brihol44
asked on
Need some help with added security...
Hello,
I would like to secure my checkout page. I'm using a SSL for the checkout page I have setup however I would like to include in the application.cfm file a way that it checks that nobody can ever get away from the SSL...so....there are two parts to this need.
1. I need to make sure nobody can type in "http://sitedomain.com and continue through the site without the (www) so the user needs to be redirected to http://www.sitedomain.com and continue on any page they navigated to.
2. I need to make sure for my checkout.cfm page that the user can never be on that page unless it's secure.... so... https://www.sitedomain.com
B
I would like to secure my checkout page. I'm using a SSL for the checkout page I have setup however I would like to include in the application.cfm file a way that it checks that nobody can ever get away from the SSL...so....there are two parts to this need.
1. I need to make sure nobody can type in "http://sitedomain.com and continue through the site without the (www) so the user needs to be redirected to http://www.sitedomain.com and continue on any page they navigated to.
2. I need to make sure for my checkout.cfm page that the user can never be on that page unless it's secure.... so... https://www.sitedomain.com
B
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks! The solution worked well.
put something like this in your Application.cfm file:
<cfif cgi.server_name is 'yoursite.com'><!--- domain requested without WWW --->
<cflocation url="#iif(cgi.https is 'on' OR cgi.server_port_secure OR listlast(cgi.script_name) is 'checkout.cfm', de('https'), de('http'))#://www.#cgi.se
<cfabort>
<cfelse><!--- domain requested with WWW - check for required https connection --->
<cfif listlast(cgi.script_name, "/\") is "checkout.cfm" AND (cgi.https is 'off' OR (NOT cgi.server_port_secure))>
<cflocation url="https://#cgi.server_name & cgi.script_name#?#cgi.quer
<cfabort>
</cfif>
</cfif>
Azadi