Secure web page settings – Konica Minolta Digital StoreFront User Manual

Platform Settings

117

Secure Web Page Settings

The settings on this page will help you enforce access through SSL (https://) for certain pages or for all
pages in the web site by redirecting the browser from non-secure http:// requests to the corresponding
https:// resources.

You need use the functionality on this page only when you must enforce usage of https:// protocol
either for the whole site or a part of it.

Nearly all web pages in Digital StoreFront have a query string with data being passed from page

to page. Typically, this includes a brief name of the exact page as well as various identifiers, such as file
IDs or order IDs. For instance, one may see this URL when previewing a file:

http://computername/[site abbreviation]/Default.aspx?Content=PreviewFile&FileId=506

It is quite easy to copy one of these URLs, change the identifiers, and then view data that is not your
own. One way to make this much less obvious is to encrypt the part that specifies the exact page and
the identifiers, known as the query string. This way, the URL looks something like this:

http://computername/[site abbreviation]/Default.aspx?b4o5OcEi51ETk31gh9cbzz6jPI3QHkU5

If the encrypted part is modified, the string will not make sense to the system and the home page will
be shown instead. URL encryption for your site is governed by settings on the Secure Web Pages page.
Complete these steps to activate URL encryption for your site.

Overview of HTTPS Setup for Digital StoreFront

The UI is divided into three sections—configurations, files, and directories:

•

Configurations: allows the site admin to maintain multiple https redirection schemes and designate
the one the site is currently using.

While all configurations are displayed on this page, only one is active at any one time (the

one that has "Default" set to "Yes"). The main goal of having multiple configurations is to facilitate
testing, either by the site administrator or technical support. A use case is that a site may be
considering changes to their security settings. They can supply all of the settings in advance and
only put the system into "test mode" briefly before reverting back. Another scenario is that
technical support may be trying to troubleshoot an issue with the site and may want to
temporarily turn off the use of HTTPS to rule this out as the cause of a problem. They may add a
new configuration with HTTPS disabled, briefly switch to this, perform tests, and, after the
problem is isolated and solved, switch immediately back to the customer's HTTPS configuration
without losing any of the prior settings.

•

Files: for the selected configuration specifies the redirection setting for individual resources (e.g.
“login.aspx”, “*.asmx”, etc.).

•

Directories: for the selected configuration specifies the redirection settings for the content of
virtual directories (folders) on the web site (e.g. “/” – for the site root folder, “admin”,
“WebServices”, etc.). These settings affect all the resources in the specified folder.