Link to home
Start Free TrialLog in
Avatar of brihol44
brihol44

asked on

Need some help with added security...

Hello,

I would like to secure my checkout page. I'm using a SSL for the checkout page I have setup however I would like to include in the application.cfm file a way that it checks that nobody can ever get away from the SSL...so....there are two parts to this need.


1. I need to make sure nobody can type in "http://sitedomain.com and continue through the site without the (www) so the user needs to be redirected to http://www.sitedomain.com and continue on any page they navigated to.

2. I need to make sure for my checkout.cfm page that the user can never be on that page unless it's secure.... so... https://www.sitedomain.com 

B
ASKER CERTIFIED SOLUTION
Avatar of duncancumming
duncancumming
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of azadisaryev
azadisaryev
Flag of Hong Kong image
CGI variables will help you. specifically, CGI.SERVER_NAME and SGI.SERVER_PORT_SECURE.

put something like this in your Application.cfm file:


<cfif cgi.server_name is 'yoursite.com'><!--- domain requested without WWW --->

 <cflocation url="#iif(cgi.https is 'on' OR cgi.server_port_secure OR listlast(cgi.script_name) is 'checkout.cfm', de('https'), de('http'))#://www.#cgi.server_name & cgi.script_name#?#cgi.query_string#" addtoken="no">
 <cfabort>

<cfelse><!--- domain requested with WWW - check for required https connection --->

 <cfif listlast(cgi.script_name, "/\") is "checkout.cfm" AND (cgi.https is 'off' OR (NOT cgi.server_port_secure))>
  <cflocation url="https://#cgi.server_name & cgi.script_name#?#cgi.query_string#" addtoken="no">
  <cfabort>
 </cfif>

</cfif>

Azadi
Avatar of brihol44
brihol44

ASKER

Thanks!  The  solution worked well.