|Moving from Unsecure to Secure Server|
|Moving from Unsecure to Secure Server|
Author Brian Levine on 03-04-2003 at 13:54 (EST)
|Okay, I've finally decided to purchase a certificate and move to a secure server. I've read the docs, but I want to cover my butt here, so I don't get any nasty surprises.|
1. What files actually need to be on the secure server? Is it just the scripts (*.pl) and the data directory, or do all my pages need to be there?
2. Once the correct files are on the server (and the certificate is in place), do I just need to update the location of the secure URL in ushop.pl?
Thanks for the great support!
|Table Of Contents|
| Moving from Unsecure to Secure Server Microburst Support Team, 2003-03-05 07:18:05 (1)|
| Moving to a Secure Server Brian Levine, 2003-03-05 13:29:15 (2)|
| Moving to a Secure Server Microburst Support Team, 2003-03-05 21:40:43 (3)|
| CORRECTION: RE: Moving from Unsecure to Secure Server Bill Weiner, 2003-03-06 08:00:26 (4)|
| Thanks, Bill Brian Levine, 2003-03-06 08:35:22 (5)|
| Spoke to quick...not working Brian Levine, 2003-03-10 11:03:36 (6)|
| RE: Spoke to quick...not working Bill Weiner, 2003-03-11 07:00:10 (8)|
| Illegal Referrer Page Brian Levine, 2003-03-12 01:03:49 (10)|
| RE: Illegal Referrer Page Bill Weiner, 2003-03-12 07:21:34 (11)|
| Mystery Solved - Working! Brian Levine, 2003-03-12 10:22:35 (12)|
| Can I turn off Referral in script file then ftp up? Mark Bishop, 2003-08-02 19:58:02 (13)|
| Can I turn off Referral in script file then ftp up Microburst Support Team, 2003-08-04 04:32:26 (14)|
| Further Comment on Problem Brian Levine, 2003-03-10 11:27:43 (7)|
| RE: Further Comment on Problem Bill Weiner, 2003-03-11 07:06:27 (9)|
|Messages In This Discussion|
| 1. Moving from Unsecure to Secure Server|
Author Microburst Support Team on 03-05-2003 at 07:18 (EST)
|1) Using uShop, you need to put __all__ of your store pages on the same physical server. |
2) When moving from a non-secure server to a secure server, you need to update the secure URL at the top of the ushop.pl script, and also update the script_URL parameter in any OrderButton applets that you are using.
| 2. Moving to a Secure Server|
Author Brian Levine on 03-05-2003 at 13:29 (EST)
|If I have to move ALL my pages to the secure server, won't this invalidate all of my search engine links?
| 3. Moving to a Secure Server|
Author Microburst Support Team on 03-05-2003 at 21:40 (EST)
|Even though you will have all of your files on a secure server, there will (should) be a __public__ path to your domain on that server, which is not secure, by which your customers will access your website, using the http:// address. |
For example, if your domain is called www.mydomain.com, and you put your website on a secure server, the general public will (should) still be able to access your website by typing the public URL to your website, i.e. http://www.mydomain.com, in the URL field of their browser. But you will configure your ushop.pl script to note the __secure path__ to ushop, which will be something like https://www.mydomain.com/cgi-bin/ushop.pl, and which will handle automatically redirecting the customer to this secure area during the ordering process. Your web host should be able to tell you the secure path, and it will start with https://
Since it is your non-secure path/pages that you register with search engines, you should see no adverse effect with your search engine listings.
The point is, just because you have your website on a secure server doesn't mean that all of your pages will be, or have to be, accessed through a secure path. It means that there __exists__ a secure path whereby you can allow specific files/directories to have protected access.
| 4. CORRECTION: RE: Moving from Unsecure to Secure Server|
Author Bill Weiner on 03-06-2003 at 08:00 (EST)
|Brian, I think in the previous answer that we gave you... we were mixing up uShop and uStorekeeper.|
For uShop, all you need to do is setup the uShop CGI script (including the "data" directory and template files that are normally located in the data directory) on the secure server. All of your store HTML pages can remain on the public server... and just link to the secure uShop CGI scripts via the uShopOrderButton applet's "script_url" parameter.
So in summary:
1) Install the uShop CGI scripts on your secure server, just as you originally setup the scripts up on your public server. (Update the answers to the configuration questions at the top of the scripts, create the "data" directory, put the order template files in the data directory, etc.)
2) Back on your public server, change the "script_url" parameter of your uShopOrderButton applet to point to the new secure URL of ushop.pl script installed on your secure server.
| 5. Thanks, Bill|
Author Brian Levine on 03-06-2003 at 08:35 (EST)
|Thanks, Bill. Great support as always.
| 6. Spoke to quick...not working|
Author Brian Levine on 03-10-2003 at 11:03 (EST)
|Okay, I followed the instructions explicitly:|
1. My certificate is correctly in place.
2. I updated the secure server address in ushop.pl
3. I created a ushop directory on the secure server, containing my scripts.
4. I created a ushop/data directory on the secure server containing my templates (any items on the template pages that I added have been moved to the secure server)
5. I modified all pages that refer to ushop.pl to point to the copy on the secure server.
When I go to the order page, it prompts me that not all items are secure (even though the logo I use on the template page is on the secure server and the template points correctly to it. When I try to go the review page, I get the following error:
Illegal Referrer Page
The referring page did not meet security requirements.
