I've istalled SSL on my site this works well. But when i'm logging in VM2 i have a mixed page HTTP and HTTPS. Some one told me i should change the used pictures in HTTPS. But i don't know where i can change this in VM.
I setup Joomla: "Force ssl" and did the same with VM "Enable SSL for sensitive areas (recommended)
Mayby i'm forgotten something, please help me.
Kr,
Marcel
I use
https://addons.mozilla.org/en-US/firefox/addon/httpfox/
to test what items are not secure .
go to the page thats not secure. Turn on httpfox.
Then, refresh the page, and scroll looking for items with
http only
Just for your information: Maybe you are not yet aware of this: https://developer.mozilla.org/en-US/docs/Security/MixedContent ;)
Personally I think that 'Force SSL' in the Joomla settings does not contribute a lot to safety. I don't use it.
Instead I'm using VM's 'Enable SSL for sensitive areas', set 'Secure' to "On" in Edit Menu items > Metadata Options for links to sensitive pages like 'View Cart, Your Order History, Your Account', etc. and last but not least enabled 'Encrypt Login Form' for the Login Form in Module Manager > Module Login (If enabled, you can see the 'https' link in the source code of the page where the module is published).
jjk
How are you stopping google crawling https
Google sees https and http pages as separate "sites" and therefore re-crawls everything on a site as https and http regardles of the links you have "restricted" https to in VM or Joomla
This has negative consequences:-
Creating main link as https for a product url
and/or
Creating dual product Urls
Any ideas?
The canonical Url appears not to solve this as http: is not specified
Quote from: Hutson on January 02, 2014, 10:56:33 AM
How are you stopping google crawling https
I suppose that's not possible. If somebody surfs your website with https and then goes to Google, it will recognize the referring page and try to crawl it. Currently I don't remember if we discussed the use of absolute urls (including the http://) instead of the relative urls within the canonical links in the past already.
However, I assume the http/https duplicates are not a big issue with Google.
You can see how many of each Google has indexed if you search Google with this:
site:yourdomain inurl:http
and
site:yourdomain inurl:https
jjk
Thanks for the reply.
I guess that most shopholders would not want to serve up product and category pages via https and have google index pages as such
I wonder Why we do not have the http in the canonical urls for the product and category pages as an option?
I guess owners could use the robot.txt "fix"
Disallow the bots from crawling the http version of your website by using .htaccess to serve two different robots.txt files. One for the secure https site, and one for the regular non-secure http site.
RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^robots\.txt$ robots_ssl.txt [L]
Then set a disallow in the robots_ssl.txt
Hmm - things to consider...
Matt Cutts provides an insight - http://www.youtube.com/watch?v=Cm9onOGTgeM (http://www.youtube.com/watch?v=Cm9onOGTgeM)
If you have a spare 20 minutes ;D
I have used .htaccess and a spefcific robots_ssl.txt to prevent https page indexing.
In .htaccess:
RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^robots\.txt$ robots_ssl.txt [L]
robots_ssl.txt would be:
User-agent: *
Disallow: /
Yep Jenkin that's where I ended up at.
Allows for https to be used for sensitive areas and stops google wandering!
Quote from: Hutson on January 02, 2014, 10:56:33 AM
jjk
How are you stopping google crawling https
Google sees https and http pages as separate "sites" and therefore re-crawls everything on a site as https and http regardles of the links you have "restricted" https to in VM or Joomla
This has negative consequences:-
Creating main link as https for a product url
and/or
Creating dual product Urls
Any ideas?
The canonical Url appears not to solve this as http: is not specified
I use this code for
product, category, and article pages
/* Back to http */
if (JRequest::getVar('search')!='true'){
$uri = & JFactory::getURI();
$currentcheck=JURI::current();
$comparethis = str_replace( 'https:', 'http:', $currentcheck );
if ($comparethis !== $currentcheck){
$app = JFactory::getApplication();
$app->redirect($comparethis, null, null, true, true);
}
}
It redirects back to http
I use this code for cart, user pages etc.
$uri = & JFactory::getURI();
$currentcheck=JURI::current();
$comparethis = str_replace( 'http:', 'https:', $currentcheck );
if ($comparethis !== $currentcheck){
$app = JFactory::getApplication();
$app->redirect($comparethis, null, null, true, true);
}
It forces https
Thanks Pro
I really like your approach for the store pages and I am sure some VM users will benefit from implementing such a method.
I will may adopt both approaches as the .htaccess and robot.txt method also prevents duplication of the index.php and all other joomla pages.