Re: http or https?

This WebDNA talk-list message is from

2001


It keeps the original formatting.
numero = 37608
interpreted = N
texte = I think you'll find that this is what this code does. (hopefully!)If someone types in a non-https address, because [referrer] then DOES NOT start with https://secure.domain.co.uk, the following [redirect] command is NOT HIDDEN, thus redirecting them to the https version.Hope this makes sense. on 3/8/01 4:52 pm, John Hill at johnh@genericaddress.com wrote:> It's not a bad method. However, to be safe, I'd reverse the logic - redirect > to secure if the header does not contain https. That way you're not reliant on > the referrer being correct and you'll err on the side of redirecting too > often. If someone types the non-ssl url in their browser directly, the > referrer, I think, will be blank, and in your case, not redirect to the secure > page. > > John. > >> This is something I've only found discussed in the archives (by Ken) way >> back in '98, and I am wondering whether a neat solution has been found. >> >> We're trying to ensure that people access the https version of a page, >> rather than the regular http version. >> (this is an admin page which clients MAY type in directly, thus probably >> forgetting to add the https!) >> >> >> Our solution so far, has been this. >> >> [hideif [referrer]~https://secure.domain.co.uk] >> [redirect https://secure.domain.co.uk/private/securedoc.tpl] >> [/hideif] >> >> Now this seems to be working fine, but as you can see, it's not the neatest >> way of doing it. >> >> Any other ideas? >> >> Thanks. >> ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Check if http or https? (Donovan Brooke 2018)
  2. Re: [WebDNA] Check if http or https? (Brian Harrington 2018)
  3. Re: [WebDNA] Check if http or https? (Donovan Brooke 2018)
  4. [WebDNA] Check if http or https? (Noah Valley 2018)
  5. Re: http or https? (Mark Derrick 2001)
  6. Re: http or https? (John Peacock 2001)
  7. Re: http or https? (Mark Derrick 2001)
  8. Re: http or https? (John Hill 2001)
  9. http or https? (Mark Derrick 2001)
  10. Re: Is [thisurl] http or https? (Sandra L. Pitner 1998)
  11. Re: Is [thisurl] http or https? (Kenneth Grome 1998)
  12. Re: Is [thisurl] http or https? (Charles Kefauver 1998)
  13. Re: Is [thisurl] http or https? (Brian B. Burton 1998)
  14. Re: Is [thisurl] http or https? (Kenneth Grome 1998)
  15. Re: Is [thisurl] http or https? (PCS Technical Support 1998)
  16. Is [thisurl] http or https? (Kenneth Grome 1998)
I think you'll find that this is what this code does. (hopefully!)If someone types in a non-https address, because [referrer] then DOES NOT start with https://secure.domain.co.uk, the following [redirect] command is NOT HIDDEN, thus redirecting them to the https version.Hope this makes sense. on 3/8/01 4:52 pm, John Hill at johnh@genericaddress.com wrote:> It's not a bad method. However, to be safe, I'd reverse the logic - redirect > to secure if the header does not contain https. That way you're not reliant on > the referrer being correct and you'll err on the side of redirecting too > often. If someone types the non-ssl url in their browser directly, the > referrer, I think, will be blank, and in your case, not redirect to the secure > page. > > John. > >> This is something I've only found discussed in the archives (by Ken) way >> back in '98, and I am wondering whether a neat solution has been found. >> >> We're trying to ensure that people access the https version of a page, >> rather than the regular http version. >> (this is an admin page which clients MAY type in directly, thus probably >> forgetting to add the https!) >> >> >> Our solution so far, has been this. >> >> [hideif [referrer]~https://secure.domain.co.uk] >> [redirect https://secure.domain.co.uk/private/securedoc.tpl] >> [/hideif] >> >> Now this seems to be working fine, but as you can see, it's not the neatest >> way of doing it. >> >> Any other ideas? >> >> Thanks. >> ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Mark Derrick

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebCat b13 CGI -shownext- (1997) using showpage and showcart commands (1996) RE: Just a thought (1998) Keep away (1997) Text data with spaces in them... (1997) 2.0 Beta (1997) 2nd WebCatalog2 Feature Request (1996) keep W* in front applescript? (1998) Date Formats (1997) Occasional crashes with $remove (1997) [format 40s]text[/format] doesn't work (1997) ConverChars (1999) NT error logs (1997) WebCat2b14MacPlugIn - [include] doesn't hide the search string (1997) [OT] Gateway and Merchant Fees! (2006) emailer error -108 (1997) shell question / Unix guide (2004) Newbie problem blah blah blah (1997) Writefile, Raw & include (2002) Caching pages...again (2001)