https in Version 2.0 aktivieren?

[Bonsai]

Setze mal in die header.php das rein:
var_dump($_SERVER['https']);
var_dump($_SERVER['HTTP_X_FORWARDED_PROTO']);

Ich vermute so langsam da ist was an der Serverkonfiguration faul ....

[jumpM]

@ Webald:

mit dem xtc5 template ists das gleiche Problem!

@Bonsai:

da steht jetzt ganz oben " NULL NULL "

[web28]

Zertifikat und Serverconfig sind ok da man fax.html fehlerfrei mit https aufrufen kann.

Bleibt als wahrscheinliche Ursache nur die htaccess.

Gruss Web28

[jumpM]

Hi,

das ist meine htaccess:

Code: PHP  [Auswählen]

##-- $Id: .htaccess 3209 2012-07-12 11:51:11Z gtb-modified $

##-- Default charset
#AddDefaultCharset UTF-8
AddDefaultCharset ISO-8859-15

##-- Disable the server signature
ServerSignature Off

##-- Turn off ETags in HTTP-header (use both directives)
<IfModule mod_headers.c>
  Header unset ETag
</IfModule>
FileETag None

##-- When caching of gzipped JS and CSS files is used, enable this setting
<IfModule mod_headers.c>
  Header set Vary Accept-Encoding
</IfModule>

##-- when using Provider 1&1 set the following lines to activate PHP5
#AddType x-mapp-php5 .php
#AddHandler x-mapp-php5 .php

# Disable directory browsing (disabled by default as this causes problems on some servers)
#Options All -Indexes

##-- Enable the compression for any type of content
<IfModule mod_deflate.c>
  <FilesMatch "\\.(js|css|html|htm|php|xml|jpg|jpeg|png|gif|svg|woff)$">
    SetOutputFilter DEFLATE
  </FilesMatch>
</IfModule>

##-- Customization of HTTP request and response headers
<IfModule mod_headers.c>
  <FilesMatch "\\.(ico|jpe?g|png|gif|swf|flv|svg)$">
    Header set Cache-Control "max-age=2592000, public"
  </FilesMatch>
  <FilesMatch "\\.(css|woff)$">
    Header set Cache-Control "max-age=604800, public"
  </FilesMatch>
  <FilesMatch "\\.(js)$">
    Header set Cache-Control "max-age=604800, private"
  </FilesMatch>
  <FilesMatch "\\.(xml|txt)$">
    Header set Cache-Control "max-age=604800, public, must-revalidate"
  </FilesMatch>
  <FilesMatch "\\.(html|htm|php)$">
    Header set Cache-Control "max-age=1, private, must-revalidate"
  </FilesMatch>
</IfModule>

##-- Generation of Expires and Cache-Control HTTP headers
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 seconds"
  ExpiresByType image/gif "access plus 2592000 seconds"
  ExpiresByType image/jpg "access plus 2592000 seconds"
  ExpiresByType image/jpeg "access plus 2592000 seconds"
  ExpiresByType image/png "access plus 2592000 seconds"
  ExpiresByType image/svg+xml "access plus 2592000 seconds"
  ExpiresByType text/html "access plus 1 seconds"
  ExpiresByType text/css "access plus 604800 seconds"
  ExpiresByType text/javascript "access plus 604800 seconds"
  ExpiresByType application/x-javascript "access plus 604800 seconds"
  ExpiresByType text/x-component "access plus 604800 seconds"
  ExpiresByType application/font-woff "access plus 604800 seconds"
  ExpiresByType image/x-icon "access plus 604800 seconds"

  <IfModule mod_headers.c>
    Header append Cache-Control "public"
  </IfModule>  
</IfModule>

##-- Configure php_flags if necessary
##-- BEGIN - use IfModule clause if PHP runs in CGI mode, otherwise just uncomment the lines with php_flag...
#<IfModule mod_php.c>

  ##-- Warn when arguments are passed by reference at function call time (from PHP5 allow_call_time_pass_reference is deprecated)
 #php_flag allow_call_time_pass_reference on

  ##-- Disable transparent sid support PHP-default is off (XTC Session only on first visit)
 #php_flag session.use_trans_sid off

  ##-- set suhosin flags because of errors with attributes (for webhosters with suhosin hardening patch enabled)
 #php_value suhosin.post.max_array_depth 0
 #php_value suhosin.post.max_array_index_length 0
 #php_value suhosin.post.max_vars 0
 #php_value suhosin.request.max_array_depth 0
 #php_value suhosin.request.max_array_index_length 0
 #php_value suhosin.request.max_vars 0

