469,623 Members | 1,831 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,623 developers. It's quick & easy.

force web root into https; redirect issues

We are running our site at www.waynesavings.com on secure hosting
(Server 2003, IIS). We are using a custom 403.4 error page (called
403_4.asp, located under root) to redirect all users to https if they
come in on http. The site is also using an instant refresh on the
index.htm page under root to www.waynesavings.com/aboutus/home.htm due
to issues with the javascript menus used on the site.

The code we're using on the custom 403 page is this:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<%

If UCase(Request.ServerVariables("HTTPS")) = "OFF" Then
'''get page
sRedirect = "https://" & Request.ServerVariables("SERVER_NAME") &
Request.ServerVariables("PATH_INFO") & Request.Querystring
Response.Redirect sRedirect
End If

%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
</body>
</html>

It does the job just fine. However, if somebody has bookmarked a
non-secure page (e.g. http://www.waynesavings.com/rates/index.htm), it
will redirect the user NOT to the equivalent https page, but to the
secure home page instead.

Any input? If I can't get this solved, we'll just turn something bad
into something good and encourage people to rebookmark the respective
pages, but the perfectionist in me would like to see this solved.

Thanks!

Aug 22 '06 #1
2 3922
Your custom 404 is causing it. Look at what happens when you go here:

http://www.waynesavings.com/kjaskjfl...jn3r.hhasjdhfk

Ray at work


"Sergej Prokoviev" <pe*************@hotmail.comwrote in message
news:11*********************@b28g2000cwb.googlegro ups.com...
</html>

It does the job just fine. However, if somebody has bookmarked a
non-secure page (e.g. http://www.waynesavings.com/rates/index.htm), it
will redirect the user NOT to the equivalent https page, but to the
secure home page instead.

Aug 23 '06 #2
Thanks for the tip! I did look into it, and I think what's happening is
that the custom 403 gets called before the custom 404, so you get the
home page when you type in a non-existing http page. When you are in
https mode, the 404 is called as it should.

I've looked all over for the right code for this redirect, and it seems
that everybody is asking the question, but nobody seems to have the
(full) answer. The 403 does redirect, just not the right way. I think
it ignores the path and just redirects to root, which is promptly
refreshed to ../aboutus/home.htm.

Any thoughts?

Ray Costanzo [MVP] wrote:
Your custom 404 is causing it. Look at what happens when you go here:

http://www.waynesavings.com/kjaskjfl...jn3r.hhasjdhfk

Ray at work


"Sergej Prokoviev" <pe*************@hotmail.comwrote in message
news:11*********************@b28g2000cwb.googlegro ups.com...
</html>

It does the job just fine. However, if somebody has bookmarked a
non-secure page (e.g. http://www.waynesavings.com/rates/index.htm), it
will redirect the user NOT to the equivalent https page, but to the
secure home page instead.
Aug 23 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

5 posts views Thread by Bob Hansen | last post: by
reply views Thread by Dmitry Akselrod | last post: by
3 posts views Thread by Marlon | last post: by
4 posts views Thread by Jens Jensen | last post: by
7 posts views Thread by =?Utf-8?B?YzY3NjIyOA==?= | last post: by
8 posts views Thread by howa | last post: by
reply views Thread by devrayhaan | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.