Redirect to https page from http page

23 views
Skip to first unread message

Mike F

unread,
Jul 18, 2007, 2:47:46 PM7/18/07
to Mach-II for ColdFusion
HI All,

I am coding a filter and want to detect if a page is in https or not.
The detection part I have figured out, it's the re-direct after
detection that I am having a little trouble with. If the filter
detects that the page is not in https and requires it, I can announce
an event in the filter, and then have that event execute the
<redirect /> directive, but not sure how to handle the transition in
protocols (http -> https) . I really do not want to hardcode the url
in the redirect directive.

Any suggestions?

Matt Osbun

unread,
Jul 18, 2007, 10:02:14 PM7/18/07
to mach-ii-for...@googlegroups.com
May not be the best solution, but I use this in a plugin:

            <cfif Compare(cgi.SERVER_PORT,443)>
                <cflocation url="https://#cgi.server_name##cgi.path_info#?#cgi.query_string#" addtoken="false"/>
            </cfif>

Matt Osbun
http://www.pteradactylcry.com

Hugo Ahlenius

unread,
Jul 19, 2007, 3:22:14 AM7/19/07
to mach-ii-for...@googlegroups.com

As an alternative to hardcoding - you can make it a little "softer" by
having the URL in a property (that way you only need to change it in one
place, if it changes).

/Hugo

to...@rolist.com

unread,
Jul 19, 2007, 8:56:53 AM7/19/07
to Mach-II for ColdFusion
http://www.maestropublishing.com/downloads/sslPlugin.zip

Peter, the man, already has a wonderful plugin that handles just this.

Peter J. Farrell

unread,
Jul 19, 2007, 9:12:15 AM7/19/07
to mach-ii-for...@googlegroups.com
tpet...@gmail.com said the following on 7/19/2007 7:56 AM:

> http://www.maestropublishing.com/downloads/sslPlugin.zip
>
> Peter, the man, already has a wonderful plugin that handles just this.
>
I should warn you that it's hopeless out of date and I it's goes from
http to https...but not back.

.Peter

Mike Fransblow

unread,
Jul 19, 2007, 12:16:42 PM7/19/07
to mach-ii-for...@googlegroups.com
Thanks for all the input from everyone, very much appreciated as usual.
Going with with a cflocation within a filter, in case anyone is interested. Peter's plugin looks great but not sure I want to maintain lists of non-required SSL events for a fairly large app., with a number of config <includes/> already ;)

MikeF

Kurt Wiersma

unread,
Jul 21, 2007, 2:14:07 PM7/21/07
to mach-ii-for...@googlegroups.com
You might want to check out my co-worker Shannon's Stitch plugin. We use it for SSL redirect and also for highlighting nav elements in Mach II apps.

http://jidev.com/?event=stitch

You use a simple xml file to defined sections of events. This way you can defined a set of events that are ssl required.

<keys>
   <section name="ssl">
        <section name="derogatoryType">
             <key event="derogatoryType.*"/>
        </section>
  </section>
</keys>

Then in our security plugin we have the following:

<!--- enforce ssl --->
        <cfif stitch.isSection('ssl') AND NOT ListFindNoCase(getParameter("devhosts"), CGI.SERVER_NAME)>
            <cfif NOT CGI.SERVER_PORT_SECURE and stitch.isSection('ssl')>
                <cfset _url = "https://#getParameter("host")##lcase(CGI.SCRIPT_NAME)#">
                <cfif CGI.QUERY_STRING neq "">
                    <cfset _url = _url & "?#CGI.QUERY_STRING#">
                </cfif>
                <cflocation url="#_url#" addtoken="no">
            <cfelseif not stitch.isSection('ssl')>
                <cfset _url = "http://#getParameter("host")##lcase( CGI.SCRIPT_NAME)#">
                <cfif CGI.QUERY_STRING neq "">
                    <cfset _url = _url & "?#CGI.QUERY_STRING#">
                </cfif>
                <cflocation url="#_url#" addtoken="no">
            </cfif>
        </cfif>
Reply all
Reply to author
Forward
0 new messages