If you have control over the web server software on your
server box, you can control which directories are restricted to
HTTPS there. that way if a user tries to access a folder that is
marked HTTPS only, the webserver itself won't let them.
Otherwise, if you wanted to do a ColdFusion-only solution,
you could add some code to an application.cfm in the directories in
question and use the data in the CGI scope to check to see if the
request was made via https.
Hint: <cfdump var="#CGI#">
Of course, I should probably mention that information in the
CGI scope can be faked. Though if they already have a login to your
site, its probably not a big problem.
You should be able to configure your webserver to only allow
https requests to that folder. If you're unable to do that, you can
create an Application.cfm file in that folder to check for "http"
requests and redirect them to the same URL using "https".
I think you'd look for cgi.SERVER_PROTOCOL and