force web root into https; redirect issues

Discussion in 'ASP General' started by Sergej Prokoviev, Aug 22, 2006.

  1. We are running our site at www.waynesavings.com on secure hosting
    (Server 2003, IIS). We are using a custom 403.4 error page (called
    403_4.asp, located under root) to redirect all users to https if they
    come in on http. The site is also using an instant refresh on the
    index.htm page under root to www.waynesavings.com/aboutus/home.htm due
    to issues with the javascript menus used on the site.

    The code we're using on the custom 403 page is this:

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    "http://www.w3.org/TR/html4/loose.dtd">
    <%

    If UCase(Request.ServerVariables("HTTPS")) = "OFF" Then
    '''get page
    sRedirect = "https://" & Request.ServerVariables("SERVER_NAME") &
    Request.ServerVariables("PATH_INFO") & Request.Querystring
    Response.Redirect sRedirect
    End If

    %>
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html;
    charset=iso-8859-1">
    <title>Untitled Document</title>
    </head>

    <body>
    </body>
    </html>

    It does the job just fine. However, if somebody has bookmarked a
    non-secure page (e.g. http://www.waynesavings.com/rates/index.htm), it
    will redirect the user NOT to the equivalent https page, but to the
    secure home page instead.

    Any input? If I can't get this solved, we'll just turn something bad
    into something good and encourage people to rebookmark the respective
    pages, but the perfectionist in me would like to see this solved.

    Thanks!
     
    Sergej Prokoviev, Aug 22, 2006
    #1
    1. Advertising

  2. Ray Costanzo [MVP], Aug 23, 2006
    #2
    1. Advertising

  3. Thanks for the tip! I did look into it, and I think what's happening is
    that the custom 403 gets called before the custom 404, so you get the
    home page when you type in a non-existing http page. When you are in
    https mode, the 404 is called as it should.

    I've looked all over for the right code for this redirect, and it seems
    that everybody is asking the question, but nobody seems to have the
    (full) answer. The 403 does redirect, just not the right way. I think
    it ignores the path and just redirects to root, which is promptly
    refreshed to ../aboutus/home.htm.

    Any thoughts?



    Ray Costanzo [MVP] wrote:
    > Your custom 404 is causing it. Look at what happens when you go here:
    >
    > http://www.waynesavings.com/kjaskjflkajsdfl8jn3r.hhasjdhfk
    >
    > Ray at work
    >
    >
    >
    >
    > "Sergej Prokoviev" <> wrote in message
    > news:...
    >
    > > </html>
    > >
    > > It does the job just fine. However, if somebody has bookmarked a
    > > non-secure page (e.g. http://www.waynesavings.com/rates/index.htm), it
    > > will redirect the user NOT to the equivalent https page, but to the
    > > secure home page instead.
     
    Sergej Prokoviev, Aug 23, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    1,255
  2. Rick Osborn
    Replies:
    10
    Views:
    3,973
    Jon A. Cruz
    Feb 8, 2004
  3. Sal
    Replies:
    1
    Views:
    797
  4. Axel
    Replies:
    8
    Views:
    1,171
    Adrienne Boswell
    Apr 27, 2009
  5. jotto
    Replies:
    4
    Views:
    415
    jotto
    Oct 2, 2006
Loading...

Share This Page