Shaun Mccran

My digital playground

07
S
E
P
2010

Forcing an SSL redirect using Coldfusion

Posted By : Shaun McCran
Related Categories: Security, Coldfusion

I've never really coded much around individual Secure templates, but this afternoon I found myself working in a framework where certain templates were required to be called with the 'https' URL instead of standard non secure URLs.

This turns out to be incredibly easy. There is a variable in the cgi scope that tells you if the request is served under a secure port or not, cgi.server_port_secure returns true or false (1/0), so you can use it to redirect people to where they should be.

view plain print about
1<cfif NOT cgi.server_port_secure>
2
3    <cflocation url="https://#cgi.server_name##cgi.script_name#"
4    addtoken="false">
5
6</cfif>

I've used other cgi values above as I've put this in a 'prefuseaction' function in a fusebox CFC controller file. That way all requests to any actions in that file are routed to the SSL equivalent.

Comments Comments (14) | Send Send | del.ico.us del.icio.us | Digg It! Digg It! | Linking Blogs Linking Blogs |
Answer Questions
TweetBacks
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
[Add Comment] [Subscribe to Comments]
Peter Boughton's Gravatar If cookies and sessions become involved, this can get tricky.

If this is something "important" that needs to be secure (e.g. involving payments/etc) then you should consider running a security scan against the site to check if it might be vulnerable to session fixation problems.

(Also, Jason Dean and Pete Freitag both write about security issues regularly - worth checking out their blogs if you haven't already.)
# Posted By Peter Boughton | 07/09/2010 15:23
daz's Gravatar does that mean you have the **UK CMS working>
# Posted By daz | 07/09/2010 15:27
Jules Gravinese's Gravatar Also add statuscode="301" for search engines to update their links.
# Posted By Jules Gravinese | 07/09/2010 17:40
Shaun McCran's Gravatar @Jules, good point, always nice if Google etc is actually pointing to the right place first time.

@peter luckily this platform is session free, but that is a consideration. I guess you could replicate the cookie scope using Google crossdomain code to 'bridge' from http to https.

@daz still got that issue, my resource tells me its not SSL related tho, but account file permissions, got someone on it now :-)
# Posted By Shaun McCran | 08/09/2010 10:11
Jules Gravinese's Gravatar Oh, also... I like to keep stuff like this out of the application server. It's not really part of the application logic. So let the web server handle it. Use htaccess with either apache or isapi_rewrite.
# Posted By Jules Gravinese | 08/09/2010 14:59
Shaun McCran's Gravatar I'm using isapi rewrite, I'd never really considered using that to redirect to https URL's. I think it can do a lot more than I've really gotten it to do.

Need to brush up on my regex really, wonder if there is a re write 'cook book' style site.
# Posted By Shaun McCran | 12/09/2010 10:42
Wildcard SSL Certificate's Gravatar Very good content about Forcing an SSL redirect using Coldfusion as well as very easy.
# Posted By Wildcard SSL Certificate | 12/10/2010 10:02
Heating And Plumbing's Gravatar Very good content about Forcing an SSL redirect using Coldfusion as well as very easy.
# Posted By Heating And Plumbing | 23/11/2015 03:44
more hints's Gravatar The first point on the agenda was to give a brief overview of the project itself, the key outputs and the various milestones
# Posted By more hints | 24/11/2015 02:29
the venus factor youtube's Gravatar This protection capability created by the Total Hi-Perf 4T Super Plus is made such that measured for consistency lubrication in every component of the machine.
# Posted By the venus factor youtube | 24/11/2015 04:46
Gutter Repair's Gravatar This protection capability created by the Total Hi-Perf 4T Super Plus is made such that measured for consistency lubrication in every component of the machine.
# Posted By Gutter Repair | 26/11/2015 05:26
extra resources's Gravatar I wanted to thank you for this excellent read!! I definitely loved every little bit of it. I have you bookmarked your site to check out the new stuff you post.
# Posted By extra resources | 29/12/2015 03:11
Bowles's Gravatar I had used so many articles for help the new students with http://essaywritingservices-help.blogspot.com/ this website. These articles also using to help our college students by new updates. Here, the blog shares very informative services for them with the new content.
# Posted By Bowles | 30/12/2015 21:24
packers and movers hadapsar pune's Gravatar Total Hi-Perf 4T Super Plus is made such that measured for consistency lubrication in every component of the machine.
# Posted By packers and movers hadapsar pune | 14/01/2016 01:08
[Add Comment]
Back to top
Subscribe
Enter your email address to subscribe to this blog.


Associated links