
breaks lots of components
cuts you off from easy application of security updates
the effects of renaming are unknown from a security point of view
The best way to secure Joomla's /administrator area is to follow some simple steps...
Add realm authentication to the /administrator directory that way unless you hacker manages to figure out the username and password they're stumped.
Use an extension like JSecure or Akeeba's Admin tools (both allow your to set a "secret word" on the administrator URL) or check the extensions already available in the Login Protection section of the Joomla! Extension directory (called JED for short). N.B. I personally like Admin tools the most, with the /administrator?secreword, their application firewall and the .htaccess maker.
Follow the advice on the Joomla Doc's website Security Checklist
Personally we do all of these things and a bit more... as we keep telling people.
You can protect or hide your /administrator directory by creating an alternative directory wich sets a cookie that is sent to the http header in the request. That cookie will be validated from the index.php file at the /administator directory, if is not validated (when an unauthorized user wants to detect if your site is Joomla based by the known /administrator directory), then it will be redirected to the root directory for your site.
These are the steps.
*create an alternative /administrator directory ie: /admins_place
*inside /admins_place, create an index.php with the following code
snippet
<?php
$admin_cookie_code = "_hashed_secret_code_here_";
setcookie("JoomlaAdminSession", $admin_cookie_code, 0, "/");
header("Location: ../administrator/index.php");
?>
*In administrator directory add this code snippet at the beginning of
the index.php file.
<?php
if($_COOKIE['JoomlaAdminSession'] != "_hashed_secret_code_here") {
header("Location: ../index.php");
}
I hope this helps
Even when I am on HTTPS, Magento's getProductUrl() always seem to return an HTTP URL. Any ways I can make this auto-switch to HTTPS? (or have it return relative protocol url).
I would say it's a rather 'standard' configuration.
Base URL is http://example.com/
Secure URL is https://example.com/
Use Secure URLs in Frontend is No
Base Link URL is {{unsecure_base_url}}
I am aware I could change the above to {{secure_base_url}} however I do not want to force a change from HTTP to HTTPS, I only need it to stay relative.
The main Magento's benefit, is that you can do anything you want with it :) So, yes, you can output HTTPS product urls or relative ones. However, before choosing a solution, let's consider the Magento authors' vision.
The HTTPS for frontend is designed to work only for specific areas like Customer account, Payment methods, Checkout, etc. There is nothing so private about products, which makes it necessary to be viewed via HTTPS as well.
By default Magento doesn't use HTTPS even for pages, mentioned above. In order to turn HTTPS on, the "Use Secure URLs in Frontend" option must be set to "Yes". Which, as described, will engage HTTPS only in limited set of pages that contain some private data.
So the best solution for you depends on specifics of the store, you are developing.
1) If you want to engage HTTPS for all the pages on frontend - then the best solution is to put "https://..." into "Base URL" option for "Unsecure" web url configuration.
2) If you want to turn on HTTPS only for product links and only for a limited number of pages, then you can override templates of that pages in order to put there relative urls. The actual code can be implemented in any way you like, even the simplest already proposed way is ok:
echo trim($_product->getProductUrl(),'http:')
3) If you want to engage HTTPS for all the product links at frontend - then the best way is to override Mage_Catalog_Module_Product_Url model and change method getUrl() - you need to put there
$routeParams['_secure'] = true;
This will produce all the product urls with HTTPS protocol.
4) If you need to show HTTP product links only at HTTP pages and HTTPS product links only at HTTPS pages, then you can use method 3) with a more sophisticated logic: check the protocol of current page before setting '_secure' parameter.
Hope, it helps.
I just did it the primitive way, sometimes it works best:
echo trim($_product->getProductUrl(),'http:')
Instead
$product->getProductUrl()
Try
$product->getUrlModel()->getUrl($product, array('_secure'=>(bool)Mage::app()->getStore()->isCurrentlySecure()))
This gives you a secure/unsecured product url based on your current protocol.
THere's an understated but important option in System | Configuration | Web ~ where you have to say "use secure url in frontend" -- if you set this to yes then a page loaded by https will use https links,
no need to write code or provide additional configuration in most cases