Solved

Need some help with added security...

Posted on 2009-04-01
3
496 Views
Last Modified: 2013-12-25
Hello,

I would like to secure my checkout page. I'm using a SSL for the checkout page I have setup however I would like to include in the application.cfm file a way that it checks that nobody can ever get away from the SSL...so....there are two parts to this need.


1. I need to make sure nobody can type in "http://sitedomain.com and continue through the site without the (www) so the user needs to be redirected to http://www.sitedomain.com and continue on any page they navigated to.

2. I need to make sure for my checkout.cfm page that the user can never be on that page unless it's secure.... so... https://www.sitedomain.com 

B
0
Comment
Question by:brihol44
3 Comments
 
LVL 16

Accepted Solution

by:
duncancumming earned 500 total points
ID: 24046174
For the first part, this should work:
<cfif NOT REFind("www.", CGI.HTTP_HOST)>
    <cflocation url="http://www.#CGI.http_host##CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#" addtoken="false">
</cfif>

For the second part, add this to checkout.cfm:


<cfif CGI.HTTPS NEQ "on">
	<cflocation url="https://#CGI.http_host##CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#" addtoken="false">
</cfif>

Open in new window

0
 
LVL 27

Expert Comment

by:azadisaryev
ID: 24046247
CGI variables will help you. specifically, CGI.SERVER_NAME and SGI.SERVER_PORT_SECURE.

put something like this in your Application.cfm file:


<cfif cgi.server_name is 'yoursite.com'><!--- domain requested without WWW --->

 <cflocation url="#iif(cgi.https is 'on' OR cgi.server_port_secure OR listlast(cgi.script_name) is 'checkout.cfm', de('https'), de('http'))#://www.#cgi.server_name & cgi.script_name#?#cgi.query_string#" addtoken="no">
 <cfabort>

<cfelse><!--- domain requested with WWW - check for required https connection --->

 <cfif listlast(cgi.script_name, "/\") is "checkout.cfm" AND (cgi.https is 'off' OR (NOT cgi.server_port_secure))>
  <cflocation url="https://#cgi.server_name & cgi.script_name#?#cgi.query_string#" addtoken="no">
  <cfabort>
 </cfif>

</cfif>

Azadi
0
 

Author Closing Comment

by:brihol44
ID: 31565630
Thanks!  The  solution worked well.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

PROBLEM: How to add your own buttons to the bottom toolbar with paging info ( result count ). While creating a cfgrid, I ran into an issue where I wanted to embed my own custom buttons where the default ones ( insert / delete / etc… ) are for aes…
This article will show, step by step, how to integrate R code into a R Sweave document
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question