2 Replies Latest reply on Mar 15, 2007 3:24 PM by iKnowKungFoo

    SSL and ColdFusion

    Level 7
      Recently I bought a SSL certificate for my domain.

      My website has a public area but also a private login area for our

      I want to secure eveything from the time a user logs in.

      Eg: I want to secure everything in a folder and its subdirectories


      at the moment people can still access the page unsecurely(http) if they
      happen to know the url address.

      Do i now have to put cf code on every page to check the url address that the
      user is coming from? Is there a better way to do what im trying to achieve?

      Excuse the ignorance not much experience with SSL

        • 1. SSL and ColdFusion
          insuractive Level 3
          If you have control over the web server software on your server box, you can control which directories are restricted to HTTPS there. that way if a user tries to access a folder that is marked HTTPS only, the webserver itself won't let them.

          Otherwise, if you wanted to do a ColdFusion-only solution, you could add some code to an application.cfm in the directories in question and use the data in the CGI scope to check to see if the request was made via https.

          Hint: <cfdump var="#CGI#">

          Of course, I should probably mention that information in the CGI scope can be faked. Though if they already have a login to your site, its probably not a big problem.
          • 2. Re: SSL and ColdFusion
            iKnowKungFoo Level 1
            You should be able to configure your webserver to only allow https requests to that folder. If you're unable to do that, you can create an Application.cfm file in that folder to check for "http" requests and redirect them to the same URL using "https".

            I think you'd look for cgi.SERVER_PROTOCOL and cgi.SERVER_PORT_SECURE