Hi ECT
I just renewed my updater, please apply it when possible
Order ID63947

I noticed a drop in sales after we switched over to HTTPS. Customers that saved previous bookmarks are not being redirected to https, instead get error messages. Here's what I have, I would welcome any suggestions.

AddHandler application/x-httpd-php54 .php .php5 .php4

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.html\ HTTP/
RewriteRule ^index\.html$ https://www.site.com/ [R=301,L]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^/?(.*) https://www.site.com/$1 [R=301,L]
<FilesMatch "\.(ico|jpg|jpeg|png|gif|js|css|swf|pdf|flv|mp3)$">
<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault "access plus 14 days"
Header set Cache-Control "public"
</IfModule>
</FilesMatch>
<FilesMatch "\.(html|htm|xml|txt|xsl)$">
Header set Cache-Control "max-age=7200, must-revalidate"
</FilesMatch>

Michael

Hi Michael

I don't think you need the cache entries there and for the https redirect, have a look here https://www.ecommercetemplates.com/support/topic.asp?TOPIC_ID=106851

Andy

Please feel free to review / rate our software

Thanks Andy,
The cache control is there because I was receiving some SEO warnings, they since went away after it was added.

I'll tinker with some code changes on the redirect, hopefully I find the right (write) one.

Michael

It keeps getting redirected to https://www.site.com/public_html/ which gives the following error.

Not Found
The requested URL /public_html/ was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I placed the .htaccess in the root, any ideas on why I'm getting this result?


Michael

This is what I regularly use in the .htaccess file

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]

..and haven't had any issues.

Andy

Please feel free to review / rate our software

Hi Andy, I tried what you just posted along the combinations in this thread https://www.ecommercetemplates.com/support/topic.asp?TOPIC_ID=106851

If a bookmark is saved as: http://www.example.com, when clicked on it's redirected to https://www.example.com/public_html/
with this error
Not Found
The requested URL /public_html/ was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I have the .htaccess placed in the root directory, not public_html/ . . . Why does it redirect to a page that doesn't exist?

Thanks,

Michael

The .htaccess file should go in the public_html folder - can you try that?

Andy

Please feel free to review / rate our software

Hi Andy,
I removed it from the root and it's only in public_html . . . same results.

Michael

Can you show your host what you are using and ask them if they can see why it is tagging the public_html folder onto the path?

Andy

Please feel free to review / rate our software

Thanks Andy,
Should've cleared the browser cache first

Michael

Something that always seems to be overlooked when implementing SSL is that the HSTS header is missing from the htaccess file. Currently your site (shop-supplies) is not using the "strict-transport-security" header, which can leave you open to man-in-the-middle attacks. You need to add that header to your htaccess file - Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

I have added the HSTS header to every site I maintain & setup.

Just running a quick HTTPS checker using Wildfire Internets free checker shows 307 Insecure Links to the Same Domain Found (+ 110 Duplicates), 1 Insecure Sitemap(s) Found which lists 12 HTTP Links found in sitemap.xml

I've uploaded a short video to Dropbox so it gives you some idea
[url]https://www.dropbox.com/s/q3pr5q96wga6q16/HTTPS-Check-19Jan2019-0320.mp4?dl=0[/url]

More detailed info is available here [url]https://www.globalsign.com/en/blog/what-is-hsts-and-how-do-i-use-it/[/url]

Hope this helps!


Will - Bolton Manchester UK

Will,

Thank you sooo much for this tip. I have always scored an A on my SSL Labs test.

After applying Header set Strict-Transport-Security "max-age=31536000" env=HTTPS I know achieve an A+

Patrick

Patrick,

Good to hear,

Will - Bolton Manchester UK

How do I configure the text for a .co.uk site, above its mentioned that the below script is standard for a .com site:

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]

It has been over 7 years that I am coming back to using this template again to develop a new store. Ive downloaded an old .htaccess file i had from years ago, which is below, is there anything on the below that should or shouldnt be used now?

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ http://www.mydomain.co.uk/ [R=301,L]

RewriteCond %{HTTP_HOST} ^mydomain\.co\.uk
RewriteRule (.*) http://www.mydomain.co.uk/$1 [R=301,L]

ErrorDocument 400 http://www.mydomain.co.uk/400.html
ErrorDocument 403 http://www.mydomain.co.uk/403.html
ErrorDocument 404 http://www.mydomain.co.uk/404.html
ErrorDocument 500 http://www.mydomain.co.uk/500.html


Thanks

J

Hi J
For the .co.uk that would be just...

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.co\.uk$ [NC]
RewriteRule ^(.*)$ https://www.example.co.uk/$1 [L,R=301]

But was that what you meant?

The other rules, I'm not sure if they are really useful. The first seems to be mapping any URL with index.php to the home page. But maybe that would result in duplicate content?
Then there is another check for a non www. address but you're already doing that along with the HTTPS check. Then there are some mappings to error documents which may not be relevant on your server now.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Hi Vince, thats great, thanks.

Jason