473,574 Members | 2,294 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

redirect http to https

Hi all,
I am trying to set this up using asp code and IIS configuration. But it
seems not working. Here it is the way I am doing.
In IIS I set up a virtual directory with secure communication, I checked
require secure channel, require 128-bit encryption. In custom error, instead
of using default message
HTTP 403.4 - Forbidden: SSL required
Internet Information Services
in iishelp 403.4htm, I am trying to do redirect automatically.
so I have a small code from internet like this in my virtual directory:
redirect.asp
<%If Request.ServerV ariables("SERVE R_PORT")=80 Then
Dim strQUERY_STRING
Dim strSecureURL
Dim strWork

' Get server variables
strQUERY_STRING = Request.ServerV ariables("QUERY _STRING")

' Fix the query string:
strWork = Replace(strQUER Y_STRING,"http" ,"https")
strWork = Replace(strWork ,"403;","")

' Now, set the new, secure URL:
strSecureURL = strWork
'response.write (strSecureURL) ' uncomment for sanity check.
Response.Redire ct strSecureURL
End If %>
But it seems not working, it only have a message like this:

With custom error set up URL to /myvirtualdirect ory/redrect.asp
I got this error message:
Secure Channel Required
This Virtual Directory requires a browser that supports the configured
encryption options.

If I set up custom error file to redirect.asp, this file will be displayed,
it seems this points to the right place, it just somehow didn't executed.
can you give me a clue?
Thank you.
Betty
May 25 '07 #1
7 13436

"c676228" <be****@communi ty.nospamwrote in message
news:49******** *************** ***********@mic rosoft.com...
Hi all,
I am trying to set this up using asp code and IIS configuration. But it
seems not working. Here it is the way I am doing.
In IIS I set up a virtual directory with secure communication, I checked
require secure channel, require 128-bit encryption. In custom error,
instead
of using default message
HTTP 403.4 - Forbidden: SSL required
Internet Information Services
in iishelp 403.4htm, I am trying to do redirect automatically.
By setting it to require SSL you have precluded it from accepting non-secure
requests, which I believe will prevent IIS from acting on a server-side
redirect. You might be able to make it happen on the client side, by
generating a page with a refresh meta-header, or client script. If not, you
will need to setup two virtual servers, one for HTTPS and the other for
HTTP, using the same IP or domain name (if using host headers.)

-Mark

so I have a small code from internet like this in my virtual directory:
redirect.asp
<%If Request.ServerV ariables("SERVE R_PORT")=80 Then
Dim strQUERY_STRING
Dim strSecureURL
Dim strWork

' Get server variables
strQUERY_STRING = Request.ServerV ariables("QUERY _STRING")

' Fix the query string:
strWork = Replace(strQUER Y_STRING,"http" ,"https")
strWork = Replace(strWork ,"403;","")

' Now, set the new, secure URL:
strSecureURL = strWork
'response.write (strSecureURL) ' uncomment for sanity check.
Response.Redire ct strSecureURL
End If %>
But it seems not working, it only have a message like this:

With custom error set up URL to /myvirtualdirect ory/redrect.asp
I got this error message:
Secure Channel Required
This Virtual Directory requires a browser that supports the configured
encryption options.

If I set up custom error file to redirect.asp, this file will be
displayed,
it seems this points to the right place, it just somehow didn't executed.
can you give me a clue?
Thank you.
Betty

May 26 '07 #2
Mark J. McGinty wrote on 26 mei 2007 in
microsoft.publi c.inetserver.as p.general:
By setting it to require SSL you have precluded it from accepting
non-secure requests, which I believe will prevent IIS from acting on a
server-side redirect. You might be able to make it happen on the
client side, by generating a page with a refresh meta-header, or
client script. If not, you will need to setup two virtual servers,
one for HTTPS and the other for HTTP, using the same IP or domain name
(if using host headers.)
request.redirec t invokes a clientside action,
I believe by sending an appropriate header.
>With custom error set up URL to /myvirtualdirect ory/redrect.asp
I got this error message:
Secure Channel Required
This Virtual Directory requires a browser that supports the configured
encryption options.
It seems the [which?] browser does not like that header.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
May 26 '07 #3