  ##-- set suhosin flags to have unencrypted session data, affecting "whos_online" & "shopping cart" (for webhosters with suhosin hardening patch enabled)patch enabled
 #php_value suhosin.session.encrypt Off
 #php_value suhosin.session.cryptkey ''

##-- END - use IfModule clause if PHP runs in CGI mode, otherwise just uncomment the lines with php_flag...
#</IfModule>

##-- Redirect error pages to Sitemap
##-- set the correct Path to ErrorDocument
ErrorDocument 400 /sitemap.html?error=400
ErrorDocument 401 /sitemap.html?error=401
ErrorDocument 402 /sitemap.html?error=402
ErrorDocument 403 /sitemap.html?error=403
ErrorDocument 404 /sitemap.html?error=404
ErrorDocument 500 /sitemap.html?error=500

##-----------------------------------------
##- SEO Shopstat Modul (Hartmut Koenig)
##-----------------------------------------
<IfModule mod_rewrite.c>
  ##-- Initialize and enable rewrite engine
 ##-- Documentation http://httpd.apache.org/docs/misc/rewriteguide.html
 RewriteEngine On


RewriteCond %{HTTP_HOST} !^www\.teebaumkosmetik\.de$ [NC]
RewriteRule ^(.*)$ https://www.teebaumkosmetik.de/$1 [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://www.teebaumkosmetik.de/$1 [L,R=301]



  ##-- EXAMPLE: If your shop is located at "http://www.yourdomain.com/shop",
 ##-- set the following line like e.g.: RewriteBase /shop/
 RewriteBase /

  ##-- disallow access to dotfiles (.htaccess, .svn, .git, etc.)
 #RedirectMatch 403 /\.
 
  ##-- Use canonical URLs
 ##-- Use SSL-Proxy
 ##-- HostEurope
 #RewriteCond %{HTTP:X-Forwarded-Server}   !^ssl\.webpack\.de$ [NC]
 ##-- 1und1
 #RewriteCond %{HTTP:X-Forwarded-Server}   !^ssl\.kundenserver\.de$ [NC]
 ##-- domainFACTORY
 #RewriteCond %{HTTP:X-Forwarded-Server}   !^sslsites\.de$ [NC]
 ##-- All-Inkl
 #RewriteCond %{HTTP:X-Forwarded-Server}   !^ssl-account\.com$ [NC]
 ##-- Strato
 #RewriteCond %{HTTP:X-Forwarded-Server}   !^www\.ssl-id\.de$ [NC]
 ##-- redirect to www-domain, when www is missing and no subdomain given and not using an ssl-proxy
 #RewriteCond %{HTTP_HOST}                 !^www\. [NC]
 #RewriteCond %{HTTP_HOST}                 !\.(.*)\. [NC]
 #RewriteCond %{HTTP_HOST}                 !^localhost [NC]
 #RewriteRule (.*)                         http://www.%{HTTP_HOST}/$1 [R=301,L]

  ##-- redirect to https-domain (Do not uncomment if you only have a SSL-Proxy!)
 #RewriteCond %{HTTPS} off
 #RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]

  ##-- Sitemap
 RewriteRule ^sitemap(.*)\.html$ shop_content.php?coID=8 [QSA,L]

  ##----------------------------------------------------------------------------------
 ##-- When working with SEO-Urls you can decide, whether to use a colon ":" or a dash "-" symbol
 ##-- (Windows Servers might have problems with colon as delimiter!)
 ##-- Change the delimiter symbol also in file "/inc/shopstat_functions.inc.php"
 ##----------------------------------------------------------------------------------

  ##-- Use colon delimiter ":" for SEO-URLS (default setting)
 ##-- Categories (:::)
 RewriteRule :::([_0-9]+):([_0-9]+)\.html$ index.php?cPath=$1&page=$2 [QSA,L]
  RewriteRule :::([_0-9]+)\.html$ index.php?cPath=$1 [QSA,L]

  ##-- Products (::)
 RewriteRule ::(.+)\.html$ product_info.php?products_id=$1 [QSA,L]

  ##-- Content (:_:)
 RewriteRule :_:([0-9]+)\.html$ shop_content.php?coID=$1 [QSA,L]

  ##-- Manufacturers (:.:)
 RewriteRule :.:([_0-9]+):([_0-9]+)\.html$ index.php?manufacturers_id=$1&page=$2 [QSA,L]
  RewriteRule :.:([0-9]+)\.html$ index.php?manufacturers_id=$1 [QSA,L]

