Ernst has just posted his code for an ssl interceptor he just created. It looks awesome so take a look for yourself.
Blog
Recent Entries
Introducing the BoxLang Spring Boot Starter: Dynamic JVM Templating for Spring
Spring Boot developers know the pain of evaluating view technologies. Thymeleaf is great — until you need more expressiveness. FreeMarker is powerful — until the syntax fights you. What if you could write templates in a dynamic JVM language that gives you the full power of the platform, feels natural, and requires zero setup to integrate?
Meet the BoxLang Spring Boot Starter.
Luis Majano
Luis Majano
March
13,
2026
.svg)
Why Swiss Banks Are Modernizing CFML Platforms Without Rewrites
The growing need to evolve legacy financial platforms safely
Many Swiss banks and financial institutions still operate important systems built on ColdFusion and CFML platforms.
These systems manage a wide range of functions, including:
- internal banking workflows
- reporting systems
- client portals
- data integration platforms
- compliance and risk management tools
In many cases, thes...
Cristobal Escobar
Cristobal Escobar
March
13,
2026
Reactive vs Proactive ColdFusion Support: Why Waiting for an Outage Is the Most Expensive Strategy
Many ColdFusion environments operate in a reactive mode without realizing it.
Everything seems fine… until something breaks.
A server crashes.
Performance drops suddenly.
An integration stops working.
A security audit reveals missing patches.
At that point the response is urgent:
“Can someone help us fix this now?”
Emergency support is sometimes unavoidable. But when reactive intervention becomes the norm, it usually means something deep...
Cristobal Escobar
Cristobal Escobar
March
12,
2026
Add Your Comment
(4)
Jan 19, 2008 23:50:35 UTC
by Rob Gonda
It's missing some functionality ... how does it know which event has to be secured? It should secure only specific events, and force unsecured requests for the rest. something like if not isSsl and requireSll then cflocate to https if isSsl and not requireSll then cflocate to http
Jan 19, 2008 23:54:53 UTC
by Luis Majano
That is up to Ernst, but I think its a good start.
Jan 21, 2008 16:01:48 UTC
by Ernst van der Linden
Rob you're right. We could implement that. Just make a list of allowed events without SSL as a property in interceptor xml definition and then check with event.getCurrentEvent() if we need SSL.
I will take a look and keep you informed.
Jan 21, 2008 17:47:57 UTC
by Ernst van der Linden
Rob, I made in new blog entry. The SSL interceptor now supports SSL for specific events. Comments are welcome!