"Evertjan." <ex************ **@interxnl.net wrote in message
news:Xn******** ************@19 4.109.133.242.. .
Mark J. McGinty wrote on 26 mei 2007 in
microsoft.publi c.inetserver.as p.general:
>By setting it to require SSL you have precluded it from accepting
non-secure requests, which I believe will prevent IIS from acting on a
server-side redirect. You might be able to make it happen on the
client side, by generating a page with a refresh meta-header, or
client script. If not, you will need to setup two virtual servers,
one for HTTPS and the other for HTTP, using the same IP or domain name
(if using host headers.)

request.redirec t invokes a clientside action,
I believe by sending an appropriate header.
Yes the client acts on it, but status 302 is generated by the server (as
opposed to being part of served content) which may well be why this status
is commonly referred to as a server redirect. My assumption, based on
observation, is that IIS declines to perform the server-side scripted
redirect because of security issues raised by the initial request. (IOW, I
have seen that what the OP is trying to do, doesn't work; since the exact
reason isn't documented, and MS has declined to share IIS sources with me,
I'm left with only my assumptions.)
>>With custom error set up URL to /myvirtualdirect ory/redrect.asp
I got this error message:
Secure Channel Required
This Virtual Directory requires a browser that supports the configured
encryption options.

It seems the [which?] browser does not like that header.
As if all IIS default error messages are perfectly accurate, fully descript,
and entirely based upon fact? IE is clearly thus capable, yet this error is
displayed by it as easily as by whatever sleazy niche browsers might be out
there that do not support SSL.

If you consider end-user level error messages to be empiracle... hmm... you
wouldn't happen to be interested in buying vacation property in the Florida
Everglades?
-Mark
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

May 26 '07 #4
Hi Mark and Evertjan,
Thanks for the replies. Here is another way I got from the internet.
It is not working in IIS5.0:

Create one HTML page[say Redirectssl.htm] with Folowing Javascript code :
<SCRIPT type=text/javascript>
<!--
if (location.proto col != 'https:')
{
window.location = 'https://'+ location.host + location.pathna me +
location.search ;
//alert(location. host + location.pathna me + location.search ); Just for
sanity check

}
// -->
</SCRIPT>
Just Save this page in root directory of WebSite & Follow the steps :
1)Replac the 403.4[Message type be FILE] in IIS 6 with a Redirectssl.htm
file that contains the above Javascript.
2)Save changes & Restart IIS admin[not mandatory]
But it is not working for me? can you help? t
--
Betty
"Mark J. McGinty" wrote:
>
"Evertjan." <ex************ **@interxnl.net wrote in message
news:Xn******** ************@19 4.109.133.242.. .
Mark J. McGinty wrote on 26 mei 2007 in
microsoft.publi c.inetserver.as p.general:
By setting it to require SSL you have precluded it from accepting
non-secure requests, which I believe will prevent IIS from acting on a
server-side redirect. You might be able to make it happen on the
client side, by generating a page with a refresh meta-header, or
client script. If not, you will need to setup two virtual servers,
one for HTTPS and the other for HTTP, using the same IP or domain name
(if using host headers.)
request.redirec t invokes a clientside action,
I believe by sending an appropriate header.

Yes the client acts on it, but status 302 is generated by the server (as
opposed to being part of served content) which may well be why this status
is commonly referred to as a server redirect. My assumption, based on
observation, is that IIS declines to perform the server-side scripted
redirect because of security issues raised by the initial request. (IOW, I
have seen that what the OP is trying to do, doesn't work; since the exact
reason isn't documented, and MS has declined to share IIS sources with me,
I'm left with only my assumptions.)
>With custom error set up URL to /myvirtualdirect ory/redrect.asp
I got this error message:
Secure Channel Required
This Virtual Directory requires a browser that supports the configured
encryption options.
It seems the [which?] browser does not like that header.

As if all IIS default error messages are perfectly accurate, fully descript,
and entirely based upon fact? IE is clearly thus capable, yet this error is
displayed by it as easily as by whatever sleazy niche browsers might be out
there that do not support SSL.

