cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

SSL and ColdFusion

Newsgroup_User
LEGEND ,
Mar 15, 2007 Mar 15, 2007

Copy link to clipboard

Copied

Recently I bought a SSL certificate for my domain.

My website has a public area but also a private login area for our
distributors.

I want to secure eveything from the time a user logs in.

Eg: I want to secure everything in a folder and its subdirectories

https://www.mydomain.com/distributors/


at the moment people can still access the page unsecurely(http) if they
happen to know the url address.


Do i now have to put cf code on every page to check the url address that the
user is coming from? Is there a better way to do what im trying to achieve?

Excuse the ignorance not much experience with SSL


TOPICS
Advanced techniques

Views

278

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 2 Replies 2
latest latest Jump to latest reply
insuractive
Advocate ,
Mar 15, 2007 Mar 15, 2007

Copy link to clipboard

Copied

If you have control over the web server software on your server box, you can control which directories are restricted to HTTPS there. that way if a user tries to access a folder that is marked HTTPS only, the webserver itself won't let them.

Otherwise, if you wanted to do a ColdFusion-only solution, you could add some code to an application.cfm in the directories in question and use the data in the CGI scope to check to see if the request was made via https.

Hint: <cfdump var="#CGI#">

Of course, I should probably mention that information in the CGI scope can be faked. Though if they already have a login to your site, its probably not a big problem.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
iKnowKungFoo
Contributor ,
Mar 15, 2007 Mar 15, 2007

Copy link to clipboard

Copied

LATEST
You should be able to configure your webserver to only allow https requests to that folder. If you're unable to do that, you can create an Application.cfm file in that folder to check for "http" requests and redirect them to the same URL using "https".

I think you'd look for cgi.SERVER_PROTOCOL and cgi.SERVER_PORT_SECURE

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices