I seem to get 404 pages whenever I click an SEO link in my store while using SSL. I can reproduce the problem by doing the following:
- Click the add to cart button for any product.
- Now go to the checkout
- Now while using HTTPS (SSL) click any SEO friendly link.
Any SEO friendly link on the site does the same thing while using an SSL, but not while using HTTP.
Can anyone else reproduce this? I don’t know if I ever tested this before, but it’s happening on 2.0.10
I just thought I would post a follow up to this in case someone else runs into it.
I launched my store originally on a test account on a server cloud with a fairly wide open firewall. When we moved to our own private cloud server with a locked down firewall we ran into issues. To get SSL to work you need to either enable DNS doctoring on your firewall or add a line to your HOSTS file which points your store URL to the internal IP behind the firewall.
That took about 10 emails to CSC and 5 to my host to figure out. CSC originally modified some code to make it work, but I was not happy with that, so my server admin did some digging and discovered what the code was doing and came up with the better solution above.
This was most likely an error in the configuration of the server by your host. If the SSL conf include file has AllowOverride explicitly set to None, then your .htaccess file will not be able to rewrite the SEO urls as they come in, which results in the default Apache “Not Found” error you were seeing.
This is not a bug in CS Cart, but a misconfiguration by your host.
I’m pretty sure that’s how it’s designed. Why would you want your product pages secure? Everything that is covered by SSL in the shop has no reason to be SEO.
I think I remember someone securing their entire shop and wondered why it didn’t work correctly.
part of the problem was allowing the override, however the other is an issue with how they program the code. It does not consider the use of firewalls. I administer my own sever, but I’m new to Linux. I’ve been administering windows servers for about 10 years, but I’m still fumbling around with apache and linux.
[quote name=‘Tool Outfitters’]I’m pretty sure that’s how it’s designed. Why would you want your product pages secure? Everything that is covered by SSL in the shop has no reason to be SEO.
I think I remember someone securing their entire shop and wondered why it didn’t work correctly.[/QUOTE]
Correct, however if you visit a secure area of the site (ie: checkout/cart/etc) all the links are relative to the root of the site, thus they inherit the https://www.yourdomain.com instead of http://
What actually happens is that when the request comes in for [url]yourdomain.com, the server gets the request (for a file that doesn’t exist), mod_rewrite (via .htaccess) passes the “broken” link to the index script where the SEO addon checks the database to see if it exists, it finds the page, and serves up the content of it, which redirects the user to [url]yourdomain.com, which still doesn’t exist, so it get’s rewritten, the SEO module gets the content, and serves it up.
So without SSL connections being able to load mod_rewrite to transparently process SEO links that may come in on https protocol, the links will only work when clicked from a non-secure page.
As stated before, the issue isn’t with CS Cart, but with the configuration of apache on the server. It could also be a firewall issue, but if that were the case, you would be presented with a connection timeout or server not found error as opposed to the “page not found” you get from apache when it tries to access a file that doesn’t exist due to lack of transparent rewriting.