We have a varnish server, which has the domain: myserver.com.
Now I want to configure it to support:
When user visit https://myserver.com/login, it will get the content of another website https://s3.amazonaws.com/myserver/mysite/login/index.html, and response to user. The url seen by user is still https://myserver.com/login.
I'm not sure if this behavior is called rewrite, please correct me if I'm wrong.
Is varnish support this function? How to configure it?
No, it's called pharming. Especially for login pages.
Rewriting works only within your domain. You shouldn't be doing what you're asking about.
Also you'd need to create a backend entry for that other website and then if req.url matches with the one you want, change backend with set req.backend and set req.url to the other one.
Related
I have a TYPO3 site now running under https. All works fine, except for clicking on Show on a page in the Page tree. I then get an invalid URL which starts like 'https://https//www.'
Steps I did:
Domain record bla.com 301 redirect to https://www.bla.com
Domain record https://www.bla.com
Force SSL backend via $GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] = 2;
Should I set something else to have correct 'Show' links from the pagetree?
thanks
Do you use the backend over SSL too? Died you try to set the url schema inside each page settings from http:// to https:// to exclude this as the error?
In tsconfig TCAdefaults.pages.url_scheme = 2 needs to be added (I already had that, but thank you Paul). But a domain record was wrong; the 2nd one needed to be entered without https://
Even when I am on HTTPS, Magento's getProductUrl() always seem to return an HTTP URL. Any ways I can make this auto-switch to HTTPS? (or have it return relative protocol url).
I would say it's a rather 'standard' configuration.
Base URL is http://example.com/
Secure URL is https://example.com/
Use Secure URLs in Frontend is No
Base Link URL is {{unsecure_base_url}}
I am aware I could change the above to {{secure_base_url}} however I do not want to force a change from HTTP to HTTPS, I only need it to stay relative.
The main Magento's benefit, is that you can do anything you want with it :) So, yes, you can output HTTPS product urls or relative ones. However, before choosing a solution, let's consider the Magento authors' vision.
The HTTPS for frontend is designed to work only for specific areas like Customer account, Payment methods, Checkout, etc. There is nothing so private about products, which makes it necessary to be viewed via HTTPS as well.
By default Magento doesn't use HTTPS even for pages, mentioned above. In order to turn HTTPS on, the "Use Secure URLs in Frontend" option must be set to "Yes". Which, as described, will engage HTTPS only in limited set of pages that contain some private data.
So the best solution for you depends on specifics of the store, you are developing.
1) If you want to engage HTTPS for all the pages on frontend - then the best solution is to put "https://..." into "Base URL" option for "Unsecure" web url configuration.
2) If you want to turn on HTTPS only for product links and only for a limited number of pages, then you can override templates of that pages in order to put there relative urls. The actual code can be implemented in any way you like, even the simplest already proposed way is ok:
echo trim($_product->getProductUrl(),'http:')
3) If you want to engage HTTPS for all the product links at frontend - then the best way is to override Mage_Catalog_Module_Product_Url model and change method getUrl() - you need to put there
$routeParams['_secure'] = true;
This will produce all the product urls with HTTPS protocol.
4) If you need to show HTTP product links only at HTTP pages and HTTPS product links only at HTTPS pages, then you can use method 3) with a more sophisticated logic: check the protocol of current page before setting '_secure' parameter.
Hope, it helps.
I just did it the primitive way, sometimes it works best:
echo trim($_product->getProductUrl(),'http:')
Instead
$product->getProductUrl()
Try
$product->getUrlModel()->getUrl($product, array('_secure'=>(bool)Mage::app()->getStore()->isCurrentlySecure()))
This gives you a secure/unsecured product url based on your current protocol.
THere's an understated but important option in System | Configuration | Web ~ where you have to say "use secure url in frontend" -- if you set this to yes then a page loaded by https will use https links,
no need to write code or provide additional configuration in most cases
I have a Magento install with multiple domains (domain1.com, domain2.com) sharing a single checkout URL (checkoutdomain.com). The problem is when I proceed to cart and do to the new domain I get "no items in shopping cart" error. For some reason the session/cookies aren't being passed to the checkout domain.
I'm running Magento 1.7. I've gone to system/config/web/session cookie management and tried all of the following values in the cookie domain field:
.domain.com
.domain.com/
http://www.domain.com
http://www.domain.com
Should something else go here?
I also have cookie path field blank (default) and use http only set to yes (default).
