473,287 Members | 3,319 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,287 software developers and data experts.

redirect http to https

Hi all,
I am trying to set this up using asp code and IIS configuration. But it
seems not working. Here it is the way I am doing.
In IIS I set up a virtual directory with secure communication, I checked
require secure channel, require 128-bit encryption. In custom error, instead
of using default message
HTTP 403.4 - Forbidden: SSL required
Internet Information Services
in iishelp 403.4htm, I am trying to do redirect automatically.
so I have a small code from internet like this in my virtual directory:
redirect.asp
<%If Request.ServerVariables("SERVER_PORT")=80 Then
Dim strQUERY_STRING
Dim strSecureURL
Dim strWork

' Get server variables
strQUERY_STRING = Request.ServerVariables("QUERY_STRING")

' Fix the query string:
strWork = Replace(strQUERY_STRING,"http","https")
strWork = Replace(strWork,"403;","")

' Now, set the new, secure URL:
strSecureURL = strWork
'response.write(strSecureURL) ' uncomment for sanity check.
Response.Redirect strSecureURL
End If %>
But it seems not working, it only have a message like this:

With custom error set up URL to /myvirtualdirectory/redrect.asp
I got this error message:
Secure Channel Required
This Virtual Directory requires a browser that supports the configured
encryption options.

If I set up custom error file to redirect.asp, this file will be displayed,
it seems this points to the right place, it just somehow didn't executed.
can you give me a clue?
Thank you.
Betty
May 25 '07 #1
7 13299

"c676228" <be****@community.nospamwrote in message
news:49**********************************@microsof t.com...
Hi all,
I am trying to set this up using asp code and IIS configuration. But it
seems not working. Here it is the way I am doing.
In IIS I set up a virtual directory with secure communication, I checked
require secure channel, require 128-bit encryption. In custom error,
instead
of using default message
HTTP 403.4 - Forbidden: SSL required
Internet Information Services
in iishelp 403.4htm, I am trying to do redirect automatically.
By setting it to require SSL you have precluded it from accepting non-secure
requests, which I believe will prevent IIS from acting on a server-side
redirect. You might be able to make it happen on the client side, by
generating a page with a refresh meta-header, or client script. If not, you
will need to setup two virtual servers, one for HTTPS and the other for
HTTP, using the same IP or domain name (if using host headers.)

-Mark

so I have a small code from internet like this in my virtual directory:
redirect.asp
<%If Request.ServerVariables("SERVER_PORT")=80 Then
Dim strQUERY_STRING
Dim strSecureURL
Dim strWork

' Get server variables
strQUERY_STRING = Request.ServerVariables("QUERY_STRING")

' Fix the query string:
strWork = Replace(strQUERY_STRING,"http","https")
strWork = Replace(strWork,"403;","")

' Now, set the new, secure URL:
strSecureURL = strWork
'response.write(strSecureURL) ' uncomment for sanity check.
Response.Redirect strSecureURL
End If %>
But it seems not working, it only have a message like this:

With custom error set up URL to /myvirtualdirectory/redrect.asp
I got this error message:
Secure Channel Required
This Virtual Directory requires a browser that supports the configured
encryption options.

If I set up custom error file to redirect.asp, this file will be
displayed,
it seems this points to the right place, it just somehow didn't executed.
can you give me a clue?
Thank you.
Betty

May 26 '07 #2
Mark J. McGinty wrote on 26 mei 2007 in
microsoft.public.inetserver.asp.general:
By setting it to require SSL you have precluded it from accepting
non-secure requests, which I believe will prevent IIS from acting on a
server-side redirect. You might be able to make it happen on the
client side, by generating a page with a refresh meta-header, or
client script. If not, you will need to setup two virtual servers,
one for HTTPS and the other for HTTP, using the same IP or domain name
(if using host headers.)
request.redirect invokes a clientside action,
I believe by sending an appropriate header.
>With custom error set up URL to /myvirtualdirectory/redrect.asp
I got this error message:
Secure Channel Required
This Virtual Directory requires a browser that supports the configured
encryption options.
It seems the [which?] browser does not like that header.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
May 26 '07 #3

"Evertjan." <ex**************@interxnl.netwrote in message
news:Xn********************@194.109.133.242...
Mark J. McGinty wrote on 26 mei 2007 in
microsoft.public.inetserver.asp.general:
>By setting it to require SSL you have precluded it from accepting
non-secure requests, which I believe will prevent IIS from acting on a
server-side redirect. You might be able to make it happen on the
client side, by generating a page with a refresh meta-header, or
client script. If not, you will need to setup two virtual servers,
one for HTTPS and the other for HTTP, using the same IP or domain name
(if using host headers.)

request.redirect invokes a clientside action,
I believe by sending an appropriate header.
Yes the client acts on it, but status 302 is generated by the server (as
opposed to being part of served content) which may well be why this status
is commonly referred to as a server redirect. My assumption, based on
observation, is that IIS declines to perform the server-side scripted
redirect because of security issues raised by the initial request. (IOW, I
have seen that what the OP is trying to do, doesn't work; since the exact
reason isn't documented, and MS has declined to share IIS sources with me,
I'm left with only my assumptions.)
>>With custom error set up URL to /myvirtualdirectory/redrect.asp
I got this error message:
Secure Channel Required
This Virtual Directory requires a browser that supports the configured
encryption options.

It seems the [which?] browser does not like that header.
As if all IIS default error messages are perfectly accurate, fully descript,
and entirely based upon fact? IE is clearly thus capable, yet this error is
displayed by it as easily as by whatever sleazy niche browsers might be out
there that do not support SSL.

If you consider end-user level error messages to be empiracle... hmm... you
wouldn't happen to be interested in buying vacation property in the Florida
Everglades?
-Mark
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

May 26 '07 #4
Hi Mark and Evertjan,
Thanks for the replies. Here is another way I got from the internet.
It is not working in IIS5.0:

Create one HTML page[say Redirectssl.htm] with Folowing Javascript code :
<SCRIPT type=text/javascript>
<!--
if (location.protocol != 'https:')
{
window.location = 'https://'+ location.host + location.pathname +
location.search;
//alert(location.host + location.pathname + location.search); Just for
sanity check

}
// -->
</SCRIPT>
Just Save this page in root directory of WebSite & Follow the steps :
1)Replac the 403.4[Message type be FILE] in IIS 6 with a Redirectssl.htm
file that contains the above Javascript.
2)Save changes & Restart IIS admin[not mandatory]
But it is not working for me? can you help? t
--
Betty
"Mark J. McGinty" wrote:
>
"Evertjan." <ex**************@interxnl.netwrote in message
news:Xn********************@194.109.133.242...
Mark J. McGinty wrote on 26 mei 2007 in
microsoft.public.inetserver.asp.general:
By setting it to require SSL you have precluded it from accepting
non-secure requests, which I believe will prevent IIS from acting on a
server-side redirect. You might be able to make it happen on the
client side, by generating a page with a refresh meta-header, or
client script. If not, you will need to setup two virtual servers,
one for HTTPS and the other for HTTP, using the same IP or domain name
(if using host headers.)
request.redirect invokes a clientside action,
I believe by sending an appropriate header.

Yes the client acts on it, but status 302 is generated by the server (as
opposed to being part of served content) which may well be why this status
is commonly referred to as a server redirect. My assumption, based on
observation, is that IIS declines to perform the server-side scripted
redirect because of security issues raised by the initial request. (IOW, I
have seen that what the OP is trying to do, doesn't work; since the exact
reason isn't documented, and MS has declined to share IIS sources with me,
I'm left with only my assumptions.)
>With custom error set up URL to /myvirtualdirectory/redrect.asp
I got this error message:
Secure Channel Required
This Virtual Directory requires a browser that supports the configured
encryption options.
It seems the [which?] browser does not like that header.

