logo
Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Icon
Error

Options
Go to last post Go to first unread
david9688526  
#1 Posted : Tuesday, November 26, 2024 1:48:22 PM(UTC)
david9688526

Rank: Newbie

Groups: Developers
Joined: 4/17/2020(UTC)
Posts: 1

Thanks: 1 times
After dealing with site outages for many months as a result of Facebook and other AI bots very aggressively crawling our site (100s of hits per minute), I finally put CloadFlare free in place last night. When I woke up this morning, the site was stuck in endless redirect loops. After a bit of research, I ended up resolving that by turning off the site's SSL Redirection feature as CloudFlare handles that better and the two conflict.

But then, when we were processing orders, we noticed we can no longer view Credit Card details as we get the following error: There is cardholder information available, but you must enable SSL before viewing it.

The page is definitely secured through SSL but AbleCommerce doesn't seem to recognize that. I'm guessing since SSL Redirection isn't enabled.

Any idea how to solve this?

Thanks,
David

Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.

david9688526  
#2 Posted : Wednesday, November 27, 2024 10:23:34 AM(UTC)
david9688526

Rank: Newbie

Groups: Developers
Joined: 4/17/2020(UTC)
Posts: 1

Thanks: 1 times
I did just confirm that if I re-enable SSL Redirection, the site gets stuck back in the redirect loop. So, for now, I've paused CloudFlare and left AbleCommerce's SSL Redirection on until I can resolve this issue.
Katie S  
#3 Posted : Wednesday, November 27, 2024 10:39:18 AM(UTC)
Katie S

Rank: Advanced Member

Groups: System, Administrators, Developers, Registered, HelpDesk
Joined: 10/29/2018(UTC)
Posts: 472

Thanks: 4 times
Was thanked: 34 time(s) in 33 post(s)
Hi David,

Would you be able to try enabling SSL for the admin only? I'm hoping you can disable SSL for everything except the ~/admin/*

~/admin/* On False True
~/areas/admin/content/* Ignore False True
~/areas/admin/scripts/* Ignore False True
~/assets/* Ignore False True
~/checkout* On False True
~/content/* Ignore False True
~/fonts/* On False True
~/login On False True
~/members/* On False True
~/members/mywishlist Ignore False True
~/passwordhelp On False True
~/product/addtocart Ignore False True
~/scripts/* Ignore False True
~/themes/* Ignore False True
~/validation/* Ignore False True
~/webcharts/* Ignore False True
~/webpage/storeheadernavigation Ignore False True

These settings are also in the ablecommerce.config file in the /app_data/ folder.

Please keep us updated. I've heard great things about using Cloudflare and I really hope that it works for you.

Katie
Thanks for your support!

Katie
Secure eCommerce Software and Hosting
david9688526  
#4 Posted : Wednesday, November 27, 2024 3:25:49 PM(UTC)
david9688526

Rank: Newbie

Groups: Developers
Joined: 4/17/2020(UTC)
Posts: 1

Thanks: 1 times
Katie,
That did not help. Here's the relevant section from my ablecommerce.config:

<sslSettings enableSslRedirecton="True" forceSslOnAllPages="True" sslStateForUndefinedUrls="Ignore">
<definedUrlPaths>
<add path="~/admin/*" state="On" usePermanentRedirect="False" matchQueryString="True" />
<add path="~/areas/admin/content/*" state="Ignore" usePermanentRedirect="False" matchQueryString="True" />
<add path="~/areas/admin/scripts/*" state="Ignore" usePermanentRedirect="False" matchQueryString="True" />
<add path="~/assets/*" state="Ignore" usePermanentRedirect="False" matchQueryString="True" />
<add path="~/checkout*" state="On" usePermanentRedirect="False" matchQueryString="True" />
<add path="~/content/*" state="Ignore" usePermanentRedirect="False" matchQueryString="True" />
<add path="~/fonts/*" state="On" usePermanentRedirect="False" matchQueryString="True" />
<add path="~/login" state="On" usePermanentRedirect="False" matchQueryString="True" />
<add path="~/members/*" state="On" usePermanentRedirect="False" matchQueryString="True" />
<add path="~/members/mywishlist" state="Ignore" usePermanentRedirect="False" matchQueryString="True" />
<add path="~/passwordhelp" state="On" usePermanentRedirect="False" matchQueryString="True" />
<add path="~/product/addtocart" state="Ignore" usePermanentRedirect="False" matchQueryString="True" />
<add path="~/scripts/*" state="Ignore" usePermanentRedirect="False" matchQueryString="True" />
<add path="~/themes/*" state="Ignore" usePermanentRedirect="False" matchQueryString="True" />
<add path="~/validation/*" state="Ignore" usePermanentRedirect="False" matchQueryString="True" />
<add path="~/webcharts/*" state="Ignore" usePermanentRedirect="False" matchQueryString="True" />
<add path="~/webpage/storeheadernavigation" state="Ignore" usePermanentRedirect="False" matchQueryString="True" />
</definedUrlPaths>
</sslSettings>

With that in place, I still have the redirect loop issue.

Edited by user Wednesday, November 27, 2024 3:26:32 PM(UTC)  | Reason: Not specified

Katie S  
#5 Posted : Wednesday, November 27, 2024 4:25:48 PM(UTC)
Katie S

Rank: Advanced Member

Groups: System, Administrators, Developers, Registered, HelpDesk
Joined: 10/29/2018(UTC)
Posts: 472

Thanks: 4 times
Was thanked: 34 time(s) in 33 post(s)
Sorry, I should have been more specific.

Quote:
I ended up resolving that by turning off the site's SSL Redirection feature as CloudFlare handles that better and the two conflict.


Disable it again, and let Cloudflare do its thing.

Quote:
when we were processing orders, we noticed we can no longer view Credit Card details as we get the following error: There is cardholder information available, but you must enable SSL before viewing it.


Try to turn on SSL for only the admin, so you can view the Credit card details.

If this doesn't work, then you may need to find the code that requires SSL to be enabled and remove/disable it. Assuming the site will still be served over SSL.

Edited by user Wednesday, November 27, 2024 4:27:39 PM(UTC)  | Reason: add additional info

Thanks for your support!

Katie
Secure eCommerce Software and Hosting
david9688526  
#6 Posted : Wednesday, November 27, 2024 7:51:24 PM(UTC)
david9688526

Rank: Newbie

Groups: Developers
Joined: 4/17/2020(UTC)
Posts: 1

Thanks: 1 times
Thanks Katie!
Modifying the code turned out to be a quick and easy solution.
I just had to comment out and very slightly modify lines 30-36 of \Areas\Admin\Views\Orders\_OrderPayments.cshtml

//if (!Request.IsSecureConnection)
//{
//<span class="text-danger"><small>There is cardholder information available, but you must enable SSL before viewing it.</small></span>
//}
//else
if (payment.IsAccountDataVisible)

Though I will say that Request.IsSecureConnection doesn't seem to be implemented correctly (as it seems to work off the redirection flag rather whether the page is actually https) and I didn't have access to that code.

David
Users browsing this topic
Guest (2)
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.