You need to sign in to do that
Don't have an account?
Sites (Secure and Not Secure) Visibility
I have created a site, whos sole purpose is to contain three forms for collecting sensative information, that will create a new record in a custom object.
I have other issues that still need to be worked out, but one issue is at the top of the list.
I (more importantly Guest) can access the forms from BOTH the http and https address. Since the collected content is sensative, I would only like the https site to be accessible. in short, how do I disable http access, while maintaining https access to the site.
At present, my only known means of limiting http access, is by not divulging http in any links,email templates, etc. But if someone were to inadvertantly switch to http, then I'm concerned the content provided may not be as secure as we would like, and/or the confidence of the visitor may be deminished.
https://automatedmerchant.force.com/amsapps If you want to take a look. (keep in mind I'm still experimenting with certain items on the pages contained therein, so the pages aren't actually ready for release)
To enforce HTTPS on all Force.com sites pages and allow all IP addresses to access your site, create the following IP ranges: 0.0.0.0 to 255.255.255.255
,
https://na1.salesforce.com/help/doc/en/sites_public_access_settings.htm
On your <apex:form> tag ensure you use forcessl="true" and everytime a user submits a form from your website either over http or https the data will be sent over https and your problem should be avoided. Sensitive data will be encrypted.
Good luck.
Thank you!
Hi Mitch,
Try adding a VF Controller and an action in the Page Definition such as the one given below:
<apex:page controller="reDirectSiteController" action="RedirectToNewSite">
Start by creating a New class with the following code:
public class reDirectSiteController
{
public PageReference RedirectToNewSite()
{
PageReference pg;
if ((Site.getCurrentSiteUrl() != null) && (Site.getCurrentSiteUrl().startsWith('http:')))
{
pg = new PageReference('https://PASTE_THE_SECURE_SITE_LINK_HERE');
pg.setRedirect(true);
}
else
pg = null;
return pg;
}
}
Then change the Visualforce Page.
Note: Make sure the controller is in the list of accessible Apex classes for the Site Profile users.
It should automatically redirect the site to the secure one. Let me know if it helped.