Tech Tip: How to skip over HTTP and redirect to HTTPS
PRODUCT: 4D | VERSION: 11.4 | PLATFORM: Mac & Win
Published On: May 7, 2009
Some people may find it necessary to ensure that all web requests to their database are secured; although there is no built in mechanism of doing this in 4D, there are a number of ways to accomplish this. Some approaches may include:
- Trapping the request by use of a web decoy folder
- Using Apache as a proxy
- Using a web application firewall
One such approach for this would be to use a web decoy folder in order to trap all requests in the "On Web Connection" database method. This means storing your HTML files in a folder other than what is selected in the 4D Preferences. In addition to that, the folder that is selected in 4D Preferences should be empty (making all URL calls invalid thus invoking the "On Web Connection" database method for each request).
The following image depicts the layout of the web folder:
Then, in the "On Web Connection" database method, you can check each request to see if it is a secure connection, if it is not a secure connection you can redirect the request. If it is a secure connection, you would then want handle the requet. One approach may be to:
- Test the path to see if a file exists at the location being requested
- If the file exists you would return it with SEND HTML FILE
- if it does not exist you would handle the 404 error
- If the file exists you would return it with SEND HTML FILE
The following code demonstrates this approach:
` ` Database method: On Web Connection ` C_TEXT($1;$2;$3;$4;$5;$6) C_TEXT(WebFolder_t;requestedFile_t) WebFolder_t:=Get 4D folder(Database Folder )+"web" ` This is the actual root folder for your html files ` I used a folder named "web" placed next to the structure ` NOTE: this folder must be different than what is selected ` as the HTML Root Folder in the Preferences, also the HTML ` Root Folder (from preferences) should be empty requestedFile_t:=WebFolder_t+(Replace string($1;"/";"\\")) ` This the path to the document being requested on the local file system ` NOTE: the "Replace string" command above is replacing ` the path delimiter for Windows, Macintosh should use : instead of \\ If (Secured Web connection) ` already secure connection If ((Test path name(requestedFile_t)=1)) ` A file exists at the location requestedFile_t refers to ` ` NOTE: ` if you wanted to, you can do additional checks on the file ` or path to filter out unwanted strings/urls in this section of code. ` ` For this example, i am just sending the file if it exists  C_BLOB(theBlob)  DOCUMENT TO BLOB(requestedFile_t;theBlob)  SEND HTML BLOB(theBlob;"text/html") ` file exists so send it Else ` file does not exist at the location (could be a folder) SEND HTML TEXT("404") ` Handle the 404 error ` NOTE: you can handle the 404 differently, this is just a quick example. End if Else ` not a secure connection SEND HTTP REDIRECT("https://localhost"+$1) ` Redirect to the secure site ` NOTE: for this example i used localhost (don't forget to change this) End if |
See Also:
Commented by Timothy Penner on July 16, 2009 at 6:06 PM
If you need to send non-html files please check out the following wrapper to SEND HTML BLOB: http://kb.4d.com/search/assetid=75828
Commented by Atanas Atanassov on June 24, 2009 at 9:06 AM
There is a more information in Part Two of this Technical tip at: http://kb.4d.com/search/assetid=75753