Solved

Https Coldfusion 7

Posted on 2007-03-29
8
256 Views
Last Modified: 2008-11-04
I have some forms on my site that are now required to be https instead of http. Is there something I can include in a include file or my application.cfc file to determine the page and to change http to https? Can it also do the reverse from https to http if the pages isn't a form page
0
Comment
Question by:asaworker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
8 Comments
 
LVL 36

Expert Comment

by:SidFishes
ID: 18818102
0
 

Author Comment

by:asaworker
ID: 18818247
All good solutions, however how do you turn it off if you don't need it anymore. I was wondering if there wasa  robots.txt file or something like that you can use to define what files have to be https.
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 18818352
Not sure why you'd want to "turn it off" but

You'd just add to whatever pages you want to encrypt

<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort NEQ 443>
<!--- Goto HTTPS --->
<cflocation url="https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    

If you want to "turn It off" you could just change the NEQ to EQ

<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort EQ 443>
<!--- Goto HTTP --->
<cflocation url="http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    

you could also use both and set a var in application.cfm

<cflock scope="application" type="exclusive" timeout="30">
<cfset application.UseSecure = true>


then on each page to be secured (or not)
<cfif application.UseSecure eq true>
<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort NEQ 443>
<!--- Goto HTTPS --->
<cflocation url="https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    

<cfelse>
<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort EQ 443>
<!--- Goto HTTP --->
<cflocation url="http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    



</cfif>


0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:asaworker
ID: 18819018
It's not working for me. I have this in the application.cfc

<cffunction name="onApplicationStart" output="false" returntype="void">
            <!--- DSN (datasource name) --->
            <cfset application.dsName = "ASA">
            <!--- Datasource user name --->
            <cfset application.dsUserName = "">
            <!--- Datasource password --->
            <cfset application.dsPassword = "">
            <cfset application.UseSecure = true>

I get the error:

Error Occurred While Processing Request  
Element USESECURE is undefined in APPLICATION.  
 
 
The error occurred in C:\Inetpub\wwwroot\fap\forms\forms_bsummary.cfm: line 6
Called from C:\Inetpub\wwwroot\fap\forms\forms_bsummary.cfm: line 1
Called from C:\Inetpub\wwwroot\fap\forms\forms_bsummary.cfm: line 1
 
4 : </cfif>
5 :
6 : <cfif application.UseSecure eq true>
7 : <cfset serverPort = "#cgi.SERVER_PORT#">
8 : <cfif serverPort NEQ 443>

 
 
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 18819618
try restarting the server... might be a caching issue
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 18819620
err...restarting the service (no need to reboot)
0
 
LVL 39

Accepted Solution

by:
gdemaria earned 500 total points
ID: 18836806

 Keep in mind that any references to images, javascript, css files also need to use the right protocol.  

 I think the easiest way to do this is simply use relative paths to as many references and images as you can.   The protocol will not change when specifying a relative path.

 For those cases where you need an absolute path, create a global variable in your application.cfm file like this...

 <cfset request.protocal = listFirst(cgi.SERVER_PROTOCOL,"/") & "://">

That will set the variable to either HTTP:// or HTTPS:// and use just reference that variable everywhere that you must have an absolute link, like this...

 <CFLOCATION url="#request.protocal#www.mywebsite.com/index.cfm...">

To turn on or off HTTPS, simply  hard code a link to a page that has it set to HTTPS or HTTP.   So if they go into their checkout make them use a link with HTTPS.

To be sure the page is protected, you can check it at the top of the page or redirect them as SidFishes suggests (don't forget your query string for the variables!)  Of course this won't work well if the page was just POSTED to!  You will use your posted form variables.

<cfif NOT cgi.SERVER_PORT_SECURE>
   <cflocation url="https:#cgi.SERVER_NAME##cgi.SCRIPT_NAME##cgi.PATH_INFO#?#cgi.QUERY_STRING#" addtoken="false">
</cfif>


I'm always afraid of infinite loops with things like that, so perhaps have the user pause and click something...

<cfif NOT cgi.SERVER_PORT_SECURE>
   This page can only be run using a secure protocal call, please click here to continue..
   <a href="url="https:#cgi.SERVER_NAME##cgi.SCRIPT_NAME##cgi.PATH_INFO#?#cgi.QUERY_STRING#" > Make the page secure </a>
</cfif>


0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an updated version of a post made on my blog over 3 years ago. It is unfortunately, still very relevant as we continue to see both SQLi (SQL injection) and XSS (cross site scripting) attacks hitting some of the most recognizable website and …
Recently while working on a project I got a very annoying cfdocument has no body error message. I had never seen this error before. So I checked the code. The code was pretty simple; it was Just showing me the cfdocumnt tag and inside that tag a …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question