As if all IIS default error messages are perfectly accurate, fully descript,
and entirely based upon fact? IE is clearly thus capable, yet this error is
displayed by it as easily as by whatever sleazy niche browsers might be out
there that do not support SSL.

If you consider end-user level error messages to be empiracle... hmm... you
wouldn't happen to be interested in buying vacation property in the Florida
Everglades?
-Mark
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)


Jun 7 '07 #5

"c676228" <be****@community.nospamwrote in message
news:C0**********************************@microsof t.com...
Hi Mark and Evertjan,
Thanks for the replies. Here is another way I got from the internet.
It is not working in IIS5.0:

Create one HTML page[say Redirectssl.htm] with Folowing Javascript code :
<SCRIPT type=text/javascript>
<!--
if (location.protocol != 'https:')
{
window.location = 'https://'+ location.host + location.pathname +
location.search;
//alert(location.host + location.pathname + location.search); Just for
sanity check

}
// -->
</SCRIPT>
Just Save this page in root directory of WebSite & Follow the steps :
1)Replac the 403.4[Message type be FILE] in IIS 6 with a Redirectssl.htm
file that contains the above Javascript.
2)Save changes & Restart IIS admin[not mandatory]
But it is not working for me? can you help? t
Define "not working for me."
-Mark
--
Betty
"Mark J. McGinty" wrote:
>>
"Evertjan." <ex**************@interxnl.netwrote in message
news:Xn********************@194.109.133.242...
Mark J. McGinty wrote on 26 mei 2007 in
microsoft.public.inetserver.asp.general:

By setting it to require SSL you have precluded it from accepting
non-secure requests, which I believe will prevent IIS from acting on a
server-side redirect. You might be able to make it happen on the
client side, by generating a page with a refresh meta-header, or
client script. If not, you will need to setup two virtual servers,
one for HTTPS and the other for HTTP, using the same IP or domain name
(if using host headers.)

request.redirect invokes a clientside action,
I believe by sending an appropriate header.

Yes the client acts on it, but status 302 is generated by the server (as
opposed to being part of served content) which may well be why this
status
is commonly referred to as a server redirect. My assumption, based on
observation, is that IIS declines to perform the server-side scripted
redirect because of security issues raised by the initial request. (IOW,
I
have seen that what the OP is trying to do, doesn't work; since the exact
reason isn't documented, and MS has declined to share IIS sources with
me,
I'm left with only my assumptions.)
>>With custom error set up URL to /myvirtualdirectory/redrect.asp
I got this error message:
Secure Channel Required
This Virtual Directory requires a browser that supports the
configured
encryption options.

It seems the [which?] browser does not like that header.

As if all IIS default error messages are perfectly accurate, fully
descript,
and entirely based upon fact? IE is clearly thus capable, yet this error
is
displayed by it as easily as by whatever sleazy niche browsers might be
out
there that do not support SSL.

If you consider end-user level error messages to be empiracle... hmm...
you
wouldn't happen to be interested in buying vacation property in the
Florida
Everglades?
-Mark
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)



Jun 7 '07 #6
Hi Mark,
Not working, meaning when I entered http://xxxx.com, it didn't do anything
and not redirect to https://, just stay as http:// protocol.

I finally figure out to do this way on serverside:
If Request.ServerVariables("HTTPS") = "off" Then
Response.Redirect "https://" & Request.ServerVariables("HTTP_HOST") &
Request.ServerVariables("URL") & "?"
&Request.ServerVariables("QUERY_STRING")End If

But I am not sure if this is dependable.
--
Betty
"Mark J. McGinty" wrote:
>
"c676228" <be****@community.nospamwrote in message
news:C0**********************************@microsof t.com...
Hi Mark and Evertjan,
Thanks for the replies. Here is another way I got from the internet.
It is not working in IIS5.0:

Create one HTML page[say Redirectssl.htm] with Folowing Javascript code :
<SCRIPT type=text/javascript>
<!--
if (location.protocol != 'https:')
{
window.location = 'https://'+ location.host + location.pathname +
location.search;
//alert(location.host + location.pathname + location.search); Just for
sanity check

