6 Replies Latest reply on Apr 27, 2006 6:39 AM by drforbin1970

    Redirection Code for SSL

    Level 7
      My web host where my site is hosted offer a SSL service.

      Basically to use SSL I have to acees my pages through the following URL

      https://www1165.ssldomain.com/mydomain

      this points to the root of my web site.

      theres a couple of pages on the root where users login that i want to
      protect with SSL.

      I need to write a script to prevent users from accessing
      www.mydomain.com/login.cfm and directs them to
      https://www1165.ssldomain.com/mydomain/login.cfm


      What is the best way to do this? Im assuming Ive got to put in the
      application page dont I?

      Any code examples would be great as I have a few pages i need to protect so
      I guess I have to do multiple if statements. Thanks in advance!


        • 1. Re: Redirection Code for SSL
          resonant
          BJ,

          So you only want these few pages protected by SSL?

          If so I would do a simple CFLOCATION at the top of those pages that simply redirects them to the secure page.

          Let me know if this is not what you are needing to do.
          • 2. Re: Redirection Code for SSL
            Level 7
            mmmm yeah I suppose that would do. theres about 5 pages.

            this reduces the overheads as it wont have to run on the application.cfm
            page. I guess I just have to watch that i dont go in a big loop.

            I could look for the http and redircet to https. something like this , yeah?

            eg;

            <cfif #cgi.http_host# eq ' http://www.mydomain.com/login.cfm'>
            <cflocation url="https://www1165.ssldomain.com/mydomain/login.cfm"
            addtoken="no">
            </cfif>





            "resonant" <webforumsuser@macromedia.com> wrote in message
            news:e2h40t$egl$1@forums.macromedia.com...
            > BJ,
            >
            > So you only want these few pages protected by SSL?
            >
            > If so I would do a simple CFLOCATION at the top of those pages that simply
            > redirects them to the secure page.
            >
            > Let me know if this is not what you are needing to do.
            >
            >


            • 3. Re: Redirection Code for SSL
              Kurt
              This is just some fluff, but one method that I use for checking if something is being viewed over SSL or not is to check the CGI.SERVER_PORT variable. SSL typically runs on port 443. So doing the following check will easily tell you if you're script is being viewed over SSL or not ,and you don't have to worry about doing any text comparisons.

              <cfif NOT CGI.SERVER_PORT EQ 443 >
              <cflocation url="#somwhere#" >
              </cfif>


              Of course a much better way to do this would be to do what I do for all projects I work on. Use configuration values!!! I always set 3 Application variables for every project I work on, they are:

              <cfset application.webRoot=" http://#CGI.SERVER_NAME#" >
              <cfset application.sslRoot="https://#CGI.SERVER_NAME#" >
              <cfset application.sslPort=443 >

              <cfif NOT CGI.SERVER_PORT EQ application.sslPort >
              <cflocation url="#application.sslRoot#" >
              </cfif>


              And if I need a URL or FORM to point to my SSL site, then I write these URLs as:

              #Application.sslRoot#/order/process.cfm

              and of course to get back OUT of SSL and into regular HTTP, write your links as: #Application.webRoot#/index.cfm


              The default values for the 3 config values above usually suffice just fine, but if you're roots are different, then it takes only a second to change them and have it propogate throughout your application instantly if you used the config values properly. I have found this technique VERY convenient to aid in testing since the site I'll have setup on my local development machine is always "test.<domain.com>" so when it comes time to actually put my configuration LIVE and into production after doing all my testing, I don't have to modify 50 files, I just replace the "test." with "www." and I"m set. This technique also helps if you don't have SSL installed on your test/local machine. For testing purposes you can set the SSL port to 80, and the sslRoot to "HTTP" (not HTTPS) and you'll be able to easily test out that parts that would normally be under SSL over HTTP while in test mode.
              • 4. Re: Redirection Code for SSL
                Level 7
                Thanks for the handy tip Kurt.

                Should be able to come up with a technique with your post.


                "Kurt" <kb0000@yahoo.com> wrote in message
                news:e2lse6$ojb$1@forums.macromedia.com...
                > This is just some fluff, but one method that I use for checking if
                > something is
                > being viewed over SSL or not is to check the CGI.SERVER_PORT variable. SSL
                > typically runs on port 443. So doing the following check will easily tell
                > you
                > if you're script is being viewed over SSL or not ,and you don't have to
                > worry
                > about doing any text comparisons.
                >
                > <cfif NOT CGI.SERVER_PORT EQ 443 >
                > <cflocation url="#somwhere#" >
                > </cfif>
                >
                >
                > Of course a much better way to do this would be to do what I do for all
                > projects I work on. Use configuration values!!! I always set 3
                > Application
                > variables for every project I work on, they are:
                >
                > <cfset application.webRoot=" http://#CGI.SERVER_NAME#" >
                > <cfset application.sslRoot="https://#CGI.SERVER_NAME#" >
                > <cfset application.sslPort=443 >
                >
                > <cfif NOT CGI.SERVER_PORT EQ application.sslPort >
                > <cflocation url="#application.sslRoot#" >
                > </cfif>
                >
                >
                > And if I need a URL or FORM to point to my SSL site, then I write these
                > URLs
                > as:
                >
                > #Application.sslRoot#/order/process.cfm
                >
                > and of course to get back OUT of SSL and into regular HTTP, write your
                > links
                > as: #Application.webRoot#/index.cfm
                >
                >
                > The default values for the 3 config values above usually suffice just
                > fine,
                > but if you're roots are different, then it takes only a second to change
                > them
                > and have it propogate throughout your application instantly if you used
                > the
                > config values properly. I have found this technique VERY convenient to aid
                > in
                > testing since the site I'll have setup on my local development machine is
                > always "test.<domain.com>" so when it comes time to actually put my
                > configuration LIVE and into production after doing all my testing, I don't
                > have
                > to modify 50 files, I just replace the "test." with "www." and I"m set.
                > This
                > technique also helps if you don't have SSL installed on your test/local
                > machine. For testing purposes you can set the SSL port to 80, and the
                > sslRoot
                > to "HTTP" (not HTTPS) and you'll be able to easily test out that parts
                > that
                > would normally be under SSL over HTTP while in test mode.
                >


                • 5. Redirection Code for SSL
                  rappelec
                  This is what I used to force SSL on a page:
                  <!--- Change http to https --->
                  <cfif CGI.HTTPS EQ "off">
                  <cflocation addtoken="no" url="https://#CGI.SERVER_NAME##CGI.SCRIPT_NAME#">
                  </cfif>

                  I placed it at the top of the page code as an include.

                  Hope this helps.
                  • 6. Re: Redirection Code for SSL
                    drforbin1970
                    I agree but would add the following lines (I've found on rare instances that the variable may come up as non-existent and also blank):

                    quote:

                    Originally posted by: rappelec
                    This is what I used to force SSL on a page:
                    <!--- Change http to https --->
                    <cfif IsDefined("CGI.HTTPS")> <!--- Make sure the variable exists --->
                    <cfif CGI.HTTPS EQ "off" OR CGI.HTTPS IS ""> <!--- Test for a blank value --->
                    <cflocation addtoken="no" url="https://#CGI.SERVER_NAME##CGI.SCRIPT_NAME#">
                    </cfif>
                    </cfif>

                    I placed it at the top of the page code as an include.

                    Hope this helps.