  ##-- Use dash delimiter "-" for SEO-URLS (alternative setting i.e. for windows servers)
 ##-- Categories (---)
 RewriteRule ---([_0-9]+)-([_0-9]+)\.html$ index.php?cPath=$1&page=$2 [QSA,L]
  RewriteRule ---([_0-9]+)\.html$ index.php?cPath=$1 [QSA,L]

  ##-- Products (--)
 RewriteRule --(.+)\.html$ product_info.php?products_id=$1 [QSA,L]

  ##-- Content (-_-)
 RewriteRule -_-([0-9]+)\.html$ shop_content.php?coID=$1 [QSA,L]

  ##-- Manufacturers (-.-)
 RewriteRule -.-([_0-9]+)-([_0-9]+)\.html$ index.php?manufacturers_id=$1&page=$2 [QSA,L]
  RewriteRule -.-([0-9]+)\.html$ index.php?manufacturers_id=$1 [QSA,L]
</IfModule>

Robert

[webald]

Darf ich mal fragen, warum Du neue Einträge in htaccess machst, statt die bereits vorhandenen zu nutzen? Du mußt doch nur "#" entfernen. Steht doch alles schon da.

Code: PHP  [Auswählen]

##-- $Id: .htaccess 3209 2012-07-12 11:51:11Z gtb-modified $

##-- Default charset
#AddDefaultCharset UTF-8
AddDefaultCharset ISO-8859-15

##-- Disable the server signature
ServerSignature Off

##-- Turn off ETags in HTTP-header (use both directives)
<IfModule mod_headers.c>
  Header unset ETag
</IfModule>
FileETag None

##-- When caching of gzipped JS and CSS files is used, enable this setting
<IfModule mod_headers.c>
  Header set Vary Accept-Encoding
</IfModule>

##-- when using Provider 1&1 set the following lines to activate PHP5
#AddType x-mapp-php5 .php
#AddHandler x-mapp-php5 .php

# Disable directory browsing (disabled by default as this causes problems on some servers)
#Options All -Indexes

##-- Enable the compression for any type of content
<IfModule mod_deflate.c>
  <FilesMatch "\\.(js|css|html|htm|php|xml|jpg|jpeg|png|gif|svg|woff)$">
    SetOutputFilter DEFLATE
  </FilesMatch>
</IfModule>

##-- Customization of HTTP request and response headers
<IfModule mod_headers.c>
  <FilesMatch "\\.(ico|jpe?g|png|gif|swf|flv|svg)$">
    Header set Cache-Control "max-age=2592000, public"
  </FilesMatch>
  <FilesMatch "\\.(css|woff)$">
    Header set Cache-Control "max-age=604800, public"
  </FilesMatch>
  <FilesMatch "\\.(js)$">
    Header set Cache-Control "max-age=604800, private"
  </FilesMatch>
  <FilesMatch "\\.(xml|txt)$">
    Header set Cache-Control "max-age=604800, public, must-revalidate"
  </FilesMatch>
  <FilesMatch "\\.(html|htm|php)$">
    Header set Cache-Control "max-age=1, private, must-revalidate"
  </FilesMatch>
</IfModule>

##-- Generation of Expires and Cache-Control HTTP headers
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 seconds"
  ExpiresByType image/gif "access plus 2592000 seconds"
  ExpiresByType image/jpg "access plus 2592000 seconds"
  ExpiresByType image/jpeg "access plus 2592000 seconds"
  ExpiresByType image/png "access plus 2592000 seconds"
  ExpiresByType image/svg+xml "access plus 2592000 seconds"
  ExpiresByType text/html "access plus 1 seconds"
  ExpiresByType text/css "access plus 604800 seconds"
  ExpiresByType text/javascript "access plus 604800 seconds"
  ExpiresByType application/x-javascript "access plus 604800 seconds"
  ExpiresByType text/x-component "access plus 604800 seconds"
  ExpiresByType application/font-woff "access plus 604800 seconds"
  ExpiresByType image/x-icon "access plus 604800 seconds"

  <IfModule mod_headers.c>
    Header append Cache-Control "public"
  </IfModule>  
</IfModule>

##-- Configure php_flags if necessary
##-- BEGIN - use IfModule clause if PHP runs in CGI mode, otherwise just uncomment the lines with php_flag...
#<IfModule mod_php.c>

