Https Coldfusion 7

I have some forms on my site that are now required to be https instead of http. Is there something I can include in a include file or my application.cfc file to determine the page and to change http to https? Can it also do the reverse from https to http if the pages isn't a form page
asaworkerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

asaworkerAuthor Commented:
All good solutions, however how do you turn it off if you don't need it anymore. I was wondering if there wasa  robots.txt file or something like that you can use to define what files have to be https.
0
SidFishesCommented:
Not sure why you'd want to "turn it off" but

You'd just add to whatever pages you want to encrypt

<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort NEQ 443>
<!--- Goto HTTPS --->
<cflocation url="https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    

If you want to "turn It off" you could just change the NEQ to EQ

<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort EQ 443>
<!--- Goto HTTP --->
<cflocation url="http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    

you could also use both and set a var in application.cfm

<cflock scope="application" type="exclusive" timeout="30">
<cfset application.UseSecure = true>


then on each page to be secured (or not)
<cfif application.UseSecure eq true>
<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort NEQ 443>
<!--- Goto HTTPS --->
<cflocation url="https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    

<cfelse>
<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort EQ 443>
<!--- Goto HTTP --->
<cflocation url="http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    



</cfif>


0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

asaworkerAuthor Commented:
It's not working for me. I have this in the application.cfc

<cffunction name="onApplicationStart" output="false" returntype="void">
            <!--- DSN (datasource name) --->
            <cfset application.dsName = "ASA">
            <!--- Datasource user name --->
            <cfset application.dsUserName = "">
            <!--- Datasource password --->
            <cfset application.dsPassword = "">
            <cfset application.UseSecure = true>

I get the error:

Error Occurred While Processing Request  
Element USESECURE is undefined in APPLICATION.  
 
 
The error occurred in C:\Inetpub\wwwroot\fap\forms\forms_bsummary.cfm: line 6
Called from C:\Inetpub\wwwroot\fap\forms\forms_bsummary.cfm: line 1
Called from C:\Inetpub\wwwroot\fap\forms\forms_bsummary.cfm: line 1
 
4 : </cfif>
5 :
6 : <cfif application.UseSecure eq true>
7 : <cfset serverPort = "#cgi.SERVER_PORT#">
8 : <cfif serverPort NEQ 443>

 
 
0
SidFishesCommented:
try restarting the server... might be a caching issue
0
SidFishesCommented:
err...restarting the service (no need to reboot)
0
gdemariaCommented:

 Keep in mind that any references to images, javascript, css files also need to use the right protocol.  

 I think the easiest way to do this is simply use relative paths to as many references and images as you can.   The protocol will not change when specifying a relative path.

 For those cases where you need an absolute path, create a global variable in your application.cfm file like this...

 <cfset request.protocal = listFirst(cgi.SERVER_PROTOCOL,"/") & "://">

That will set the variable to either HTTP:// or HTTPS:// and use just reference that variable everywhere that you must have an absolute link, like this...

 <CFLOCATION url="#request.protocal#www.mywebsite.com/index.cfm...">

To turn on or off HTTPS, simply  hard code a link to a page that has it set to HTTPS or HTTP.   So if they go into their checkout make them use a link with HTTPS.

To be sure the page is protected, you can check it at the top of the page or redirect them as SidFishes suggests (don't forget your query string for the variables!)  Of course this won't work well if the page was just POSTED to!  You will use your posted form variables.

<cfif NOT cgi.SERVER_PORT_SECURE>
   <cflocation url="https:#cgi.SERVER_NAME##cgi.SCRIPT_NAME##cgi.PATH_INFO#?#cgi.QUERY_STRING#" addtoken="false">
</cfif>


I'm always afraid of infinite loops with things like that, so perhaps have the user pause and click something...

<cfif NOT cgi.SERVER_PORT_SECURE>
   This page can only be run using a secure protocal call, please click here to continue..
   <a href="url="https:#cgi.SERVER_NAME##cgi.SCRIPT_NAME##cgi.PATH_INFO#?#cgi.QUERY_STRING#" > Make the page secure </a>
</cfif>


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ColdFusion Language

From novice to tech pro — start learning today.