cancel
Showing results for 
Search instead for 
Did you mean: 

Magento 1.9.3.6 and SSL on Product Page

Magento 1.9.3.6 and SSL on Product Page

Hallo,

Hello,

 

 [GERMAN]

 

ich versuche nun seit einigen Tagen SSL auf unseren Produktseiten umzusetzen. Trotz der Einstellungen im Adminbereich für SSL werden alle Produkte weiterhin von https:// auf http:// weitergeleitet.

Hat vielleicht einer einen Hinweis oder ne Idee für mich wo ich den Teil des PHP Codes finde der dafür zuständig ist?

 

Hier ein Beispiellink dazu:

https://www.burnout-trade.de/easycruiser-flower-25-kmh-basic.html

 

[ENGLISH - Google Translate]

 

I've been trying to implement SSL on our product pages for a few days now. Despite the settings in the admin area for SSL, all products continue to be redirected from https: // to http: //. Maybe someone has a hint or an idea for me where I find the part of the PHP code that is responsible for it?

 

Here an Example Link:

https://www.burnout-trade.de/easycruiser-flower-25-kmh-basic.html

6 REPLIES 6

Re: Magento 1.9.3.6 and SSL on Product Page

Hi @burnouttrade,

 

Can you share your web URL configuration?

If you are using Apache, maybe there is some rule into the .htaccess file?

Re: Magento 1.9.3.6 and SSL on Product Page

This is my .htaccess

############################################
## uncomment these lines for CGI mode
## make sure to specify the correct cgi php binary file name
## it might be /cgi-bin/php-cgi

#    Action php5-cgi /cgi-bin/php5-cgi
#    AddHandler php5-cgi .php

############################################
## GoDaddy specific options

#   Options -MultiViews

## you might also need to add this line to php.ini
##     cgi.fix_pathinfo = 1
## if it still doesn't work, rename php.ini to php5.ini

############################################
## this line is specific for 1and1 hosting

    #AddType x-mapp-php5 .php
    #AddHandler x-mapp-php5 .php

############################################
## default index file

    DirectoryIndex index.php

<IfModule mod_php5.c>

############################################
## adjust memory limit

#    php_value memory_limit 64M
    php_value memory_limit 256M
    php_value max_execution_time 18000

############################################
## disable magic quotes for php request vars

    php_flag magic_quotes_gpc off

############################################
## disable automatic session start
## before autoload was initialized

    php_flag session.auto_start off

############################################
## enable resulting html compression

    #php_flag zlib.output_compression on

###########################################
# disable user agent verification to not break multiple image upload

    php_flag suhosin.session.cryptua off

###########################################
# turn off compatibility with PHP4 when dealing with objects

    php_flag zend.ze1_compatibility_mode Off

</IfModule>

<IfModule mod_security.c>
###########################################
# disable POST processing to not break multiple image upload

    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>

<IfModule mod_deflate.c>

############################################
## enable apache served files compression
## http://developer.yahoo.com/performance/rules.html#gzip

    # Insert filter on all content
    ###SetOutputFilter DEFLATE
    # Insert filter on selected content types only
    #AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript

    # Netscape 4.x has some problems...
    #BrowserMatch ^Mozilla/4 gzip-only-text/html

    # Netscape 4.06-4.08 have some more problems
    #BrowserMatch ^Mozilla/4\.0[678] no-gzip

    # MSIE masquerades as Netscape, but it is fine
    #BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

    # Don't compress images
    #SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary

    # Make sure proxies don't deliver the wrong content
    #Header append Vary User-Agent env=!dont-vary

</IfModule>

<IfModule mod_ssl.c>

############################################
## make HTTPS env vars available for CGI mode

    SSLOptions StdEnvVars

</IfModule>

<IfModule mod_rewrite.c>

############################################
## enable rewrites

    Options +FollowSymLinks
    RewriteEngine on

############################################
## you can put here your magento root folder
## path relative to web root

    #RewriteBase /magento/

############################################
## uncomment next line to enable light API calls processing

#    RewriteRule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [QSA,L]

############################################
## rewrite API2 calls to api.php (by now it is REST only)

    RewriteRule ^api/rest api.php?type=rest [QSA,L]

############################################
## workaround for HTTP authorization
## in CGI environment

    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

############################################
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks

    RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
    RewriteRule .* - [L,R=405]