  ##-- Warn when arguments are passed by reference at function call time (from PHP5 allow_call_time_pass_reference is deprecated)
 #php_flag allow_call_time_pass_reference on

  ##-- Disable transparent sid support PHP-default is off (XTC Session only on first visit)
 #php_flag session.use_trans_sid off

  ##-- set suhosin flags because of errors with attributes (for webhosters with suhosin hardening patch enabled)
 #php_value suhosin.post.max_array_depth 0
 #php_value suhosin.post.max_array_index_length 0
 #php_value suhosin.post.max_vars 0
 #php_value suhosin.request.max_array_depth 0
 #php_value suhosin.request.max_array_index_length 0
 #php_value suhosin.request.max_vars 0

  ##-- set suhosin flags to have unencrypted session data, affecting "whos_online" & "shopping cart" (for webhosters with suhosin hardening patch enabled)patch enabled
 #php_value suhosin.session.encrypt Off
 #php_value suhosin.session.cryptkey ''

##-- END - use IfModule clause if PHP runs in CGI mode, otherwise just uncomment the lines with php_flag...
#</IfModule>

##-- Redirect error pages to Sitemap
##-- set the correct Path to ErrorDocument
ErrorDocument 400 /sitemap.html?error=400
ErrorDocument 401 /sitemap.html?error=401
ErrorDocument 402 /sitemap.html?error=402
ErrorDocument 403 /sitemap.html?error=403
ErrorDocument 404 /sitemap.html?error=404
ErrorDocument 500 /sitemap.html?error=500

##-----------------------------------------
##- SEO Shopstat Modul (Hartmut Koenig)
##-----------------------------------------
<IfModule mod_rewrite.c>
  ##-- Initialize and enable rewrite engine
 ##-- Documentation http://httpd.apache.org/docs/misc/rewriteguide.html
 RewriteEngine On


# RewriteCond %{HTTP_HOST} !^www\.teebaumkosmetik\.de$ [NC]
# RewriteRule ^(.*)$ https://www.teebaumkosmetik.de/$1 [L,R=301]
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*) https://www.teebaumkosmetik.de/$1 [L,R=301]



  ##-- EXAMPLE: If your shop is located at "http://www.yourdomain.com/shop",
 ##-- set the following line like e.g.: RewriteBase /shop/
 RewriteBase /

  ##-- disallow access to dotfiles (.htaccess, .svn, .git, etc.)
 #RedirectMatch 403 /\.
 
  ##-- Use canonical URLs
 ##-- Use SSL-Proxy
 ##-- HostEurope
 #RewriteCond %{HTTP:X-Forwarded-Server}   !^ssl\.webpack\.de$ [NC]
 ##-- 1und1
 #RewriteCond %{HTTP:X-Forwarded-Server}   !^ssl\.kundenserver\.de$ [NC]
 ##-- domainFACTORY
 #RewriteCond %{HTTP:X-Forwarded-Server}   !^sslsites\.de$ [NC]
 ##-- All-Inkl
 #RewriteCond %{HTTP:X-Forwarded-Server}   !^ssl-account\.com$ [NC]
 ##-- Strato
 #RewriteCond %{HTTP:X-Forwarded-Server}   !^www\.ssl-id\.de$ [NC]
 ##-- redirect to www-domain, when www is missing and no subdomain given and not using an ssl-proxy
 RewriteCond %{HTTP_HOST}                 !^www\. [NC]
  RewriteCond %{HTTP_HOST}                 !\.(.*)\. [NC]
  RewriteCond %{HTTP_HOST}                 !^localhost [NC]
  RewriteRule (.*)                         http://www.%{HTTP_HOST}/$1 [R=301,L]

  ##-- redirect to https-domain (Do not uncomment if you only have a SSL-Proxy!)
 RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]

  ##-- Sitemap
 RewriteRule ^sitemap(.*)\.html$ shop_content.php?coID=8 [QSA,L]

  ##----------------------------------------------------------------------------------
 ##-- When working with SEO-Urls you can decide, whether to use a colon ":" or a dash "-" symbol
 ##-- (Windows Servers might have problems with colon as delimiter!)
 ##-- Change the delimiter symbol also in file "/inc/shopstat_functions.inc.php"
 ##----------------------------------------------------------------------------------

  ##-- Use colon delimiter ":" for SEO-URLS (default setting)
 ##-- Categories (:::)
 RewriteRule :::([_0-9]+):([_0-9]+)\.html$ index.php?cPath=$1&page=$2 [QSA,L]
  RewriteRule :::([_0-9]+)\.html$ index.php?cPath=$1 [QSA,L]