If you consider end-user level error messages to be empiracle... hmm... you
wouldn't happen to be interested in buying vacation property in the Florida
Everglades?
-Mark
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)


Jun 7 '07 #5

"c676228" <be****@communi ty.nospamwrote in message
news:C0******** *************** ***********@mic rosoft.com...
Hi Mark and Evertjan,
Thanks for the replies. Here is another way I got from the internet.
It is not working in IIS5.0:

Create one HTML page[say Redirectssl.htm] with Folowing Javascript code :
<SCRIPT type=text/javascript>
<!--
if (location.proto col != 'https:')
{
window.location = 'https://'+ location.host + location.pathna me +
location.search ;
//alert(location. host + location.pathna me + location.search ); Just for
sanity check

}
// -->
</SCRIPT>
Just Save this page in root directory of WebSite & Follow the steps :
1)Replac the 403.4[Message type be FILE] in IIS 6 with a Redirectssl.htm
file that contains the above Javascript.
2)Save changes & Restart IIS admin[not mandatory]
But it is not working for me? can you help? t
Define "not working for me."
-Mark
--
Betty
"Mark J. McGinty" wrote:
>>
"Evertjan." <ex************ **@interxnl.net wrote in message
news:Xn******* *************@1 94.109.133.242. ..
Mark J. McGinty wrote on 26 mei 2007 in
microsoft.publi c.inetserver.as p.general:

By setting it to require SSL you have precluded it from accepting
non-secure requests, which I believe will prevent IIS from acting on a
server-side redirect. You might be able to make it happen on the
client side, by generating a page with a refresh meta-header, or
client script. If not, you will need to setup two virtual servers,
one for HTTPS and the other for HTTP, using the same IP or domain name
(if using host headers.)

request.redirec t invokes a clientside action,
I believe by sending an appropriate header.

Yes the client acts on it, but status 302 is generated by the server (as
opposed to being part of served content) which may well be why this
status
is commonly referred to as a server redirect. My assumption, based on
observation, is that IIS declines to perform the server-side scripted
redirect because of security issues raised by the initial request. (IOW,
I
have seen that what the OP is trying to do, doesn't work; since the exact
reason isn't documented, and MS has declined to share IIS sources with
me,
I'm left with only my assumptions.)
>>With custom error set up URL to /myvirtualdirect ory/redrect.asp
I got this error message:
Secure Channel Required
This Virtual Directory requires a browser that supports the
configured
encryption options.

It seems the [which?] browser does not like that header.

As if all IIS default error messages are perfectly accurate, fully
descript,
and entirely based upon fact? IE is clearly thus capable, yet this error
is
displayed by it as easily as by whatever sleazy niche browsers might be
out
there that do not support SSL.

If you consider end-user level error messages to be empiracle... hmm...
you
wouldn't happen to be interested in buying vacation property in the
Florida
Everglades?
-Mark
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)



Jun 7 '07 #6
Hi Mark,
Not working, meaning when I entered http://xxxx.com, it didn't do anything
and not redirect to https://, just stay as http:// protocol.

I finally figure out to do this way on serverside:
If Request.ServerV ariables("HTTPS ") = "off" Then
Response.Redire ct "https://" & Request.ServerV ariables("HTTP_ HOST") &
Request.ServerV ariables("URL") & "?"
&Request.Server Variables("QUER Y_STRING")End If

But I am not sure if this is dependable.
--
Betty
"Mark J. McGinty" wrote:
>
"c676228" <be****@communi ty.nospamwrote in message
news:C0******** *************** ***********@mic rosoft.com...
Hi Mark and Evertjan,
Thanks for the replies. Here is another way I got from the internet.
It is not working in IIS5.0:

Create one HTML page[say Redirectssl.htm] with Folowing Javascript code :
<SCRIPT type=text/javascript>
<!--
if (location.proto col != 'https:')
{
window.location = 'https://'+ location.host + location.pathna me +
location.search ;
//alert(location. host + location.pathna me + location.search ); Just for
sanity check

}
// -->
</SCRIPT>
Just Save this page in root directory of WebSite & Follow the steps :
1)Replac the 403.4[Message type be FILE] in IIS 6 with a Redirectssl.htm
file that contains the above Javascript.
2)Save changes & Restart IIS admin[not mandatory]
But it is not working for me? can you help? t

Define "not working for me."
-Mark
--
Betty
"Mark J. McGinty" wrote:
>
"Evertjan." <ex************ **@interxnl.net wrote in message
news:Xn******** ************@19 4.109.133.242.. .
Mark J. McGinty wrote on 26 mei 2007 in
microsoft.publi c.inetserver.as p.general:

By setting it to require SSL you have precluded it from accepting
non-secure requests, which I believe will prevent IIS from acting on a
server-side redirect. You might be able to make it happen on the
client side, by generating a page with a refresh meta-header, or
client script. If not, you will need to setup two virtual servers,
one for HTTPS and the other for HTTP, using the same IP or domain name
(if using host headers.)

request.redirec t invokes a clientside action,
I believe by sending an appropriate header.

