Solved

Https Coldfusion 7

Posted on 2007-03-29
8
247 Views
Last Modified: 2008-11-04
I have some forms on my site that are now required to be https instead of http. Is there something I can include in a include file or my application.cfc file to determine the page and to change http to https? Can it also do the reverse from https to http if the pages isn't a form page
0
Comment
Question by:asaworker
  • 4
  • 2
8 Comments
 
LVL 36

Expert Comment

by:SidFishes
ID: 18818102
0
 

Author Comment

by:asaworker
ID: 18818247
All good solutions, however how do you turn it off if you don't need it anymore. I was wondering if there wasa  robots.txt file or something like that you can use to define what files have to be https.
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 18818352
Not sure why you'd want to "turn it off" but

You'd just add to whatever pages you want to encrypt

<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort NEQ 443>
<!--- Goto HTTPS --->
<cflocation url="https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    

If you want to "turn It off" you could just change the NEQ to EQ

<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort EQ 443>
<!--- Goto HTTP --->
<cflocation url="http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    

you could also use both and set a var in application.cfm

<cflock scope="application" type="exclusive" timeout="30">
<cfset application.UseSecure = true>


then on each page to be secured (or not)
<cfif application.UseSecure eq true>
<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort NEQ 443>
<!--- Goto HTTPS --->
<cflocation url="https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    

<cfelse>
<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort EQ 443>
<!--- Goto HTTP --->
<cflocation url="http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    



</cfif>


0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 

Author Comment

by:asaworker
ID: 18819018
It's not working for me. I have this in the application.cfc

<cffunction name="onApplicationStart" output="false" returntype="void">
            <!--- DSN (datasource name) --->
            <cfset application.dsName = "ASA">
            <!--- Datasource user name --->
            <cfset application.dsUserName = "">
            <!--- Datasource password --->
            <cfset application.dsPassword = "">
            <cfset application.UseSecure = true>

I get the error:

Error Occurred While Processing Request  
Element USESECURE is undefined in APPLICATION.  
 
 
The error occurred in C:\Inetpub\wwwroot\fap\forms\forms_bsummary.cfm: line 6
Called from C:\Inetpub\wwwroot\fap\forms\forms_bsummary.cfm: line 1
Called from C:\Inetpub\wwwroot\fap\forms\forms_bsummary.cfm: line 1
 
4 : </cfif>
5 :
6 : <cfif application.UseSecure eq true>
7 : <cfset serverPort = "#cgi.SERVER_PORT#">
8 : <cfif serverPort NEQ 443>

 
 
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 18819618
try restarting the server... might be a caching issue
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 18819620
err...restarting the service (no need to reboot)
0
 
LVL 39

Accepted Solution

by:
gdemaria earned 500 total points
ID: 18836806

 Keep in mind that any references to images, javascript, css files also need to use the right protocol.  

 I think the easiest way to do this is simply use relative paths to as many references and images as you can.   The protocol will not change when specifying a relative path.

 For those cases where you need an absolute path, create a global variable in your application.cfm file like this...

 <cfset request.protocal = listFirst(cgi.SERVER_PROTOCOL,"/") & "://">

That will set the variable to either HTTP:// or HTTPS:// and use just reference that variable everywhere that you must have an absolute link, like this...

 <CFLOCATION url="#request.protocal#www.mywebsite.com/index.cfm...">

To turn on or off HTTPS, simply  hard code a link to a page that has it set to HTTPS or HTTP.   So if they go into their checkout make them use a link with HTTPS.

To be sure the page is protected, you can check it at the top of the page or redirect them as SidFishes suggests (don't forget your query string for the variables!)  Of course this won't work well if the page was just POSTED to!  You will use your posted form variables.

<cfif NOT cgi.SERVER_PORT_SECURE>
   <cflocation url="https:#cgi.SERVER_NAME##cgi.SCRIPT_NAME##cgi.PATH_INFO#?#cgi.QUERY_STRING#" addtoken="false">
</cfif>


I'm always afraid of infinite loops with things like that, so perhaps have the user pause and click something...

<cfif NOT cgi.SERVER_PORT_SECURE>
   This page can only be run using a secure protocal call, please click here to continue..
   <a href="url="https:#cgi.SERVER_NAME##cgi.SCRIPT_NAME##cgi.PATH_INFO#?#cgi.QUERY_STRING#" > Make the page secure </a>
</cfif>


0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RDP Sonicwall 8 88
slow vpn connection 9 78
Signing certificate through internal CA server windows server 2008 11 57
F5 SSL Sticky Load Balancing Question 3 55
This is an updated version of a post made on my blog over 3 years ago. It is unfortunately, still very relevant as we continue to see both SQLi (SQL injection) and XSS (cross site scripting) attacks hitting some of the most recognizable website and …
CFGRID Custom Functionality Series -  Part 1 Hi Guys, I was once asked how it is possible to to add a hyperlink in the cfgrid and open the window to show the data. Now this is quite simple, I have to use the EXT JS library for this and I achiev…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question