SSL certificates

dev google-group-archive
1

Hello Guys,

It is possible to detect whether the connection to the site was being made
via https or via http, right ? and this would be done in the application
code by introspecting the CGI scope and checking the value of the “https”
key.If the connection was being made via https, then the CGI https key
would return a value of “ON”. However, the site is returning a blank value
when accessed via https, thus it is not possible to determine
programmatically whether or not the connection is via https. I have
attached the screen shot.

Can you guys help me how to implement this. So far I have installed SSL via
cPanel and set the automatic redirection from http to https via htaccess
but if I call domainname.com/test.cfm it wont redirect to https
automatically. Should I install ssl in lucee or add keystore to cacacerts.
I dont know how to proceed any further. Please help me …

2

I’m not familiar with apache httpd, but in general you need to

  1. set up the web server (apache) to pass the proxy header
    “X-Forwarded-Proto” which would be either “http” or “https”. (you can
    use any header name as long as it matches the value in step 2 below, but
    this one is kind of the standard).

  2. set up the RemoteIpFilter in Tomcat’s web.xml (the relevant part in
    black)

RemoteIpFilter org.apache.catalina.filters.RemoteIpFilter internalProxies 127\.0\.0\.1 remoteIpHeader x-forwarded-for remoteIpProxiesHeader x-forwarded-by protocolHeader x-forwarded-proto

  1. access the value via: CGI.SERVER_PORT_SECURE which is set to 0 or 1,
    so you can use it as boolean in your CFML code, e.g.

    if (!CGI.SERVER_PORT_SECURE)
    echo(“This is not a secure protocol”);

Igal Sapir
Lucee Core Developer
Lucee.org http://lucee.org/On 6/19/2015 4:51 PM, Philips Vellappally wrote:

Hello Guys,

It is possible to detect whether the connection to the site was being
made via https or via http, right ? and this would be done in the
application code by introspecting the CGI scope and checking the value
of the “https” key.If the connection was being made via https, then
the CGI https key would return a value of “ON”. However, the site is
returning a blank value when accessed via https, thus it is not
possible to determine programmatically whether or not the connection
is via https. I have attached the screen shot.

Can you guys help me how to implement this. So far I have installed
SSL via cPanel and set the automatic redirection from http to https
via htaccess but if I call domainname.com/test.cfm it wont redirect to
https automatically. Should I install ssl in lucee or add keystore to
cacacerts. I dont know how to proceed any further. Please help me …

You received this message because you are subscribed to the Google
Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to lucee+unsubscribe@googlegroups.com
mailto:lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com
mailto:lucee@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/c6c8d380-2674-467a-9581-0ea8dbeb3222%40googlegroups.com
https://groups.google.com/d/msgid/lucee/c6c8d380-2674-467a-9581-0ea8dbeb3222%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

3

Hi Jordan,

Thanks for the update. The htaccess file of my domain contains the
following entries.

RewriteEgine On
RewriteCond %{HTTPS} off
RewriteRule (.) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]*

This redirection will work if I call http://domainname.com, it will get redirected to https. But if I try http://domainname.com/test.cfm directly , it wont get redirected to https. Now I gonna try the htaccess you have provided. I will let you know the results. Once again thank you for the help.

4

This, actually, shouldn’t be done with Lucee. It should be done in Apache.

Here’s a cPanel forum post on the subject:

Basically, just add this to your .htaccess file:
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Kind regards,
Jordan Michaels----- Original Message -----
From: “Philips Vellappally” <@Philips_Vellappally>
To: lucee@googlegroups.com
Sent: Friday, June 19, 2015 4:51:19 PM
Subject: [Lucee] SSL certificates

Hello Guys,

It is possible to detect whether the connection to the site was being made
via https or via http, right ? and this would be done in the application
code by introspecting the CGI scope and checking the value of the “https”
key.If the connection was being made via https, then the CGI https key
would return a value of “ON”. However, the site is returning a blank value
when accessed via https, thus it is not possible to determine
programmatically whether or not the connection is via https. I have
attached the screen shot.

Can you guys help me how to implement this. So far I have installed SSL via
cPanel and set the automatic redirection from http to https via htaccess
but if I call domainname.com/test.cfm it wont redirect to https
automatically. Should I install ssl in lucee or add keystore to cacacerts.
I dont know how to proceed any further. Please help me …


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/c6c8d380-2674-467a-9581-0ea8dbeb3222%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

5

Hello,

The Apache rewrite rules is not working as it wont get the cfm pages
redirected to https.

i.e http://domainname.com/test.cfm wont get redirected
to https://domainname.com/test.cfm automatically

Is there any alternative methods, Should I install SSL in lucee too, if
so please let me know how to do this.

Thank You.

6

Yes, and your rule will tell the client web browser to re-request HTTP
resources over HTTPS once that is set up.
But the mod_cfml Lucee connector will still be connecting to Tomcat the
same way, so Tomcat still passes the same CGI variables etc.
You need to add the filter to Tomcat as explained in the thread.

TomOn Sunday, June 21, 2015 at 4:42:01 AM UTC+1, Jordan Michaels wrote:

This, actually, shouldn’t be done with Lucee. It should be done in Apache.