I have a link in the ushop.pl script that points to a Paypal logo, that is not on a secure server, but this is the only thing I can think of. Is it possible that this is what is hosing things up, or possibly something else (that you've had experience with). The Paypal logo doesn't even display until the final confirmation page, after the order is placed.
My site is not down, as I've reset the pointers to ushop.pl back to the non-secure version, but I'd really like to get this working.
Thanks for your help!
| 8. RE: Spoke to quick...not working|
Author Bill Weiner on 03-11-2003 at 07:00 (EST)
|An "Illegal Referrer Error" is caused when the URL of the page that your uShopOrderButton applet is on.... is not listed as a valid referring URL in the uShop CGI script. So check this:|
1) Login to the uShop CGI script on your secure server and select "GENERAL SETTINGS - STORE INFORMATION"
2) Make sure the "Store URL" field on that page lists the URL of your PUBLIC html pages. (It should basically be set to your public domain name.... such as: "http://www.yourdomain.com")
The uShop CGI script will then output that "Illegal Referral Error" whenever someone links to your store from some other URL. This sort of check is mainly to prevent someone from making a local copy of your store HTML pages on their local computer, changing the prices, and then trying to submit an order with "discounted" prices. Something that would be rare... and something that the storeowner would usually recognize anyway.
If your secure server is not setting the "HTTP_REFERER" environment variable and/or you just want to test some new HTML store pages from your local computer, you can turn the "Referring URL" check off via the uShop Control Panel:
1) Login to the uShop CGI script on your secure server and select "GENERAL SETTINGS - MISCELLANEOUS"
2) Set the "Referral Page Validation" field to "NO".
Again, that referring URL check is just a precaution to prevent anyone from tampering with your store prices (as described above)... but it is not necessary.
And PS. Brian, we do have a beta interface to PayPal that is going to be release with uShop 4.0. If you are interested in helping try out our PayPal interface, let us know and we'll send you the beta scripts.
| 10. Illegal Referrer Page|
Author Brian Levine on 03-12-2003 at 01:03 (EST)
|The Store URL field is set correctly, and the Referral Page Validation" field is already set to "NO".|
Again, this only happens when I use the ushop.pl on the secure server, not when I use the ushop.pl on the non-secure server.
Any other clues?
| 11. RE: Illegal Referrer Page|
Author Bill Weiner on 03-12-2003 at 07:21 (EST)
|Ok, reading your other posting a little more closely, I see that you are getting the "Illegal Referrer" error when you "try to go the review page"... that is, AFTER the first order form page. An "Illegal Referrer" error at that particular point in the order process would indicate that you may not have updated Configuration Question #4 in the uShop CGI script when transferring your scripts to your new secure server. Make sure that the "$secure_script_url" setting in configuration question #4 properly reflects the URL of the script on your new secure server. This URL should also match the URL that you are using for the "script_url" parameter of your uShopOrderButton applet.|
| 12. Mystery Solved - Working!|
Author Brian Levine on 03-12-2003 at 10:22 (EST)
|The mystery is solved. I had assumed that my current cgi-bin directory was on the non-secure server. Turns out my host provider uses a virtual server approach: use http:// and requests go to the non-secure server, use https:// and requests go to the secure server. So all I really needed to do (other than move my logo graphic to the secure server), is to prefix the server address is ushop.pl with https://.|
I also now have to call up the ushop.pl script exclusively from the secure server.
Thanks for all your help.
| 13. Can I turn off Referral in script file then ftp up?|
Author Mark Bishop on 08-02-2003 at 19:58 (EST)
|As shared in another thread, I'm getting the Illegal Referrer Page error when logging in directly to my https:// directory. I get to the login screen, enter password, and then get referral error.|
Is there a way to change the HTTP referral setting to off in any of the 3 script files and then ftp them up to my secure server and trying to login again? What file and where would I change it?
Thank you very much.
| 7. Further Comment on Problem|
Author Brian Levine on 03-10-2003 at 11:27 (EST)
|Also, if I just run the ushop.pl script on the secure server in my browser, rather than bring up the login screen, it just displays the script as text, as if it is not executing the script. I have done a chmod (0x755) in order to make the scripts executable.
| 9. RE: Further Comment on Problem|
Author Bill Weiner on 03-11-2003 at 07:06 (EST)
|If going to the URL of the script on your server just displays the script rather than execute it, then that usually indicates one of two things:|
1) The script may have the wrong file extension for your server. That is, some servers require CGI script names to end in ".pl" while others require CGI script names to end in ".cgi". You can rename the scripts as necessary.
2) The account on the server is not setup to allow CGI scripts to be executed.... In which case, contact your web hosting provider and they should help resolve the problem.
What I would recommend doing is going ahead installing the basic test script described at:
... on your new secure server. If this basic test script doesn't execute, then show it to your web hosting provider... telling them that you are just trying to execute a very basic test script... and they should be able to recognize the problem.