  ##-- Products (::)
 RewriteRule ::(.+)\.html$ product_info.php?products_id=$1 [QSA,L]

  ##-- Content (:_:)
 RewriteRule :_:([0-9]+)\.html$ shop_content.php?coID=$1 [QSA,L]

  ##-- Manufacturers (:.:)
 RewriteRule :.:([_0-9]+):([_0-9]+)\.html$ index.php?manufacturers_id=$1&page=$2 [QSA,L]
  RewriteRule :.:([0-9]+)\.html$ index.php?manufacturers_id=$1 [QSA,L]

  ##-- Use dash delimiter "-" for SEO-URLS (alternative setting i.e. for windows servers)
 ##-- Categories (---)
 RewriteRule ---([_0-9]+)-([_0-9]+)\.html$ index.php?cPath=$1&page=$2 [QSA,L]
  RewriteRule ---([_0-9]+)\.html$ index.php?cPath=$1 [QSA,L]

  ##-- Products (--)
 RewriteRule --(.+)\.html$ product_info.php?products_id=$1 [QSA,L]

  ##-- Content (-_-)
 RewriteRule -_-([0-9]+)\.html$ shop_content.php?coID=$1 [QSA,L]

  ##-- Manufacturers (-.-)
 RewriteRule -.-([_0-9]+)-([_0-9]+)\.html$ index.php?manufacturers_id=$1&page=$2 [QSA,L]
  RewriteRule -.-([0-9]+)\.html$ index.php?manufacturers_id=$1 [QSA,L]
</IfModule>

[web28]

Das kann nicht jeder wissen und es gibt Anleitungen wo das so beschrieben ist. 

Diese Zeile sollte man aber auf https umschreiben, das spart eine Umleitung:

Code: PHP  [Auswählen]

RewriteRule (.*)                         https://www.%{HTTP_HOST}/$1 [R=301,L]

[hpzeller]

Hallo jumpM,

in der .htaccess machst du eine unbedingte Umleitung auf https, siehe unten, aber der Shop ist ja gar nicht für https konfiguriert, du musst die configure.php Dateien natürlich entsprechend für eine Vollverschlüsselung anpassen.

RewriteCond %{HTTP_HOST} !^www\.teebaumkosmetik\.de$ [NC]
RewriteRule ^(.*)$ https://www.teebaumkosmetik.de/$1 [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://www.teebaumkosmetik.de/$1 [L,R=301]

Gruss
Hanspeter

[Bonsai]

Nein, er hat gestern seine configure.php gepostet, da ist https drin.

Die Ursache muss eine andere sein!

da steht jetzt ganz oben " NULL NULL "

wenn sowohl $_SERVER['https'] als auch $_SERVER['HTTP_X_FORWARDED_PROTO'] NULL gibt, dann weiß PHP aus irgendeinem Grund nicht, dass hier https läuft

Was mich jetzt als erstes interessiert .... geht es denn überhaupt irgendwo mit https?

Lege mal eine test.html im Shoproot an!

Code: XML  [Auswählen]

<doctype html>
<p>Test</p>
 

Und rufe diese mit https://www.teebaumkosmetik.de/test.html auf! Geht das?

Edit:

eventuell gibt es auch in der .htaccess die Variable nicht!

Code: XML  [Auswählen]

RewriteCond %{HTTPS} off

ersetzen mit

Code: XML  [Auswählen]

RewriteCond %{SERVER_PORT} !=443

[jumpM]

@Bonsai

der Aufruf https://www.teebaumkosmetik.de/test.html geht!

der Austausch rewritecond.... ändert nichts!

Robert

[jumpM]

PHP-Version : PHP Version 5.4.45-0+deb7u2

liegt es vlt. daran????

[hpzeller]

Hallo Bonsai,

also ich habe hier jetzt nicht alle Beiträge gelesen, aber wenn man den Shop für Vollverschlüsselung konfiguriert, ist es egal was hier '$_SERVER['https']' als auch '$_SERVER['HTTP_X_FORWARDED_PROTO']' rauskommt, die von xtc_href_link() erzeugten Linksadressen haben dann immer dieses Protokoll 'https' und das ist jetzt nicht so, darum glaube ich das etwas in der configure.php nicht stimmt.

PS:
Wenn im Ordner 'local' eine Datei 'configure.php' existiert, würde diese ausgeführt, anstatt die im Ordner 'includes'.

