Solved

Need some help with added security...

Posted on 2009-04-01
3
495 Views
Last Modified: 2013-12-25
Hello,

I would like to secure my checkout page. I'm using a SSL for the checkout page I have setup however I would like to include in the application.cfm file a way that it checks that nobody can ever get away from the SSL...so....there are two parts to this need.


1. I need to make sure nobody can type in "http://sitedomain.com and continue through the site without the (www) so the user needs to be redirected to http://www.sitedomain.com and continue on any page they navigated to.

2. I need to make sure for my checkout.cfm page that the user can never be on that page unless it's secure.... so... https://www.sitedomain.com 

B
0
Comment
Question by:brihol44
3 Comments
 
LVL 16

Accepted Solution

by:
duncancumming earned 500 total points
ID: 24046174
For the first part, this should work:
<cfif NOT REFind("www.", CGI.HTTP_HOST)>
    <cflocation url="http://www.#CGI.http_host##CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#" addtoken="false">
</cfif>

For the second part, add this to checkout.cfm:


<cfif CGI.HTTPS NEQ "on">

	<cflocation url="https://#CGI.http_host##CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#" addtoken="false">

</cfif>

Open in new window

0
 
LVL 27

Expert Comment

by:azadisaryev
ID: 24046247
CGI variables will help you. specifically, CGI.SERVER_NAME and SGI.SERVER_PORT_SECURE.

put something like this in your Application.cfm file:


<cfif cgi.server_name is 'yoursite.com'><!--- domain requested without WWW --->

 <cflocation url="#iif(cgi.https is 'on' OR cgi.server_port_secure OR listlast(cgi.script_name) is 'checkout.cfm', de('https'), de('http'))#://www.#cgi.server_name & cgi.script_name#?#cgi.query_string#" addtoken="no">
 <cfabort>

<cfelse><!--- domain requested with WWW - check for required https connection --->

 <cfif listlast(cgi.script_name, "/\") is "checkout.cfm" AND (cgi.https is 'off' OR (NOT cgi.server_port_secure))>
  <cflocation url="https://#cgi.server_name & cgi.script_name#?#cgi.query_string#" addtoken="no">
  <cfabort>
 </cfif>

</cfif>

Azadi
0
 

Author Closing Comment

by:brihol44
ID: 31565630
Thanks!  The  solution worked well.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, Even though I have created this Tutorial on My personal Blog, Some people might not able to find my website, So here i am posting it again Today, from the topic it is very clear that i will be showing you here the very basic usage of how we …
CFGRID Custom Functionality Series -  Part 1 Hi Guys, I was once asked how it is possible to to add a hyperlink in the cfgrid and open the window to show the data. Now this is quite simple, I have to use the EXT JS library for this and I achiev…
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now