<IfModule mod_setenvif.c>
    <IfModule mod_headers.c>

        ############################################
        # X-Content-Type-Options: nosniff disable content-type sniffing on some browsers.
        Header set X-Content-Type-Options: nosniff

        ############################################
        # This header forces to enables the Cross-site scripting (XSS) filter in browsers (if disabled)
        BrowserMatch \bMSIE\s8 ie8
        Header set X-XSS-Protection: "1; mode=block" env=!ie8

    </IfModule>
</IfModule>

############################################
## redirect for mobile user agents

    #RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
    #RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
    #RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]

############################################
## always send 404 on missing files in these folders

    RewriteCond %{REQUEST_URI} !^/(media|skin|js)/

############################################
## never rewrite for existing files, directories and links

    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-l

############################################
## rewrite everything else to index.php

    RewriteRule .* index.php [L]

</IfModule>


############################################
## Prevent character encoding issues from server overrides
## If you still have problems, use the second line instead

    AddDefaultCharset Off
    #AddDefaultCharset UTF-8

<IfModule mod_expires.c>

############################################
## Add default Expires header
## http://developer.yahoo.com/performance/rules.html#expires

    ExpiresDefault "access plus 1 year"

</IfModule>

############################################
## By default allow all access

    Order allow,deny
    Allow from all

###########################################
## Deny access to release notes to prevent disclosure of the installed Magento version

    <Files RELEASE_NOTES.txt>
        order allow,deny
        deny from all
    </Files>

############################################
## If running in cluster environment, uncomment this
## http://developer.yahoo.com/performance/rules.html#etags

    #FileETag none

###########################################
## Deny access to cron.php
    <Files cron.php>

############################################
## uncomment next lines to enable cron access with base HTTP authorization
## http://httpd.apache.org/docs/2.2/howto/auth.html
##
## Warning: .htpasswd file should be placed somewhere not accessible from the web.
## This is so that folks cannot download the password file.
## For example, if your documents are served out of /usr/local/apache/htdocs
## you might want to put the password file(s) in /usr/local/apache/.

        #AuthName "Cron auth"
        #AuthUserFile ../.htpasswd
        #AuthType basic
        #Require valid-user

############################################

        Order allow,deny
        Deny from all

    </Files>

And my URL Configuration unsafe:

Basis-URR
https://www.burnout-trade.de/
[STORE VIEW]	
Basis Link URL

https://www.burnout-trade.de/
[STORE VIEW]	
Basis Skin URL

https://www.burnout-trade.de/skin/
[STORE VIEW]	
Basis Media URL

https://www.burnout-trade.de/media/
[STORE VIEW]	
Basis JavaScript URL
https://www.burnout-trade.de/js/

And this my Web Url Config safe: 

Basis-URL
https://www.burnout-trade.de/

[STORE VIEW]	
Basis Link URL
https://www.burnout-trade.de/

Basis Skin URL
https://www.burnout-trade.de/skin/
	
Basis Media URL
https://www.burnout-trade.de/media/

Basis JavaScript URL
https://www.burnout-trade.de/js/

[STORE VIEW]	
Verwende sichere URL im Shopbereich
Verwende sichere URL im Administrationsbereich
SSL-Offloading Header  = SSL_OFFLOADED

 

Re: Magento 1.9.3.6 and SSL on Product Page

Hi @burnouttrade,

 

Can you check changing the configuration scope at store view level to be sure you don't have a configuration override at that level?

Re: Magento 1.9.3.6 and SSL on Product Page

Hello @burnouttrade

 

 

Head over to your System -> Configuration -> General -> Web -> Secure area from your Magento admin. From there, you'll want to change the field for "Use Secure URLs in Frontend" to "Yes".

 

Can you please check above setting?

 

If it works then mark as a solution or give kudos.

 

If still not work then do redirect at the server level

https://bjornjohansen.no/redirect-to-https-with-nginx


Problem solved? Click Kudos & Accept as Solution!
Sunil Patel
Magento 2 Certified Professional Developer & Frontend Developer

Re: Magento 1.9.3.6 and SSL on Product Page

now i have do it in the htaccess

RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

#Now, rewrite to HTTPS:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

All Sites are now on HTTPs, only Product Sites get a Server Error (To Many Redirects)

Re: Magento 1.9.3.6 and SSL on Product Page