Normally when I want to force traffic to use SSL on a ColdFusion application, I will set up the redirect in the web server (Apache/IIS) configuration. However, there are occasions where I have not had access to modify the web servers configuration. In these cases I will place this snippet at the beginning of the onRequest() function of Application.cfc:
On apps still using Application.cfm and/or tag based syntax, I will do use this:
Note that the check on cgi.server_name is not strictly necessary. I just use that so that the code does not attempt to reirect HTTP traffic on my localhost.