Re: http or https?

This WebDNA talk-list message is from

2001


It keeps the original formatting.
numero = 37608
interpreted = N
texte = I think you'll find that this is what this code does. (hopefully!)If someone types in a non-https address, because [referrer] then DOES NOT start with https://secure.domain.co.uk, the following [redirect] command is NOT HIDDEN, thus redirecting them to the https version.Hope this makes sense. on 3/8/01 4:52 pm, John Hill at johnh@genericaddress.com wrote:> It's not a bad method. However, to be safe, I'd reverse the logic - redirect > to secure if the header does not contain https. That way you're not reliant on > the referrer being correct and you'll err on the side of redirecting too > often. If someone types the non-ssl url in their browser directly, the > referrer, I think, will be blank, and in your case, not redirect to the secure > page. > > John. > >> This is something I've only found discussed in the archives (by Ken) way >> back in '98, and I am wondering whether a neat solution has been found. >> >> We're trying to ensure that people access the https version of a page, >> rather than the regular http version. >> (this is an admin page which clients MAY type in directly, thus probably >> forgetting to add the https!) >> >> >> Our solution so far, has been this. >> >> [hideif [referrer]~https://secure.domain.co.uk] >> [redirect https://secure.domain.co.uk/private/securedoc.tpl] >> [/hideif] >> >> Now this seems to be working fine, but as you can see, it's not the neatest >> way of doing it. >> >> Any other ideas? >> >> Thanks. >> ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Check if http or https? (Donovan Brooke 2018)
  2. Re: [WebDNA] Check if http or https? (Brian Harrington 2018)
  3. Re: [WebDNA] Check if http or https? (Donovan Brooke 2018)
  4. [WebDNA] Check if http or https? (Noah Valley 2018)
  5. Re: http or https? (Mark Derrick 2001)
  6. Re: http or https? (John Peacock 2001)
  7. Re: http or https? (Mark Derrick 2001)
  8. Re: http or https? (John Hill 2001)
  9. http or https? (Mark Derrick 2001)
  10. Re: Is [thisurl] http or https? (Sandra L. Pitner 1998)
  11. Re: Is [thisurl] http or https? (Kenneth Grome 1998)
  12. Re: Is [thisurl] http or https? (Charles Kefauver 1998)
  13. Re: Is [thisurl] http or https? (Brian B. Burton 1998)
  14. Re: Is [thisurl] http or https? (Kenneth Grome 1998)
  15. Re: Is [thisurl] http or https? (PCS Technical Support 1998)
  16. Is [thisurl] http or https? (Kenneth Grome 1998)
I think you'll find that this is what this code does. (hopefully!)If someone types in a non-https address, because [referrer] then DOES NOT start with https://secure.domain.co.uk, the following [redirect] command is NOT HIDDEN, thus redirecting them to the https version.Hope this makes sense. on 3/8/01 4:52 pm, John Hill at johnh@genericaddress.com wrote:> It's not a bad method. However, to be safe, I'd reverse the logic - redirect > to secure if the header does not contain https. That way you're not reliant on > the referrer being correct and you'll err on the side of redirecting too > often. If someone types the non-ssl url in their browser directly, the > referrer, I think, will be blank, and in your case, not redirect to the secure > page. > > John. > >> This is something I've only found discussed in the archives (by Ken) way >> back in '98, and I am wondering whether a neat solution has been found. >> >> We're trying to ensure that people access the https version of a page, >> rather than the regular http version. >> (this is an admin page which clients MAY type in directly, thus probably >> forgetting to add the https!) >> >> >> Our solution so far, has been this. >> >> [hideif [referrer]~https://secure.domain.co.uk] >> [redirect https://secure.domain.co.uk/private/securedoc.tpl] >> [/hideif] >> >> Now this seems to be working fine, but as you can see, it's not the neatest >> way of doing it. >> >> Any other ideas? >> >> Thanks. >> ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Mark Derrick

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Searching multiple fields from one form field (1997) Formating found categories (1997) Mac Lockup Problems (1998) Problems with ^ could be solved with [REPLACE CHARACTERS] (1997) problems with 2 tags shakur (1997) PCS Customer submissions ? (1997) Stopping a [Loop] in mid-stream ... (1997) Hiding HTML and page breaks (1997) Plugin or CGI or both (1997) Paths, relative paths, webstar server setup and security (1997) PIXO support (1997) Document Contains No Data (1998) upgrading (1997) Fun with Dates - any progress? (1997) Duplicates (1998) taxTotal, grandTotal (1997) Include Files (1998) PCS Frames-Default page is solution! (1997) WebCat2 - Getting to the browser's username/password data (1997) 'page impression' techniques for banner ads (1999)