Solved

Https Coldfusion 7

Posted on 2007-03-29
8
252 Views
Last Modified: 2008-11-04
I have some forms on my site that are now required to be https instead of http. Is there something I can include in a include file or my application.cfc file to determine the page and to change http to https? Can it also do the reverse from https to http if the pages isn't a form page
0
Comment
Question by:asaworker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
8 Comments
 
LVL 36

Expert Comment

by:SidFishes
ID: 18818102
0
 

Author Comment

by:asaworker
ID: 18818247
All good solutions, however how do you turn it off if you don't need it anymore. I was wondering if there wasa  robots.txt file or something like that you can use to define what files have to be https.
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 18818352
Not sure why you'd want to "turn it off" but

You'd just add to whatever pages you want to encrypt

<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort NEQ 443>
<!--- Goto HTTPS --->
<cflocation url="https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    

If you want to "turn It off" you could just change the NEQ to EQ

<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort EQ 443>
<!--- Goto HTTP --->
<cflocation url="http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    

you could also use both and set a var in application.cfm

<cflock scope="application" type="exclusive" timeout="30">
<cfset application.UseSecure = true>


then on each page to be secured (or not)
<cfif application.UseSecure eq true>
<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort NEQ 443>
<!--- Goto HTTPS --->
<cflocation url="https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : https://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    

<cfelse>
<cfset serverPort = "#cgi.SERVER_PORT#">
<cfif serverPort EQ 443>
<!--- Goto HTTP --->
<cflocation url="http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#" addtoken="false">
<cfelse>
<!--- Already There - Do Nothing --->
You're at : http://www.someco.com#cgi.SCRIPT_NAME##cgi.PATH_INFO#
</cfif>    



</cfif>


0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 

Author Comment

by:asaworker
ID: 18819018
It's not working for me. I have this in the application.cfc

<cffunction name="onApplicationStart" output="false" returntype="void">
            <!--- DSN (datasource name) --->
            <cfset application.dsName = "ASA">
            <!--- Datasource user name --->
            <cfset application.dsUserName = "">
            <!--- Datasource password --->
            <cfset application.dsPassword = "">
            <cfset application.UseSecure = true>

I get the error:

Error Occurred While Processing Request  
Element USESECURE is undefined in APPLICATION.  
 
 
The error occurred in C:\Inetpub\wwwroot\fap\forms\forms_bsummary.cfm: line 6
Called from C:\Inetpub\wwwroot\fap\forms\forms_bsummary.cfm: line 1
Called from C:\Inetpub\wwwroot\fap\forms\forms_bsummary.cfm: line 1
 
4 : </cfif>
5 :
6 : <cfif application.UseSecure eq true>
7 : <cfset serverPort = "#cgi.SERVER_PORT#">
8 : <cfif serverPort NEQ 443>

 
 
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 18819618
try restarting the server... might be a caching issue
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 18819620
err...restarting the service (no need to reboot)
0
 
LVL 39

Accepted Solution

by:
gdemaria earned 500 total points
ID: 18836806

 Keep in mind that any references to images, javascript, css files also need to use the right protocol.  

 I think the easiest way to do this is simply use relative paths to as many references and images as you can.   The protocol will not change when specifying a relative path.

 For those cases where you need an absolute path, create a global variable in your application.cfm file like this...

 <cfset request.protocal = listFirst(cgi.SERVER_PROTOCOL,"/") & "://">

That will set the variable to either HTTP:// or HTTPS:// and use just reference that variable everywhere that you must have an absolute link, like this...

 <CFLOCATION url="#request.protocal#www.mywebsite.com/index.cfm...">

To turn on or off HTTPS, simply  hard code a link to a page that has it set to HTTPS or HTTP.   So if they go into their checkout make them use a link with HTTPS.

To be sure the page is protected, you can check it at the top of the page or redirect them as SidFishes suggests (don't forget your query string for the variables!)  Of course this won't work well if the page was just POSTED to!  You will use your posted form variables.

<cfif NOT cgi.SERVER_PORT_SECURE>
   <cflocation url="https:#cgi.SERVER_NAME##cgi.SCRIPT_NAME##cgi.PATH_INFO#?#cgi.QUERY_STRING#" addtoken="false">
</cfif>


I'm always afraid of infinite loops with things like that, so perhaps have the user pause and click something...

<cfif NOT cgi.SERVER_PORT_SECURE>
   This page can only be run using a secure protocal call, please click here to continue..
   <a href="url="https:#cgi.SERVER_NAME##cgi.SCRIPT_NAME##cgi.PATH_INFO#?#cgi.QUERY_STRING#" > Make the page secure </a>
</cfif>


0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

PROBLEM:  How to open a cfwindow or run a function on double click of a cfgrid row. One of my clients wanted to be able to double click on a row item to get more detailed information about a transaction and to be able to modify the line items i…
Sometimes databases have MILLIONS of records and we need a way to quickly query that table to return the results me need. Sure you could use CFQUERY but it takes too long when there are millions of records. That is why SOLR was invented. Please …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question