Yes the client acts on it, but status 302 is generated by the server (as
opposed to being part of served content) which may well be why this
status
is commonly referred to as a server redirect. My assumption, based on
observation, is that IIS declines to perform the server-side scripted
redirect because of security issues raised by the initial request. (IOW,
I
have seen that what the OP is trying to do, doesn't work; since the exact
reason isn't documented, and MS has declined to share IIS sources with
me,
I'm left with only my assumptions.)

With custom error set up URL to /myvirtualdirect ory/redrect.asp
I got this error message:
Secure Channel Required
This Virtual Directory requires a browser that supports the
configured
encryption options.

It seems the [which?] browser does not like that header.

As if all IIS default error messages are perfectly accurate, fully
descript,
and entirely based upon fact? IE is clearly thus capable, yet this error
is
displayed by it as easily as by whatever sleazy niche browsers might be
out
there that do not support SSL.

If you consider end-user level error messages to be empiracle... hmm...
you
wouldn't happen to be interested in buying vacation property in the
Florida
Everglades?
-Mark

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)


Jun 7 '07 #7

"c676228" <be****@communi ty.nospamwrote in message
news:9D******** *************** ***********@mic rosoft.com...
Hi Mark,
Not working, meaning when I entered http://xxxx.com, it didn't do anything
and not redirect to https://, just stay as http:// protocol.
What was the content of the error page you were left on? Did you view
source? Did a script error occur, or did an error file other than the one
you expected get sent down from the server? My first-line reality check
would've been to make the error page content visibly different (in addition
to the added script.)
I finally figure out to do this way on serverside:
If Request.ServerV ariables("HTTPS ") = "off" Then
Response.Redire ct "https://" & Request.ServerV ariables("HTTP_ HOST") &
Request.ServerV ariables("URL") & "?"
&Request.Server Variables("QUER Y_STRING")End If

But I am not sure if this is dependable.
Is that not exactly where we started this thread? Oh, I see, you're using a
different server variable...

As far as dependability goes, I usually like to find out what was wrong with
the things that didn't work, as understanding failure can be key to
understanding success.

Just to be on the safe side, I'd make the content of that error page a
little friendlier than the default one that comes with the server. If you
include a link to the site on it, worst case if it fails is the user will
have to click the link -- if you tack on a easily recognizable and
adequately unique [do-nothing] parameter, you can even monitor how often the
link is used, by scanning the server logs.

-Mark
Betty
"Mark J. McGinty" wrote:
>>
"c676228" <be****@communi ty.nospamwrote in message
news:C0******* *************** ************@mi crosoft.com...
Hi Mark and Evertjan,
Thanks for the replies. Here is another way I got from the internet.
It is not working in IIS5.0:

Create one HTML page[say Redirectssl.htm] with Folowing Javascript code
:
<SCRIPT type=text/javascript>
<!--
if (location.proto col != 'https:')
{
window.location = 'https://'+ location.host + location.pathna me +
location.search ;
//alert(location. host + location.pathna me + location.search ); Just for
sanity check

}
// -->
</SCRIPT>
Just Save this page in root directory of WebSite & Follow the steps :
1)Replac the 403.4[Message type be FILE] in IIS 6 with a
Redirectssl.htm
file that contains the above Javascript.
2)Save changes & Restart IIS admin[not mandatory]
But it is not working for me? can you help? t

Define "not working for me."
-Mark
--
Betty
"Mark J. McGinty" wrote:
"Evertjan." <ex************ **@interxnl.net wrote in message
news:Xn******* *************@1 94.109.133.242. ..
Mark J. McGinty wrote on 26 mei 2007 in
microsoft.publi c.inetserver.as p.general:

By setting it to require SSL you have precluded it from accepting
non-secure requests, which I believe will prevent IIS from acting
on a
server-side redirect. You might be able to make it happen on the
client side, by generating a page with a refresh meta-header, or
client script. If not, you will need to setup two virtual servers,
one for HTTPS and the other for HTTP, using the same IP or domain
name
(if using host headers.)

request.redirec t invokes a clientside action,
I believe by sending an appropriate header.

