function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Sites (Secure and Not Secure) Visibility

I have created a site, whos sole purpose is to contain three forms for collecting sensative information, that will create a new record in a custom object.


I have other issues that still need to be worked out, but one issue is at the top of the list. 


I (more importantly Guest) can access the forms from BOTH the http and https address.  Since the collected content is sensative, I would only like the https site to be accessible. in short, how do I disable http access, while maintaining https access to the site.


At present, my only known means of limiting http access, is by not divulging http in any links,email templates, etc.  But if someone were to inadvertantly switch to http, then I'm concerned the content provided may not be as secure as we would like, and/or the confidence of the visitor may be deminished.  If you want to take a look. (keep in mind I'm still experimenting with certain items on the pages contained therein, so the pages aren't actually ready for release)


To enforce HTTPS on all sites pages and allow all IP addresses to access your site, create the following IP ranges: to



On your <apex:form> tag ensure you use forcessl="true" and everytime a user submits a form from your website either over http or https the data will be sent over https and your problem should be avoided. Sensitive data will be encrypted.



Good luck.


Thank you!


Hi Mitch,


Try adding a VF Controller and an action in the Page Definition  such as the one given below:


<apex:page controller="reDirectSiteController" action="RedirectToNewSite">


Start by creating a New class with the following code:


public class reDirectSiteController
    public PageReference RedirectToNewSite()
       PageReference pg;
       if ((Site.getCurrentSiteUrl() != null) && (Site.getCurrentSiteUrl().startsWith('http:')))
          pg = new PageReference('https://PASTE_THE_SECURE_SITE_LINK_HERE');
       pg = null;
       return pg;


Then change the Visualforce Page.

Note: Make sure the controller is in the list of accessible Apex classes for the Site Profile users.


It should automatically redirect the site to the secure one. Let me know if it helped.