+ Start a Discussion
Mitch_AMSMitch_AMS 

Sites (Secure and Not Secure) Visibility

I have created a site, whos sole purpose is to contain three forms for collecting sensative information, that will create a new record in a custom object.

 

I have other issues that still need to be worked out, but one issue is at the top of the list. 

 

I (more importantly Guest) can access the forms from BOTH the http and https address.  Since the collected content is sensative, I would only like the https site to be accessible. in short, how do I disable http access, while maintaining https access to the site.

 

At present, my only known means of limiting http access, is by not divulging http in any links,email templates, etc.  But if someone were to inadvertantly switch to http, then I'm concerned the content provided may not be as secure as we would like, and/or the confidence of the visitor may be deminished.

 

https://automatedmerchant.force.com/amsapps  If you want to take a look. (keep in mind I'm still experimenting with certain items on the pages contained therein, so the pages aren't actually ready for release)

Ryan-GuestRyan-Guest

To enforce HTTPS on all Force.com sites pages and allow all IP addresses to access your site, create the following IP ranges: 0.0.0.0 to 255.255.255.255

,

 

https://na1.salesforce.com/help/doc/en/sites_public_access_settings.htm

mikefitzmikefitz

On your <apex:form> tag ensure you use forcessl="true" and everytime a user submits a form from your website either over http or https the data will be sent over https and your problem should be avoided. Sensitive data will be encrypted.

 

 

Good luck.

Mitch_AMSMitch_AMS

Thank you!

HarpreetHarpreet

Hi Mitch,

 

Try adding a VF Controller and an action in the Page Definition  such as the one given below:

 

<apex:page controller="reDirectSiteController" action="RedirectToNewSite">

 

Start by creating a New class with the following code:

 

public class reDirectSiteController
{
    public PageReference RedirectToNewSite()
    {
    
       PageReference pg;
       if ((Site.getCurrentSiteUrl() != null) && (Site.getCurrentSiteUrl().startsWith('http:')))
       {
          pg = new PageReference('https://PASTE_THE_SECURE_SITE_LINK_HERE');
          pg.setRedirect(true);
       }
       else
       pg = null;
       
       return pg;
    }
}

 

Then change the Visualforce Page.

Note: Make sure the controller is in the list of accessible Apex classes for the Site Profile users.

 

It should automatically redirect the site to the secure one. Let me know if it helped.