}
// -->
</SCRIPT>
Just Save this page in root directory of WebSite & Follow the steps :
1)Replac the 403.4[Message type be FILE] in IIS 6 with a Redirectssl.htm
file that contains the above Javascript.
2)Save changes & Restart IIS admin[not mandatory]
But it is not working for me? can you help? t

Define "not working for me."
-Mark
--
Betty
"Mark J. McGinty" wrote:
>
"Evertjan." <ex**************@interxnl.netwrote in message
news:Xn********************@194.109.133.242...
Mark J. McGinty wrote on 26 mei 2007 in
microsoft.public.inetserver.asp.general:

By setting it to require SSL you have precluded it from accepting
non-secure requests, which I believe will prevent IIS from acting on a
server-side redirect. You might be able to make it happen on the
client side, by generating a page with a refresh meta-header, or
client script. If not, you will need to setup two virtual servers,
one for HTTPS and the other for HTTP, using the same IP or domain name
(if using host headers.)

request.redirect invokes a clientside action,
I believe by sending an appropriate header.

Yes the client acts on it, but status 302 is generated by the server (as
opposed to being part of served content) which may well be why this
status
is commonly referred to as a server redirect. My assumption, based on
observation, is that IIS declines to perform the server-side scripted
redirect because of security issues raised by the initial request. (IOW,
I
have seen that what the OP is trying to do, doesn't work; since the exact
reason isn't documented, and MS has declined to share IIS sources with
me,
I'm left with only my assumptions.)

With custom error set up URL to /myvirtualdirectory/redrect.asp
I got this error message:
Secure Channel Required
This Virtual Directory requires a browser that supports the
configured
encryption options.

It seems the [which?] browser does not like that header.

As if all IIS default error messages are perfectly accurate, fully
descript,
and entirely based upon fact? IE is clearly thus capable, yet this error
is
displayed by it as easily as by whatever sleazy niche browsers might be
out
there that do not support SSL.

If you consider end-user level error messages to be empiracle... hmm...
you
wouldn't happen to be interested in buying vacation property in the
Florida
Everglades?
-Mark

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)


Jun 7 '07 #7

"c676228" <be****@community.nospamwrote in message
news:9D**********************************@microsof t.com...
Hi Mark,
Not working, meaning when I entered http://xxxx.com, it didn't do anything
and not redirect to https://, just stay as http:// protocol.
What was the content of the error page you were left on? Did you view
source? Did a script error occur, or did an error file other than the one
you expected get sent down from the server? My first-line reality check
would've been to make the error page content visibly different (in addition
to the added script.)
I finally figure out to do this way on serverside:
If Request.ServerVariables("HTTPS") = "off" Then
Response.Redirect "https://" & Request.ServerVariables("HTTP_HOST") &
Request.ServerVariables("URL") & "?"
&Request.ServerVariables("QUERY_STRING")End If

But I am not sure if this is dependable.
Is that not exactly where we started this thread? Oh, I see, you're using a
different server variable...

As far as dependability goes, I usually like to find out what was wrong with
the things that didn't work, as understanding failure can be key to
understanding success.

Just to be on the safe side, I'd make the content of that error page a
little friendlier than the default one that comes with the server. If you
include a link to the site on it, worst case if it fails is the user will
have to click the link -- if you tack on a easily recognizable and
adequately unique [do-nothing] parameter, you can even monitor how often the
link is used, by scanning the server logs.

