Problem with SSL http/https

[MP63]

I've istalled SSL on my site this works well. But when i'm logging in VM2 i have a mixed page HTTP and HTTPS. Some one told me i should change the used pictures in HTTPS. But i don't know where i can change this in VM.
I setup Joomla: "Force ssl" and did the same with VM  "Enable SSL for sensitive areas (recommended)

Mayby i'm forgotten something, please help me.

Kr,
Marcel

[PRO]

I use
https://addons.mozilla.org/en-US/firefox/addon/httpfox/


to test what items are not secure .

go to the page thats not secure. Turn on httpfox.
Then, refresh the page, and scroll looking for items with
http only

[jjk]

Just for your information: Maybe you are not yet aware of this: https://developer.mozilla.org/en-US/docs/Security/MixedContent 
Personally I think that 'Force SSL' in the Joomla settings does not contribute a lot to safety. I don't use it.
Instead I'm using VM's 'Enable SSL for sensitive areas', set 'Secure' to "On" in Edit Menu items > Metadata Options for links to sensitive pages like 'View Cart, Your Order History, Your Account', etc. and last but not least enabled 'Encrypt Login Form' for the Login Form in Module Manager > Module Login (If enabled, you can see the 'https' link in the source code of the page where the module is published).

[AH]

jjk

How are you stopping google crawling https

Google sees https and http pages as separate "sites" and therefore re-crawls everything on a site as https and http  regardles of the links you have "restricted" https to in VM or Joomla


This has negative consequences:-

Creating main link as https for a product url

and/or

Creating dual product Urls


Any ideas?

The canonical Url appears not to solve this as http:  is not specified

[jjk]

How are you stopping google crawling https

I suppose that's not possible. If somebody surfs your website with https and then goes to Google, it will recognize the referring page and try to crawl it. Currently I don't remember if we discussed the use of absolute urls (including the http://) instead of the relative urls within  the canonical links in the past already.

However, I assume the http/https duplicates are not a big issue with Google.

You can see how many of each Google has indexed if you search Google with this:

site:yourdomain inurl:http
and
site:yourdomain inurl:https

[AH]

jjk

Thanks for the reply.

I guess that most shopholders would not want to serve up product and category pages via https and have google index pages as such

I wonder Why we do not have the http in the canonical urls for the product and category pages as an option?

I guess owners could use the robot.txt "fix"

Disallow the bots from crawling the http version of your website by using .htaccess to serve two different robots.txt files. One for the secure https site, and one for the regular non-secure http site.

Code Select Expand

RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^robots\.txt$ robots_ssl.txt [L]

Then set a disallow in the robots_ssl.txt

Hmm - things to consider...

Matt Cutts provides an insight - http://www.youtube.com/watch?v=Cm9onOGTgeM

If you have a spare 20 minutes 

[jenkinhill]

I have used .htaccess and a spefcific robots_ssl.txt to prevent https page indexing.

In .htaccess:
RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^robots\.txt$ robots_ssl.txt [L]

robots_ssl.txt would be:
User-agent: *
Disallow: /

[AH]

Yep Jenkin  that's where I ended up at.

Allows for https to be used for sensitive areas and stops google wandering!

[PRO]

jjk

How are you stopping google crawling https

Google sees https and http pages as separate "sites" and therefore re-crawls everything on a site as https and http  regardles of the links you have "restricted" https to in VM or Joomla


This has negative consequences:-

Creating main link as https for a product url

and/or

Creating dual product Urls


Any ideas?

The canonical Url appears not to solve this as http:  is not specified

I use this code for

product, category, and article pages

/* Back to http */
if (JRequest::getVar('search')!='true'){
$uri = & JFactory::getURI();
   $currentcheck=JURI::current();
         $comparethis = str_replace( 'https:', 'http:', $currentcheck );
      if ($comparethis !== $currentcheck){
       $app = JFactory::getApplication();
$app->redirect($comparethis, null, null, true, true);
       }   
       }

It redirects back to http





I use this code for cart, user pages etc.
$uri = & JFactory::getURI();
   $currentcheck=JURI::current();
         $comparethis = str_replace( 'http:', 'https:', $currentcheck );
      if ($comparethis !== $currentcheck){
       $app = JFactory::getApplication();
$app->redirect($comparethis, null, null, true, true);
       }

It forces https

[AH]

Thanks Pro

I really like your approach for the store pages and I am sure some VM users will benefit from implementing such a method.

I will may adopt both approaches as the .htaccess and robot.txt method also  prevents duplication of the index.php and all other joomla pages.