Yes the client acts on it, but status 302 is generated by the server
(as
opposed to being part of served content) which may well be why this
status
is commonly referred to as a server redirect. My assumption, based on
observation, is that IIS declines to perform the server-side scripted
redirect because of security issues raised by the initial request.
(IOW,
I
have seen that what the OP is trying to do, doesn't work; since the
exact
reason isn't documented, and MS has declined to share IIS sources with
me,
I'm left with only my assumptions.)

With custom error set up URL to /myvirtualdirect ory/redrect.asp
I got this error message:
Secure Channel Required
This Virtual Directory requires a browser that supports the
configured
encryption options.

It seems the [which?] browser does not like that header.

As if all IIS default error messages are perfectly accurate, fully
descript,
and entirely based upon fact? IE is clearly thus capable, yet this
error
is
displayed by it as easily as by whatever sleazy niche browsers might
be
out
there that do not support SSL.

If you consider end-user level error messages to be empiracle...
hmm...
you
wouldn't happen to be interested in buying vacation property in the
Florida
Everglades?
-Mark

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)



Jun 10 '07 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
89860
by: Bob Hansen | last post by:
I am using the following code in my default.asp page to redirect the page from HTTP to HTTPS <% if Request.ServerVariables("HTTPS") = "off" Then Response.Redirect("https://" & Request.ServerVariables("HTTP_HOST") & Request.ServerVariables("URL"))
2
7789
by: Robert Gordon | last post by:
I now realize I probably should have tried posting this on the IIS board first.. I am running OWA 2003 Server as Front End server to my Exchange 2000 native domain. The FE server is secured by a 128 bit SSL cert. The OWA 2003 server is running on Windows 2003 server in a Windows 2003 native AD domain. At present, the server is...
5
4015
by: Larry Woods | last post by:
I am losing Session variables, but only those that are set in the page previous to a redirect to a secure page. Anyone seen ANY situation where Session variables just "disappear?" Note that OTHER session variables are still intact !?! TIA, Larry Woods
3
14030
by: Pooja Renukdas | last post by:
Hello, I have this web site where only two pages have to be secure pages and I need to call them using https, but since I have my development server and my production web server, I dont want to enter the absolute url like response.redirect("https://myProductionServer.com/SecurePage.aspx"), because when Im working in the development server...
5
3608
by: Dabbler | last post by:
I'm sending users to a secure page https to fill out a registration form. When they're done I show a thank you page. I need to return the user to http mode after filling out the form. If I use response.redirect I get a security warning when transitioning from https to http. Is there an accepted way to avoid having the user see this? ...
2
4111
by: Sergej Prokoviev | last post by:
We are running our site at www.waynesavings.com on secure hosting (Server 2003, IIS). We are using a custom 403.4 error page (called 403_4.asp, located under root) to redirect all users to https if they come in on http. The site is also using an instant refresh on the index.htm page under root to www.waynesavings.com/aboutus/home.htm due to...
8
5132
by: howa | last post by:
a page currently in HTTPS, I force the client to redirect to another page using HTTP under the same domain (e.g. abc.com), i.e. header("Location: http://www.abc.com/index.php"); IE successfully redirect to HTTP, but FF & Opera stay on the HTTPS any suggestions?
0
4342
by: Raven | last post by:
Hi, I have a problem with a server side redirect from a secure page to a non-secure page (same domain name, same folder) I have added some test code that can display the target URL and that containt http:// and yet it redirects to https:// example: I am on
1
4101
by: jdwfly | last post by:
Just before I go an tell my sys admin that the server has problems I wanted to run this by everyone on here. Basically we have a few pages that need to be sent over https. Everything I have found on the internet resulted in this code If (Request.ServerVariables("HTTPS") = "off") Then srvname = Request.ServerVariables("SERVER_NAME")...
0
7741
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
8259
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7838
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
6491
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
1
5637
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
5328
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3763
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3781
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1362
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.