I'm not sure what else to do here.
The first place I'd check is your store setup. Remember that you can't easily share a cart across multiple Websites, only Stores and Store Views (to use Magento's nomenclature).
Assuming that's fine, your next problem is ensuring that all of the domains use the same PHP session. You can do this by telling them all to use the same session id. Cookies are an ideal solution for this, but cookies do not work across completely different domains.
This means we have to explicitly tell checkoutdomain.com to session that we wish to load. We can force Magento to load a specific session by passing the session id as the SID GET parameter. You can get this value by calling Mage::getModel("core/session")->getEncryptedSessionId().
You should set web/session/use_frontend_sid to yes in your system configuration.
You should also keep in mind that not specifying a cookie path will make it default to the current path you are on when the cookie is set. You should default it to "/" to make sure it is being set globally for the site.
I've searched high and low for a solution to this, with no luck. My host told me they are too busy to help.
Magento 1.4.2 // SSL cert
1- When I add an item to cart, the page reloads and my item is added to cart. [good]
2- Next, I click home, and my items are no longer visible in cart sidebar. [bad]
3- Next, I click "Tops", and my items are still not visible in cart sidebar. [bad]
4- Next , I click "Bottoms" and the items show just fine.
In all cases where the cart isn't visible, I can add https to the URL and the cart loads up just fine. Can anyone help me figure out why my session is being lost between http and https?
I have all my backend web cookie settings set to "no" except for sID.
Also- When a user is logged in, the cart items ALWAYS show on the right. It's only screwy if they're a guest.
Thanks guys, if you need me to post any code let me know.
wwwdotlylifdotcom
EDIT: Here is a screenshot of my cookies session in firebug (not exactly sure what I am looking at). Hope this helps.
And here is my Session settings in magento: I have tried just about every variation of turning these on and off.
EDIT!
This issue has actually been narrowed down to a cache issue. We found out that when the cache is dumped/deleted, the website works properly. But after a few minutes of surfing the problem happens again. Does anyone have any idea? (And should i change the question title?)
I'm using a module called Lightspeed from TinyBrick, and it seems the new cache options are messing with our site. =( I'm contacting them shortly.
**EDIT Tinybricks excellent support helped us out. Thanks for all of your suggestions.
Is the session cookie being set to be HTTPS-only? That'll prevent it from being carried over to regular HTTP requests, effectively giving the user two different sessions.
You have in your screenshot two frontend cookie with two domains, one with www and an other one without. Check if you have a correct domain name in the configuration > Web tab > Cookie Management > Cookie Domain (or something close to that). If it's empty set it to ".mydomain.com" and try again.
Check if you don't have different cookie domain in your configuration in the other store views, set them to "use website".
If still doesn't work, What are the values of the fields of cookie management and the cookie validation settings
We were experiencing similar issues where our custom nav (depending on whether a user was logged in or not, was not very consistent across different pages.
We followed the suggestion # http://ka.lpe.sh/2011/06/19/magento-checking-customer-admin-is-logged-in-or-not/ to check if a user was logged base on the frontend session variable before a rendering a particular block, and it seems to have done the trick.
Perhaps you can try something similar.
Tinybricks excellent support helped us out. Thanks for all of your suggestions. This was a localized problem based off cache and a module called Lightspeed.
Is there way to disable the secure login/registeration/forgot password alone, but all other pages like checkout customer dashboard area can use https but i want to disable secure url for only customer login/registeration/forgot pages, i checked on custome r module /etc/config.xml but couldnot find anything like that.
Please help me
Thanks in advance.
First you'll want to do all this from app/code/local/ of course!
With that being said you'll need to extend/edit app/code/core/Mage/Customer/etc/config.xml:
<secure_url>
<customer>/customer/account/</customer>
</secure_url>
...and remove it.
Next you'll need to edit/extend app/code/Core/Mage/Customer/Helper/Data.php:
and modify the _getUrl()'s to force using secure url on the pages you want it to be secure:
return $this->_getUrl('customer/account', array('_secure' => true));
NOTE: Like everyone else mentioned this isn't exactly a good idea from a security stand point.
Hope this helps!
Did you think that Login pages are accessed via HTTPS for a reason? The reason is to protect them from modification. Removing HTTPS will open a huge security hole and will cause leakage of passwords of your web site visitors.
So, you should overload the blocks that contents url links and rework it to get urls witout http. But the good is to use in your box the iframes.