?
Solved

Need some help with added security...

Posted on 2009-04-01
3
Medium Priority
?
504 Views
Last Modified: 2013-12-25
Hello,

I would like to secure my checkout page. I'm using a SSL for the checkout page I have setup however I would like to include in the application.cfm file a way that it checks that nobody can ever get away from the SSL...so....there are two parts to this need.


1. I need to make sure nobody can type in "http://sitedomain.com and continue through the site without the (www) so the user needs to be redirected to http://www.sitedomain.com and continue on any page they navigated to.

2. I need to make sure for my checkout.cfm page that the user can never be on that page unless it's secure.... so... https://www.sitedomain.com 

B
0
Comment
Question by:brihol44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 16

Accepted Solution

by:
duncancumming earned 2000 total points
ID: 24046174
For the first part, this should work:
<cfif NOT REFind("www.", CGI.HTTP_HOST)>
    <cflocation url="http://www.#CGI.http_host##CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#" addtoken="false">
</cfif>

For the second part, add this to checkout.cfm:


<cfif CGI.HTTPS NEQ "on">
	<cflocation url="https://#CGI.http_host##CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#" addtoken="false">
</cfif>

Open in new window

0
 
LVL 27

Expert Comment

by:azadisaryev
ID: 24046247
CGI variables will help you. specifically, CGI.SERVER_NAME and SGI.SERVER_PORT_SECURE.

put something like this in your Application.cfm file:


<cfif cgi.server_name is 'yoursite.com'><!--- domain requested without WWW --->

 <cflocation url="#iif(cgi.https is 'on' OR cgi.server_port_secure OR listlast(cgi.script_name) is 'checkout.cfm', de('https'), de('http'))#://www.#cgi.server_name & cgi.script_name#?#cgi.query_string#" addtoken="no">
 <cfabort>

<cfelse><!--- domain requested with WWW - check for required https connection --->

 <cfif listlast(cgi.script_name, "/\") is "checkout.cfm" AND (cgi.https is 'off' OR (NOT cgi.server_port_secure))>
  <cflocation url="https://#cgi.server_name & cgi.script_name#?#cgi.query_string#" addtoken="no">
  <cfabort>
 </cfif>

</cfif>

Azadi
0
 

Author Closing Comment

by:brihol44
ID: 31565630
Thanks!  The  solution worked well.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

CFGRID Custom Functionality Series -  Part 1 Hi Guys, I was once asked how it is possible to to add a hyperlink in the cfgrid and open the window to show the data. Now this is quite simple, I have to use the EXT JS library for this and I achiev…
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question