SSL certificates
109 views
Skip to first unread message
Philips Vellappally
Jun 19, 2015, 7:51:19 PM6/19/15
to lu...@googlegroups.com
Hello Guys,
It is possible to detect whether the connection to the site was being made via https or via http, right ? and this would be done in the application code by introspecting the CGI scope and checking the value of the "https" key.If the connection was being made via https, then the CGI https key would
return a value of "ON". However, the site is returning a blank value
when accessed via https, thus it is not possible to determine
programmatically whether or not the connection is via https. I have attached the screen shot.
Can you guys help me how to implement this. So far I have installed SSL via cPanel and set the automatic redirection from http to https via htaccess but if I call domainname.com/test.cfm it wont redirect to https automatically. Should I install ssl in lucee or add keystore to cacacerts. I dont know how to proceed any further. Please help me ....
Igal @ Lucee.org
Jun 19, 2015, 8:44:50 PM6/19/15
to lu...@googlegroups.com
I'm not familiar with apache httpd, but in general you need to
1) set up the web server (apache) to pass the proxy header "X-Forwarded-Proto" which would be either "http" or "https". (you can use any header name as long as it matches the value in step 2 below, but this one is kind of the standard).
2) set up the RemoteIpFilter in Tomcat's web.xml (the relevant part in black)
<filter>
<filter-name>RemoteIpFilter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
<init-param>
<param-name>internalProxies</param-name>
<param-value>127\.0\.0\.1</param-value>
</init-param>
<init-param>
<param-name>remoteIpHeader</param-name>
<param-value>x-forwarded-for</param-value>
</init-param>
<init-param>
<param-name>remoteIpProxiesHeader</param-name>
<param-value>x-forwarded-by</param-value>
</init-param>
<init-param>
<param-name>protocolHeader</param-name>
<param-value>x-forwarded-proto</param-value>
</init-param>
</filter>
3) access the value via: CGI.SERVER_PORT_SECURE which is set to 0 or 1, so you can use it as boolean in your CFML code, e.g.
if (!CGI.SERVER_PORT_SECURE)
echo("This is not a secure protocol");
1) set up the web server (apache) to pass the proxy header "X-Forwarded-Proto" which would be either "http" or "https". (you can use any header name as long as it matches the value in step 2 below, but this one is kind of the standard).
2) set up the RemoteIpFilter in Tomcat's web.xml (the relevant part in black)
<filter>
<filter-name>RemoteIpFilter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
<init-param>
<param-name>internalProxies</param-name>
<param-value>127\.0\.0\.1</param-value>
</init-param>
<init-param>
<param-name>remoteIpHeader</param-name>
<param-value>x-forwarded-for</param-value>
</init-param>
<init-param>
<param-name>remoteIpProxiesHeader</param-name>
<param-value>x-forwarded-by</param-value>
</init-param>
<init-param>
<param-name>protocolHeader</param-name>
<param-value>x-forwarded-proto</param-value>
</init-param>
</filter>
3) access the value via: CGI.SERVER_PORT_SECURE which is set to 0 or 1, so you can use it as boolean in your CFML code, e.g.
if (!CGI.SERVER_PORT_SECURE)
echo("This is not a secure protocol");
Igal Sapir
Lucee Core Developer
Lucee.org
--
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/c6c8d380-2674-467a-9581-0ea8dbeb3222%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jordan Michaels
Jun 20, 2015, 11:42:01 PM6/20/15
to lu...@googlegroups.com
This, actually, shouldn't be done with Lucee. It should be done in Apache.
Here's a cPanel forum post on the subject:
https://forums.cpanel.net/threads/apache-redirection-to-ssl.426432/
Basically, just add this to your .htaccess file:
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Kind regards,
Jordan Michaels
Here's a cPanel forum post on the subject:
https://forums.cpanel.net/threads/apache-redirection-to-ssl.426432/
Basically, just add this to your .htaccess file:
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Kind regards,
Jordan Michaels
Philips Vellappally
Jun 21, 2015, 5:01:06 AM6/21/15
to lu...@googlegroups.com
Hi Jordan,
Thanks for the update. The htaccess file of my domain contains the following entries.
RewriteEgine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]This redirection will work if I call http://domainname.com, it will get redirected to https. But if I try http://domainname.com/test.cfm directly , it wont get redirected to https. Now I gonna try the htaccess you have provided. I will let you know the results. Once again thank you for the help.Philips Vellappally
Jun 21, 2015, 2:59:02 PM6/21/15
to lu...@googlegroups.com
Hello,
The Apache rewrite rules is not working as it wont get the cfm pages redirected to https.
i.e http://domainname.com/test.cfm wont get redirected to https://domainname.com/test.cfm automatically
>>Is there any alternative methods, Should I install SSL in lucee too, if so please let me know how to do this.
Thank You.
Tom Chiverton
Jun 22, 2015, 4:09:07 AM6/22/15
to lu...@googlegroups.com
On Sunday, June 21, 2015 at 4:42:01 AM UTC+1, Jordan Michaels wrote:
This, actually, shouldn't be done with Lucee. It should be done in Apache.
Yes, and your rule will tell the client web browser to re-request HTTP resources over HTTPS once that is set up.
*But* the mod_cfml Lucee connector will still be connecting to Tomcat the same way, so Tomcat still passes the same CGI variables etc.
You need to add the filter to Tomcat as explained in the thread.
Tom
Reply all
Reply to author
Forward
0 new messages