-Mark
Betty
"Mark J. McGinty" wrote:
>>
"c676228" <be****@community.nospamwrote in message
news:C0**********************************@microso ft.com...
Hi Mark and Evertjan,
Thanks for the replies. Here is another way I got from the internet.
It is not working in IIS5.0:

Create one HTML page[say Redirectssl.htm] with Folowing Javascript code
:
<SCRIPT type=text/javascript>
<!--
if (location.protocol != 'https:')
{
window.location = 'https://'+ location.host + location.pathname +
location.search;
//alert(location.host + location.pathname + location.search); Just for
sanity check

}
// -->
</SCRIPT>
Just Save this page in root directory of WebSite & Follow the steps :
1)Replac the 403.4[Message type be FILE] in IIS 6 with a
Redirectssl.htm
file that contains the above Javascript.
2)Save changes & Restart IIS admin[not mandatory]
But it is not working for me? can you help? t

Define "not working for me."
-Mark
--
Betty
"Mark J. McGinty" wrote:
"Evertjan." <ex**************@interxnl.netwrote in message
news:Xn********************@194.109.133.242...
Mark J. McGinty wrote on 26 mei 2007 in
microsoft.public.inetserver.asp.general:

By setting it to require SSL you have precluded it from accepting
non-secure requests, which I believe will prevent IIS from acting
on a
server-side redirect. You might be able to make it happen on the
client side, by generating a page with a refresh meta-header, or
client script. If not, you will need to setup two virtual servers,
one for HTTPS and the other for HTTP, using the same IP or domain
name
(if using host headers.)

request.redirect invokes a clientside action,
I believe by sending an appropriate header.

Yes the client acts on it, but status 302 is generated by the server
(as
opposed to being part of served content) which may well be why this
status
is commonly referred to as a server redirect. My assumption, based on
observation, is that IIS declines to perform the server-side scripted
redirect because of security issues raised by the initial request.
(IOW,
I
have seen that what the OP is trying to do, doesn't work; since the
exact
reason isn't documented, and MS has declined to share IIS sources with
me,
I'm left with only my assumptions.)

With custom error set up URL to /myvirtualdirectory/redrect.asp
I got this error message:
Secure Channel Required
This Virtual Directory requires a browser that supports the
configured
encryption options.

It seems the [which?] browser does not like that header.

As if all IIS default error messages are perfectly accurate, fully
descript,
and entirely based upon fact? IE is clearly thus capable, yet this
error
is
displayed by it as easily as by whatever sleazy niche browsers might
be
out
there that do not support SSL.

If you consider end-user level error messages to be empiracle...
hmm...
you
wouldn't happen to be interested in buying vacation property in the
Florida
Everglades?
-Mark

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)



Jun 10 '07 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: Bob Hansen | last post by:
I am using the following code in my default.asp page to redirect the page from HTTP to HTTPS <% if Request.ServerVariables("HTTPS") = "off" Then Response.Redirect("https://" &...
2
by: Robert Gordon | last post by:
I now realize I probably should have tried posting this on the IIS board first.. I am running OWA 2003 Server as Front End server to my Exchange 2000 native domain. The FE server is secured by...
5
by: Larry Woods | last post by:
I am losing Session variables, but only those that are set in the page previous to a redirect to a secure page. Anyone seen ANY situation where Session variables just "disappear?" Note that...
3
by: Pooja Renukdas | last post by:
Hello, I have this web site where only two pages have to be secure pages and I need to call them using https, but since I have my development server and my production web server, I dont want to...
5
by: Dabbler | last post by:
I'm sending users to a secure page https to fill out a registration form. When they're done I show a thank you page. I need to return the user to http mode after filling out the form. If I use...
2
by: Sergej Prokoviev | last post by:
We are running our site at www.waynesavings.com on secure hosting (Server 2003, IIS). We are using a custom 403.4 error page (called 403_4.asp, located under root) to redirect all users to https if...
8
by: howa | last post by:
a page currently in HTTPS, I force the client to redirect to another page using HTTP under the same domain (e.g. abc.com), i.e. header("Location: http://www.abc.com/index.php"); IE...
0
by: Raven | last post by:
Hi, I have a problem with a server side redirect from a secure page to a non-secure page (same domain name, same folder) I have added some test code that can display the target URL and that...
1
by: jdwfly | last post by:
Just before I go an tell my sys admin that the server has problems I wanted to run this by everyone on here. Basically we have a few pages that need to be sent over https. Everything I have found on...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.