• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Redirection Code for SSL

LEGEND ,
Apr 23, 2006 Apr 23, 2006

Copy link to clipboard

Copied

My web host where my site is hosted offer a SSL service.

Basically to use SSL I have to acees my pages through the following URL

https://www1165.ssldomain.com/mydomain

this points to the root of my web site.

theres a couple of pages on the root where users login that i want to
protect with SSL.

I need to write a script to prevent users from accessing
www.mydomain.com/login.cfm and directs them to
https://www1165.ssldomain.com/mydomain/login.cfm


What is the best way to do this? Im assuming Ive got to put in the
application page dont I?

Any code examples would be great as I have a few pages i need to protect so
I guess I have to do multiple if statements. Thanks in advance!


TOPICS
Advanced techniques

Views

658

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 23, 2006 Apr 23, 2006

Copy link to clipboard

Copied

BJ,

So you only want these few pages protected by SSL?

If so I would do a simple CFLOCATION at the top of those pages that simply redirects them to the secure page.

Let me know if this is not what you are needing to do.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Apr 23, 2006 Apr 23, 2006

Copy link to clipboard

Copied

mmmm yeah I suppose that would do. theres about 5 pages.

this reduces the overheads as it wont have to run on the application.cfm
page. I guess I just have to watch that i dont go in a big loop.

I could look for the http and redircet to https. something like this , yeah?

eg;

<cfif #cgi.http_host# eq ' http://www.mydomain.com/login.cfm'>
<cflocation url="https://www1165.ssldomain.com/mydomain/login.cfm"
addtoken="no">
</cfif>





"resonant" <webforumsuser@macromedia.com> wrote in message
news:e2h40t$egl$1@forums.macromedia.com...
> BJ,
>
> So you only want these few pages protected by SSL?
>
> If so I would do a simple CFLOCATION at the top of those pages that simply
> redirects them to the secure page.
>
> Let me know if this is not what you are needing to do.
>
>


Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Apr 25, 2006 Apr 25, 2006

Copy link to clipboard

Copied

This is just some fluff, but one method that I use for checking if something is being viewed over SSL or not is to check the CGI.SERVER_PORT variable. SSL typically runs on port 443. So doing the following check will easily tell you if you're script is being viewed over SSL or not ,and you don't have to worry about doing any text comparisons.

<cfif NOT CGI.SERVER_PORT EQ 443 >
<cflocation url="#somwhere#" >
</cfif>


Of course a much better way to do this would be to do what I do for all projects I work on. Use configuration values!!! I always set 3 Application variables for every project I work on, they are:

<cfset application.webRoot=" http://#CGI.SERVER_NAME#" >
<cfset application.sslRoot="https://#CGI.SERVER_NAME#" >
<cfset application.sslPort=443 >

<cfif NOT CGI.SERVER_PORT EQ application.sslPort >
<cflocation url="#application.sslRoot#" >
</cfif>


And if I need a URL or FORM to point to my SSL site, then I write these URLs as:

#Application.sslRoot#/order/process.cfm

and of course to get back OUT of SSL and into regular HTTP, write your links as: #Application.webRoot#/index.cfm


The default values for the 3 config values above usually suffice just fine, but if you're roots are different, then it takes only a second to change them and have it propogate throughout your application instantly if you used the config values properly. I have found this technique VERY convenient to aid in testing since the site I'll have setup on my local development machine is always "test.<domain.com>" so when it comes time to actually put my configuration LIVE and into production after doing all my testing, I don't have to modify 50 files, I just replace the "test." with "www." and I"m set. This technique also helps if you don't have SSL installed on your test/local machine. For testing purposes you can set the SSL port to 80, and the sslRoot to "HTTP" (not HTTPS) and you'll be able to easily test out that parts that would normally be under SSL over HTTP while in test mode.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Apr 25, 2006 Apr 25, 2006

Copy link to clipboard

Copied

Thanks for the handy tip Kurt.

Should be able to come up with a technique with your post.


"Kurt" <kb0000@yahoo.com> wrote in message
news:e2lse6$ojb$1@forums.macromedia.com...
> This is just some fluff, but one method that I use for checking if
> something is
> being viewed over SSL or not is to check the CGI.SERVER_PORT variable. SSL
> typically runs on port 443. So doing the following check will easily tell
> you
> if you're script is being viewed over SSL or not ,and you don't have to
> worry
> about doing any text comparisons.
>
> <cfif NOT CGI.SERVER_PORT EQ 443 >
> <cflocation url="#somwhere#" >
> </cfif>
>
>
> Of course a much better way to do this would be to do what I do for all
> projects I work on. Use configuration values!!! I always set 3
> Application
> variables for every project I work on, they are:
>
> <cfset application.webRoot=" http://#CGI.SERVER_NAME#" >
> <cfset application.sslRoot="https://#CGI.SERVER_NAME#" >
> <cfset application.sslPort=443 >
>
> <cfif NOT CGI.SERVER_PORT EQ application.sslPort >
> <cflocation url="#application.sslRoot#" >
> </cfif>
>
>
> And if I need a URL or FORM to point to my SSL site, then I write these
> URLs
> as:
>
> #Application.sslRoot#/order/process.cfm
>
> and of course to get back OUT of SSL and into regular HTTP, write your
> links
> as: #Application.webRoot#/index.cfm
>
>
> The default values for the 3 config values above usually suffice just
> fine,
> but if you're roots are different, then it takes only a second to change
> them
> and have it propogate throughout your application instantly if you used
> the
> config values properly. I have found this technique VERY convenient to aid
> in
> testing since the site I'll have setup on my local development machine is
> always "test.<domain.com>" so when it comes time to actually put my
> configuration LIVE and into production after doing all my testing, I don't
> have
> to modify 50 files, I just replace the "test." with "www." and I"m set.
> This
> technique also helps if you don't have SSL installed on your test/local
> machine. For testing purposes you can set the SSL port to 80, and the
> sslRoot
> to "HTTP" (not HTTPS) and you'll be able to easily test out that parts
> that
> would normally be under SSL over HTTP while in test mode.
>


Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 26, 2006 Apr 26, 2006

Copy link to clipboard

Copied

This is what I used to force SSL on a page:
<!--- Change http to https --->
<cfif CGI.HTTPS EQ "off">
<cflocation addtoken="no" url="https://#CGI.SERVER_NAME##CGI.SCRIPT_NAME#">
</cfif>

I placed it at the top of the page code as an include.

Hope this helps.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Contributor ,
Apr 27, 2006 Apr 27, 2006

Copy link to clipboard

Copied

LATEST
I agree but would add the following lines (I've found on rare instances that the variable may come up as non-existent and also blank):

quote:

Originally posted by: rappelec
This is what I used to force SSL on a page:
<!--- Change http to https --->
<cfif IsDefined("CGI.HTTPS")> <!--- Make sure the variable exists --->
<cfif CGI.HTTPS EQ "off" OR CGI.HTTPS IS ""> <!--- Test for a blank value --->
<cflocation addtoken="no" url="https://#CGI.SERVER_NAME##CGI.SCRIPT_NAME#">
</cfif>
</cfif>

I placed it at the top of the page code as an include.

Hope this helps.


Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation