I have enabled SSL, and it works fine for cart/checkout etc. However, when I type https://mystore.com it just got redirected to http://mystore.com
What should I do to force a https for the entire website?
Thanks for any help!
How can I enable SSL for the entire nopcommerce site?
MVP
- 647
- 6554
- 9/14/2010
- United States
That was changed in a recent version because there is no reason for the other pages throughout the site to use an SSL as there is nothing that needs to be encrypted on them. It can also speed up the speed of the site along with helping with SEO problems that can be caused by having an https and http version of a page. If you want to change that I am not sure what is entailed.
- 220
- 1722
- 1/2/2010
- United States
I ran into this with a client a while back. Some clients just want that little padlock to show up on all pages. A reasonable request.
What I did was completely remove all references to controller attribute NopHttpsRequirment. After this I added a custom inbound url rule in IIS that looked something like this.
Pattern: (.*)
Conditions: {HTTPS} Matches the Pattern ^OFF$
Action: Redirect https://{HTTP_HOST}/{R:1} Permanent 301
Easy peasy.
The alternative would be to decorate all base controllers with NopHttpsRequirement and require SSL. Also pretty easy. I just prefer the 301 permanent redirect method personally.
t
What I did was completely remove all references to controller attribute NopHttpsRequirment. After this I added a custom inbound url rule in IIS that looked something like this.
Pattern: (.*)
Conditions: {HTTPS} Matches the Pattern ^OFF$
Action: Redirect https://{HTTP_HOST}/{R:1} Permanent 301
Easy peasy.
The alternative would be to decorate all base controllers with NopHttpsRequirement and require SSL. Also pretty easy. I just prefer the 301 permanent redirect method personally.
t
- 318
- 2134
- 5/12/2010
- United States
similar issue here:
securitysettings.forcesslforallpages does absolutely nothing!
if you type http://yourwebsite.com , it still shows unencrypted.
only if you type https://yourwebsite.com, does it encrypt all the pages
What I'd like to see is: the login page, checkout page and customer pages encrypted.
It would be nice if ALL the admin pages were encrypted -
securitysettings.forcesslforallpages does absolutely nothing!
if you type http://yourwebsite.com , it still shows unencrypted.
only if you type https://yourwebsite.com, does it encrypt all the pages
What I'd like to see is: the login page, checkout page and customer pages encrypted.
It would be nice if ALL the admin pages were encrypted -
- 318
- 2134
- 5/12/2010
- United States
joebloe wrote:
Thanks for the advice!!! ForceSslForAllPages does nothing unless you actually type in HTTPS (which no one ever does making the setting moot)
I ran into this with a client a while back. Some clients just want that little padlock to show up on all pages. A reasonable request.
What I did was completely remove all references to controller attribute NopHttpsRequirment. After this I added a custom inbound url rule in IIS that looked something like this.
Pattern: (.*)
Conditions: {HTTPS} Matches the Pattern ^OFF$
Action: Redirect https://{HTTP_HOST}/{R:1} Permanent 301
Easy peasy.
The alternative would be to decorate all base controllers with NopHttpsRequirement and require SSL. Also pretty easy. I just prefer the 301 permanent redirect method personally.
t
What I did was completely remove all references to controller attribute NopHttpsRequirment. After this I added a custom inbound url rule in IIS that looked something like this.
Pattern: (.*)
Conditions: {HTTPS} Matches the Pattern ^OFF$
Action: Redirect https://{HTTP_HOST}/{R:1} Permanent 301
Easy peasy.
The alternative would be to decorate all base controllers with NopHttpsRequirement and require SSL. Also pretty easy. I just prefer the 301 permanent redirect method personally.
t
Thanks for the advice!!! ForceSslForAllPages does nothing unless you actually type in HTTPS (which no one ever does making the setting moot)
- 50
- 376
- 8/21/2013
- United States
joebloe wrote:
For some reason on IIS 8 this doesn't work (at least for me). Could be they changed something. I didn't check. However this does
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
I merely had to change R:1 to R:0 and enable SSL and it works.
So maybe IIS7 and 8 are different. I haven't tested it with IIS7 (windows 7 / SBS 2010 etc) or on 2012 yet.
I ran into this with a client a while back. Some clients just want that little padlock to show up on all pages. A reasonable request.
What I did was completely remove all references to controller attribute NopHttpsRequirment. After this I added a custom inbound url rule in IIS that looked something like this.
Pattern: (.*)
Conditions: {HTTPS} Matches the Pattern ^OFF$
Action: Redirect https://{HTTP_HOST}/{R:1} Permanent 301
Easy peasy.
The alternative would be to decorate all base controllers with NopHttpsRequirement and require SSL. Also pretty easy. I just prefer the 301 permanent redirect method personally.
t
What I did was completely remove all references to controller attribute NopHttpsRequirment. After this I added a custom inbound url rule in IIS that looked something like this.
Pattern: (.*)
Conditions: {HTTPS} Matches the Pattern ^OFF$
Action: Redirect https://{HTTP_HOST}/{R:1} Permanent 301
Easy peasy.
The alternative would be to decorate all base controllers with NopHttpsRequirement and require SSL. Also pretty easy. I just prefer the 301 permanent redirect method personally.
t
For some reason on IIS 8 this doesn't work (at least for me). Could be they changed something. I didn't check. However this does
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
I merely had to change R:1 to R:0 and enable SSL and it works.
So maybe IIS7 and 8 are different. I haven't tested it with IIS7 (windows 7 / SBS 2010 etc) or on 2012 yet.
- 114
- 928
- 11/26/2012
- Australia
vinee wrote:
Go to
Admin --> Configuration --> Settings ---> All Settings (Advanced)
Click the "Funnel" Type icon next to Setting Name Column. Using that filter, filter for "SecuritySettings.ForceSslForAllPages" and update the setting.
Caution: You can update almost all the settings of nop commerce from this screen.
Just set "SecuritySettings.ForceSslForAllPages" setting to "true"
I have same issue, Where do I do this?
I have same issue, Where do I do this?
Go to
Admin --> Configuration --> Settings ---> All Settings (Advanced)
Click the "Funnel" Type icon next to Setting Name Column. Using that filter, filter for "SecuritySettings.ForceSslForAllPages" and update the setting.
Caution: You can update almost all the settings of nop commerce from this screen.