It is possible to detect whether the connection to the site was being made
via https or via http, right ? and this would be done in the application
code by introspecting the CGI scope and checking the value of the “https”
key.If the connection was being made via https, then the CGI https key
would return a value of “ON”. However, the site is returning a blank value
when accessed via https, thus it is not possible to determine
programmatically whether or not the connection is via https. I have
attached the screen shot.
Can you guys help me how to implement this. So far I have installed SSL via
cPanel and set the automatic redirection from http to https via htaccess
but if I call domainname.com/test.cfm it wont redirect to https
automatically. Should I install ssl in lucee or add keystore to cacacerts.
I dont know how to proceed any further. Please help me …
I’m not familiar with apache httpd, but in general you need to
set up the web server (apache) to pass the proxy header
“X-Forwarded-Proto” which would be either “http” or “https”. (you can
use any header name as long as it matches the value in step 2 below, but
this one is kind of the standard).
set up the RemoteIpFilter in Tomcat’s web.xml (the relevant part in
black)
It is possible to detect whether the connection to the site was being
made via https or via http, right ? and this would be done in the
application code by introspecting the CGI scope and checking the value
of the “https” key.If the connection was being made via https, then
the CGI https key would return a value of “ON”. However, the site is
returning a blank value when accessed via https, thus it is not
possible to determine programmatically whether or not the connection
is via https. I have attached the screen shot.
Can you guys help me how to implement this. So far I have installed
SSL via cPanel and set the automatic redirection from http to https
via htaccess but if I call domainname.com/test.cfm it wont redirect to
https automatically. Should I install ssl in lucee or add keystore to
cacacerts. I dont know how to proceed any further. Please help me …
Thanks for the update. The htaccess file of my domain contains the
following entries.
RewriteEgine On
RewriteCond %{HTTPS} off
RewriteRule (.) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]*
This redirection will work if I call http://domainname.com, it will get redirected to https. But if I try http://domainname.com/test.cfm directly , it wont get redirected to https. Now I gonna try the htaccess you have provided. I will let you know the results. Once again thank you for the help.
This, actually, shouldn’t be done with Lucee. It should be done in Apache.
Here’s a cPanel forum post on the subject:
Basically, just add this to your .htaccess file:
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Kind regards,
Jordan Michaels----- Original Message -----
From: “Philips Vellappally” <@Philips_Vellappally>
To: lucee@googlegroups.com
Sent: Friday, June 19, 2015 4:51:19 PM
Subject: [Lucee] SSL certificates
Hello Guys,
It is possible to detect whether the connection to the site was being made
via https or via http, right ? and this would be done in the application
code by introspecting the CGI scope and checking the value of the “https”
key.If the connection was being made via https, then the CGI https key
would return a value of “ON”. However, the site is returning a blank value
when accessed via https, thus it is not possible to determine
programmatically whether or not the connection is via https. I have
attached the screen shot.
Can you guys help me how to implement this. So far I have installed SSL via
cPanel and set the automatic redirection from http to https via htaccess
but if I call domainname.com/test.cfm it wont redirect to https
automatically. Should I install ssl in lucee or add keystore to cacacerts.
I dont know how to proceed any further. Please help me …
Yes, and your rule will tell the client web browser to re-request HTTP
resources over HTTPS once that is set up. But the mod_cfml Lucee connector will still be connecting to Tomcat the
same way, so Tomcat still passes the same CGI variables etc.
You need to add the filter to Tomcat as explained in the thread.
TomOn Sunday, June 21, 2015 at 4:42:01 AM UTC+1, Jordan Michaels wrote:
This, actually, shouldn’t be done with Lucee. It should be done in Apache.