Solved

Https Coldfusion 7

Posted on 2007-03-29
8
243 Views
Last Modified: 2008-11-04
I have some forms on my site that are now required to be https instead of http. Is there something I can include in a include file or my application.cfc file to determine the page and to change http to https? Can it also do the reverse from https to http if the pages isn't a form page
0
Comment
Question by:asaworker
  • 4
  • 2
8 Comments
 
LVL 36

Expert Comment

by:SidFishes
ID: 18818102
0
 

Author Comment

by:asaworker
ID: 18818247
All good solutions, however how do you turn it off if you don't need it anymore. I was wondering if there wasa  robots.txt file or something like that you can use to define what files have to be https.
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 18818352
Not sure why you'd want to "turn it off" but

You'd just add to whatever pages you want to encrypt

<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort NEQ 443>
<!--- Goto HTTPS --->
<cflocation url="https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    

If you want to "turn It off" you could just change the NEQ to EQ

<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort EQ 443>
<!--- Goto HTTP --->
<cflocation url="http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    

you could also use both and set a var in application.cfm

<cflock scope="application" type="exclusive" timeout="30">
<cfset application.UseSecure = true>


then on each page to be secured (or not)
<cfif application.UseSecure eq true>
<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort NEQ 443>
<!--- Goto HTTPS --->
<cflocation url="https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    

<cfelse>
<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort EQ 443>
<!--- Goto HTTP --->
<cflocation url="http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    



</cfif>


0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 

Author Comment

by:asaworker
ID: 18819018
It's not working for me. I have this in the application.cfc

<cffunction name="onApplicationStart" output="false" returntype="void">
            <!--- DSN (datasource name) --->
            <cfset application.dsName = "ASA">
            <!--- Datasource user name --->
            <cfset application.dsUserName = "">
            <!--- Datasource password --->
            <cfset application.dsPassword = "">
            <cfset application.UseSecure = true>

I get the error:

Error Occurred While Processing Request  
Element USESECURE is undefined in APPLICATION.  
 
 
The error occurred in C:\Inetpub\wwwroot\fap\forms\forms_bsummary.cfm: line 6
Called from C:\Inetpub\wwwroot\fap\forms\forms_bsummary.cfm: line 1
Called from C:\Inetpub\wwwroot\fap\forms\forms_bsummary.cfm: line 1
 
4 : </cfif>
5 :
6 : <cfif application.UseSecure eq true>
7 : <cfset serverPort = "#cgi.SERVER_PORT#">
8 : <cfif serverPort NEQ 443>

 
 
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 18819618
try restarting the server... might be a caching issue
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 18819620
err...restarting the service (no need to reboot)
0
 
LVL 39

Accepted Solution

by:
gdemaria earned 500 total points
ID: 18836806

 Keep in mind that any references to images, javascript, css files also need to use the right protocol.  

 I think the easiest way to do this is simply use relative paths to as many references and images as you can.   The protocol will not change when specifying a relative path.

 For those cases where you need an absolute path, create a global variable in your application.cfm file like this...

 <cfset request.protocal = listFirst(cgi.SERVER_PROTOCOL,"/") & "://">

That will set the variable to either HTTP:// or HTTPS:// and use just reference that variable everywhere that you must have an absolute link, like this...

 <CFLOCATION url="#request.protocal#www.mywebsite.com/index.cfm...">

To turn on or off HTTPS, simply  hard code a link to a page that has it set to HTTPS or HTTP.   So if they go into their checkout make them use a link with HTTPS.

To be sure the page is protected, you can check it at the top of the page or redirect them as SidFishes suggests (don't forget your query string for the variables!)  Of course this won't work well if the page was just POSTED to!  You will use your posted form variables.

<cfif NOT cgi.SERVER_PORT_SECURE>
   <cflocation url="https:#cgi.SERVER_NAME##cgi.SCRIPT_NAME##cgi.PATH_INFO#?#cgi.QUERY_STRING#" addtoken="false">
</cfif>


I'm always afraid of infinite loops with things like that, so perhaps have the user pause and click something...

<cfif NOT cgi.SERVER_PORT_SECURE>
   This page can only be run using a secure protocal call, please click here to continue..
   <a href="url="https:#cgi.SERVER_NAME##cgi.SCRIPT_NAME##cgi.PATH_INFO#?#cgi.QUERY_STRING#" > Make the page secure </a>
</cfif>


0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We've all had that page pop up telling us there is a problem with the certificate and some of us continue on anyways and others run away to a safer competing site.  But what to do when you get the error - is it your problem or theirs?  What can you …
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now