Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

SSL redirect loop - Caused by PCI scan?
 
Reply
   X-Cart forums > Forum archive > Using X-Cart in my project > Need advice
 
Thread Tools
  #1  
Old 01-26-2012, 12:36 AM
 
DanUK DanUK is offline
 

X-Adept
  
Join Date: Dec 2003
Location: UK
Posts: 796
 

Default SSL redirect loop - Caused by PCI scan?

Hi, this is one for the hosting companies out there. This morning I encountered a few customer emails saying they could not check out on the x-cart stores on our servers.

I noticed that if I visited the https pages, Firefox (for example) would say:


The webpage at https://www.secure-domain.c0m/register.php/index.html/index.html/index.html/index.html/index.html/index.html/index.html/index.html/index.html/index.html/index.html/index.html/index.html/index.html/index.html/index.html/index.html/index.html/index.html/?xid=5132a762360cf4c18381f5665dbca3e2 has resulted in too many redirects has resulted in too many redirects

I thought it might be CDSEO related but found that ANY page via SSL, not just x-cart, was doing this.

I contacted the hosts and rebooted the server and whilst it was still doing it once rebooted, about 5 minutes later it seemed to correct itself.

The hosts have not been able to explain why that's happened and I'm scratching my head too. The only thing that has been going on is a SecurityMetrics PCI scan over the course of the day but I can't see how that would affect the SSL certificate's functionality which has been up and running fine for over a year.

Any ideas so I can prevent this happening again? Unfortunately we missed out on a few sales because our cutomers could not chek out!

Thanks

Dan
__________________
4.4.2

and

4.6.1
Reply With Quote
  #2  
Old 01-26-2012, 03:00 PM
  bigredseo's Avatar 
bigredseo bigredseo is offline
 

X-Man
  
Join Date: Oct 2002
Location: Omaha, NE, USA
Posts: 2,367
 

Default Re: SSL redirect loop - Caused by PCI scan?

PCI Scans shouldn't be affecting anything like this.

When you go to https://www.secure-domain.com/register.php - does that redirect you to /index.html? That'd be the only thing I could think of, that there's something wrong in the .htaccess file that is redirecting the register.php file to /index.html and rather than really redirecting, it's just appending the name to the file.

Check to make sure that none of your system files have been modified recently - but other than that, definitely the PCI Scanning should not be playing a role in any continued event. If anything, their actions would only happen for that one session and shouldn't affect other users.
__________________
Conor Treacy - Big Red SEO - @bigredseo
Search Engine Optimization & Internet Marketing - We Bring Your Website Out Of Hiding!
If you can't be found on Google, Bing or Yahoo, you pretty much don't exist on the Internet.
Omaha SEO Office with National & Local SEO Services
Hourly Consulting - great for SEO Disaster Recovery, Audits and DIY Guidance
Reply With Quote
  #3  
Old 01-30-2012, 01:11 AM
 
DanUK DanUK is offline
 

X-Adept
  
Join Date: Dec 2003
Location: UK
Posts: 796
 

Default Re: SSL redirect loop - Caused by PCI scan?

Thanks Conor,

Yes, it was doing that exactly. I thought that it might be the htaccess but there have been no changes to the htaccess file or anything else obvious that I can see. It's OK now though and our hosts have said they can't see anything wrong either. Guess I'll have to put it down to an unexplainable bug!

Thanks

Dan
__________________
4.4.2

and

4.6.1
Reply With Quote
  #4  
Old 01-30-2012, 07:51 AM
  bigredseo's Avatar 
bigredseo bigredseo is offline
 

X-Man
  
Join Date: Oct 2002
Location: Omaha, NE, USA
Posts: 2,367
 

Default Re: SSL redirect loop - Caused by PCI scan?

Well fingers crossed for ya I love computers and programming, don't you?
__________________
Conor Treacy - Big Red SEO - @bigredseo
Search Engine Optimization & Internet Marketing - We Bring Your Website Out Of Hiding!
If you can't be found on Google, Bing or Yahoo, you pretty much don't exist on the Internet.
Omaha SEO Office with National & Local SEO Services
Hourly Consulting - great for SEO Disaster Recovery, Audits and DIY Guidance
Reply With Quote
  #5  
Old 04-28-2019, 10:43 AM
 
producerguy101@yahoo.com producerguy101@yahoo.com is online now
 

Newbie
  
Join Date: Jun 2011
Posts: 6
 

Default Re: SSL redirect loop - Caused by PCI scan?

here's the cause of this, and the real fix.

if you have set the option that redirects from https to http, and have forced a redirect to https because google told you to, you have created a redirect loop.

since you used 301, the browser you were using has now cached the redirect. so removing the redirect to https in .htaccess won't help. your browser will still keep jumping to https and back to http.

furthermore, when you go to admin and security, it will tell you there are no https modules, because it's test load redirects back to http, and won't let you change the option back! the section gets grayed out.

furthermore, if anything else somehow ever goes wrong with that check when you go to security page it will silently set the redirect from https to http WITHOUT TELLING YOU! (this happened to me) It will show as unchecked, even though according to the database it should be checked!

fortunately there is a fix.

fix 1 is to manually fix it in the database, and don't go back to the security screen.

fix 2 (the right one) is replacing the line that checks the header at around 716 or so

change it from

$https_check_success = preg_match("/200\s*OK/i", $headers) && !empty($result);

to

$https_check_success = preg_match("/200|301|302/", strtok($headers,"\n"));

this will cause the check to pass even if that option gets turned on, and will cause the real values to be read from config file. you may then uncheck all three and click apply changes, and your cart will be fixed.

fix 3 is to go down about seven lines, and change the line that said

db_query("UPDATE $sql_tbl[config] SET value='Y' WHERE name='leave_https'");

to

db_query("UPDATE $sql_tbl[config] SET value='N' WHERE name='leave_https'");

this will cause the option to fix itself next time you go to the security page and see that error.
__________________
john neal

xcart v4.4.3 [unix]
Reply With Quote
Reply
   X-Cart forums > Forum archive > Using X-Cart in my project > Need advice


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 03:18 AM.

   

 
X-Cart forums © 2001-2018