Redirect Loop - Network Solutions Forums

forums.networksolutions.com

Forum Rules/Regulations

Welcome Guest ( Log In )

Network Solutions Forums > nsHosting™ Forums > Domain and Directory Pointers

Reply to this topic

Start new topic

Redirect Loop, SSL certificate and subdomain issue

Rating

johnwilliams View Member Profile	May 25 2009, 11:11 AM Post #1
Group: Verified NS Member Posts: 3 Joined: 25-May 09 Member No.: 4,467	Using a subdomain for ecommerce site hosted at NS and having trouble with Redirect Loop errors in FireFox and Safari (IE too) When SSL is enabled, and the visitor begins the checkout process (calling checkout.php) the error occurs. If SSL is disabled, the store works fine - but need SSL for ecommerce security. https://store.hotwire-digital.com/ Shopping cart is by Interspire; from their knowledgebase: QUOTE I have enabled SSL but my store isn't loading. What's going on? If you have a valid SSL certificate and have enabled secure checkout from the Settings -> Site Settings page and your site doesn't load in secure mode, it may be because your web server has two separate folders for your store: one for the normal, unsecure HTTP version and one for the secure HTTPS version. If this is the case then when you load your store in secure mode, the HTTPS folder will be empty and you'll see an error such as 404 Not Found. To fix this and make your store work in both normal HTTP and secure HTTPS modes, you need to ask your hosting provider the following information: I am trying to setup my application to work in SSL mode, however my web hosting account has 2 separate folders - one for HTTP and one for HTTPS, so can you please create a symlink to redirect HTTPS requests to my HTTP folder? Once you do this my store will work in secure mode. My SSH details are as follows: Server: [Type your server here] User: [Type your SSH user here] Password: [Type your SSH password here] Your web hosting provider will then be able to create a symlink for you which will make your store work in both normal and secure modes. You can find your SSH login details in the initial email sent to you by your web host when you signed up, or in your web hosting control panel. Is it possible a symlink is missing or mis-configured?

johnwilliams View Member Profile	May 25 2009, 12:43 PM Post #2
Group: Verified NS Member Posts: 3 Joined: 25-May 09 Member No.: 4,467	Wanted to also provide extra info from few hours of google searching: There may be session-related information that does not transfer when the site contains both http and https. For my ecommerce site, you can browse the store in HTTP, but when checking out - then switch over to HTTPS. Not sure if this is causing the redirect error; Would there be any drawback to having all visitors to the store browse in HTTPS only (and refer HTTP to HTTPS?)

Guest_Duane_*	May 26 2009, 07:19 AM Post #3
Guests	QUOTE (johnwilliams @ May 25 2009, 12:21 PM) Using a subdomain for ecommerce site hosted at NS and having trouble with Redirect Loop errors in FireFox and Safari (IE too) When SSL is enabled, and the visitor begins the checkout process (calling checkout.php) the error occurs. If SSL is disabled, the store works fine - but need SSL for ecommerce security. https://store.hotwire-digital.com/ Shopping cart is by Interspire; from their knowledgebase: Is it possible a symlink is missing or mis-configured? Your hosting package has one set of files for HTTP and HTTPS; This knowledge base article is not relevant in your case. Also, the HTTP sessions are recognized in HTTPS as well; so that is not the cause of the issue either. Our proxy SSL doesn't allow server-side variables to detect HTTPS (secure). All server-side coding will always detect HTTP (non-secure), and for programs like your shopping cart that attempt to redirect non-secure connections (http://) to a secure connection (https://) will result in an infinite loop and eventually error out. The only ways around this is to either Assume the connection is secure by making all the links to the sensitive pages https, OR Use a client-side program (like javascript) to detect if it's secure and redirect if it's not. The coding below will do just that. Just add it into the HTML of any sensitive pages. CODE <script language="javascript"> if (document.location.protocol != "https:") { document.location.href = "https://store.hotwire-digital.com" + document.location.pathname; }; </script> In your case, I would ask your shopping cart provider, Interspire, how to put this code on their cart or if they can do it for you.

johnwilliams View Member Profile	May 26 2009, 09:44 AM Post #4
Group: Verified NS Member Posts: 3 Joined: 25-May 09 Member No.: 4,467	QUOTE (Duane @ May 26 2009, 08:29 AM) (snip) The only ways around this is to either Assume the connection is secure by making all the links to the sensitive pages https, OR Use a client-side program (like javascript) to detect if it's secure and redirect if it's not. The coding below will do just that. Just add it into the HTML of any sensitive pages. (snip) After contacting Interspire (thank you for the Javascript nugget!) their recommendation is to move the entire cart over to HTTPS since the cost is only a few extra milliseconds on my limited number of images. So if the subdomain -> directory is both HTTP and HTTPS, is there a way to make this directory serve only as HTTPS? This is full implementation of suggestion #1 above, right? Thanks for the help! - John

Guest_Duane_*	May 26 2009, 10:06 AM Post #5
Guests	QUOTE (johnwilliams @ May 26 2009, 10:54 AM) After contacting Interspire (thank you for the Javascript nugget!) their recommendation is to move the entire cart over to HTTPS since the cost is only a few extra milliseconds on my limited number of images. So if the subdomain -> directory is both HTTP and HTTPS, is there a way to make this directory serve only as HTTPS? This is full implementation of suggestion #1 above, right? Thanks for the help! - John There isn't any way on our shared servers to stop HTTP from resolving or to redirect HTTP to HTTPS automatically. My 1st suggestion would involve hard-coding all of your links to use https when they are going to secure locations. For example, your checkout link would go to https://store.hotwire-digital.com/checkout.php rather than http://store.hotwire-digital.com/checkout.php (as it does now) Here, you assume that visitors must have clicked checkout, so they are using https. The other option, if possible, is to put that JavaScript coding into the header or footer of your shopping cart. This will automatically redirect people to the secure page for your entire shopping cart. In either option, you would then disable any HTTPS checking by the cart so there aren't any redirect loops.

« Next Oldest · Domain and Directory Pointers · Next Newest »

Reply to this topic

Start new topic

Tags

No Tag inserted yet

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Network Solutions © 2009

Time is now: 21st November 2009 - 06:17 PM

Powered By IP.Board © 2009 IPS, Inc.

Domain Names | Web Hosting | Web Design | Shopping Cart Software | Online Marketing | SSL Certificates