Gruss
Hanspeter

[webald]

Hast Du die htaccess so geändert wie ich geschrieben habe?

Du führst in Deiner Version nämlich rewritebase nach der rewriterule aus und das führt meiner Meinung nach dazu, dass die regel nicht angewandt wird.

[Bonsai]

@hpzeller:

die Funktion nutzt aber die globale Variable $request_type und die wird so gesetzt:

Code: PHP  [Auswählen]

$request_type = (((isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) == 'on' || $_SERVER['HTTPS'] == '1'))) ||
                 (isset($_SERVER['HTTP_X_FORWARDED_BY']) && strpos(strtoupper($_SERVER['HTTP_X_FORWARDED_BY']), 'SSL') !== false) ||
                 (isset($_SERVER['HTTP_X_FORWARDED_HOST']) && (strpos(strtoupper($_SERVER['HTTP_X_FORWARDED_HOST']), 'SSL') !== false || strpos(strtoupper($_SERVER['HTTP_X_FORWARDED_HOST']), str_replace('https://', '', HTTPS_SERVER)) !== false)) ||
                 (isset($_SERVER['SCRIPT_URI']) && strtolower(substr($_SERVER['SCRIPT_URI'], 0, 6)) == 'https:') ||
                 (isset($_SERVER['HTTP_X_FORWARDED_SSL']) && ($_SERVER['HTTP_X_FORWARDED_SSL'] == '1' || strtolower($_SERVER['HTTP_X_FORWARDED_SSL']) == 'on')) ||
                 (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && (strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'ssl' || strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https')) ||
                 (isset($_SERVER['HTTP_SSLSESSIONID']) && $_SERVER['HTTP_SSLSESSIONID'] != '') ||
                 (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443')) ? 'SSL' : 'NONSSL';
 

Edit: man könnte da in der /includes/request_type.php mal testweise einfach nur das reinschreiben:

Code: PHP  [Auswählen]

$request_type = 'SSL';

Wenn es dann geht, übergibt vermutlich irgendein Loadbalancing Proxy die Variablen nicht sauber an den Apachen.

[jumpM]

@Webald

ich habe Deine htaccess eingefügt!!

das steht da wie folgt:

Code: PHP  [Auswählen]

  ##-- EXAMPLE: If your shop is located at

"http://www.yourdomain.com/shop",
  ##-- set the following line like e.g.: RewriteBase /shop/
 RewriteBase /

  ##-- disallow access to dotfiles (.htaccess, .svn, .git, etc.)
 #RedirectMatch 403 /\.
 
  ##-- Use canonical URLs
 ##-- Use SSL-Proxy
 ##-- HostEurope
 #RewriteCond %{HTTP:X-Forwarded-Server}   !^ssl\.webpack\.de$ [NC]
 ##-- 1und1
 #RewriteCond %{HTTP:X-Forwarded-Server}   !^ssl\.kundenserver\.de$

[NC]
  ##-- domainFACTORY
 #RewriteCond %{HTTP:X-Forwarded-Server}   !^sslsites\.de$ [NC]
 ##-- All-Inkl
 #RewriteCond %{HTTP:X-Forwarded-Server}   !^ssl-account\.com$ [NC]
 ##-- Strato
 #RewriteCond %{HTTP:X-Forwarded-Server}   !^www\.ssl-id\.de$ [NC]
 ##-- redirect to www-domain, when www is missing and no subdomain

given and not using an ssl-proxy
  RewriteCond %{HTTP_HOST}                 !^www\. [NC]
  RewriteCond %{HTTP_HOST}                 !\.(.*)\. [NC]
  RewriteCond %{HTTP_HOST}                 !^localhost [NC]
  RewriteRule (.*)                         https://www.%{HTTP_HOST}/$1

[R=301,L]

@hpzeller

configure.php ist lediglich im ordner /includes/ und /admin/includes/

Robert

[hpzeller]

Hallo Bonsai,

in der 'xtc_href_link()' wird '$request_type' lediglich dazu genutzt um allenfalls die Session noch an den Link anzuhängen siehe Code-Schnipsel aus  'xtc_href_link()' unten.

Code: PHP  [Auswählen]

      } elseif (
        ( ( ($request_type == 'NONSSL') && ($connection == 'SSL') && (ENABLE_SSL == true) )
          || ( ($request_type == 'SSL') && ($connection == 'NONSSL') )
        ) && $http_domain != $https_domain) {
        $link .= $separator . session_name() . '=' . session_id();
      }
 

Gruss
Hanspeter