This content has been marked as final. Show 6 replies
CGI.HTTP_REFERER will have the full path from the client if your page was reached by a link or a form post. Coming from a bookmark or typing in the URL does not produce a HTTP_REFERER, however.
You're best off using the settings built into your internet server (i.e. IIS) rather than trying to validate via the application server (CF). We've done this on our servers, but not being the person who did it I can't really offer much in the way of step-by-step instructions. Check google.
check the #cgi.server_port# for 443
cgi.https (on/off value)
if the cgi.server_port neq 443 then redirect or if cgi.https is off then
Thanks for the suggestion. Works perfectly.
Another question though. We have a sign in on everypage on the site allowing people to access theur account details. However the sign-in processor is in the secure folder. So the checking for 443 error kicks them out when they submit their details. I have tried setting action="https://www.- - - - -/ but it still does not connect securely. Is there anyway i can post a form securely from a non-secure page? (I suspect i know the answer)
Why not make the sign on page SSL too? Seriously, I *never* sign into a
site without the login form secure too...otherwise I leave! Do a little
research and you'll find someone (really bored) could sniff the form for
values...which as you've found, is not secure just by specifying https
as the action.
Thanks for that answer, I will have to do a little remodelling.