redirect http to https

Discussion in 'ASP General' started by c676228, May 25, 2007.

  1. c676228

    c676228 Guest

    Hi all,
    I am trying to set this up using asp code and IIS configuration. But it
    seems not working. Here it is the way I am doing.
    In IIS I set up a virtual directory with secure communication, I checked
    require secure channel, require 128-bit encryption. In custom error, instead
    of using default message
    HTTP 403.4 - Forbidden: SSL required
    Internet Information Services
    in iishelp 403.4htm, I am trying to do redirect automatically.
    so I have a small code from internet like this in my virtual directory:
    redirect.asp
    <%If Request.ServerVariables("SERVER_PORT")=80 Then
    Dim strQUERY_STRING
    Dim strSecureURL
    Dim strWork

    ' Get server variables
    strQUERY_STRING = Request.ServerVariables("QUERY_STRING")

    ' Fix the query string:
    strWork = Replace(strQUERY_STRING,"http","https")
    strWork = Replace(strWork,"403;","")

    ' Now, set the new, secure URL:
    strSecureURL = strWork
    'response.write(strSecureURL) ' uncomment for sanity check.
    Response.Redirect strSecureURL
    End If %>
    But it seems not working, it only have a message like this:

    With custom error set up URL to /myvirtualdirectory/redrect.asp
    I got this error message:
    Secure Channel Required
    This Virtual Directory requires a browser that supports the configured
    encryption options.

    If I set up custom error file to redirect.asp, this file will be displayed,
    it seems this points to the right place, it just somehow didn't executed.
    can you give me a clue?
    Thank you.
    Betty
     
    c676228, May 25, 2007
    #1
    1. Advertising

  2. "c676228" <> wrote in message
    news:...
    > Hi all,
    > I am trying to set this up using asp code and IIS configuration. But it
    > seems not working. Here it is the way I am doing.
    > In IIS I set up a virtual directory with secure communication, I checked
    > require secure channel, require 128-bit encryption. In custom error,
    > instead
    > of using default message
    > HTTP 403.4 - Forbidden: SSL required
    > Internet Information Services
    > in iishelp 403.4htm, I am trying to do redirect automatically.


    By setting it to require SSL you have precluded it from accepting non-secure
    requests, which I believe will prevent IIS from acting on a server-side
    redirect. You might be able to make it happen on the client side, by
    generating a page with a refresh meta-header, or client script. If not, you
    will need to setup two virtual servers, one for HTTPS and the other for
    HTTP, using the same IP or domain name (if using host headers.)

    -Mark




    > so I have a small code from internet like this in my virtual directory:
    > redirect.asp
    > <%If Request.ServerVariables("SERVER_PORT")=80 Then
    > Dim strQUERY_STRING
    > Dim strSecureURL
    > Dim strWork
    >
    > ' Get server variables
    > strQUERY_STRING = Request.ServerVariables("QUERY_STRING")
    >
    > ' Fix the query string:
    > strWork = Replace(strQUERY_STRING,"http","https")
    > strWork = Replace(strWork,"403;","")
    >
    > ' Now, set the new, secure URL:
    > strSecureURL = strWork
    > 'response.write(strSecureURL) ' uncomment for sanity check.
    > Response.Redirect strSecureURL
    > End If %>
    > But it seems not working, it only have a message like this:
    >
    > With custom error set up URL to /myvirtualdirectory/redrect.asp
    > I got this error message:
    > Secure Channel Required
    > This Virtual Directory requires a browser that supports the configured
    > encryption options.
    >
    > If I set up custom error file to redirect.asp, this file will be
    > displayed,
    > it seems this points to the right place, it just somehow didn't executed.
    > can you give me a clue?
    > Thank you.
    > Betty
     
    Mark J. McGinty, May 26, 2007
    #2
    1. Advertising

  3. c676228

    Evertjan. Guest

    Mark J. McGinty wrote on 26 mei 2007 in
    microsoft.public.inetserver.asp.general:

    > By setting it to require SSL you have precluded it from accepting
    > non-secure requests, which I believe will prevent IIS from acting on a
    > server-side redirect. You might be able to make it happen on the
    > client side, by generating a page with a refresh meta-header, or
    > client script. If not, you will need to setup two virtual servers,
    > one for HTTPS and the other for HTTP, using the same IP or domain name
    > (if using host headers.)


    request.redirect invokes a clientside action,
    I believe by sending an appropriate header.

    >> With custom error set up URL to /myvirtualdirectory/redrect.asp
    >> I got this error message:
    >> Secure Channel Required
    >> This Virtual Directory requires a browser that supports the configured
    >> encryption options.


    It seems the [which?] browser does not like that header.

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
     
    Evertjan., May 26, 2007
    #3
  4. "Evertjan." <> wrote in message
    news:Xns993C6B1972BBBeejj99@194.109.133.242...
    > Mark J. McGinty wrote on 26 mei 2007 in
    > microsoft.public.inetserver.asp.general:
    >
    >> By setting it to require SSL you have precluded it from accepting
    >> non-secure requests, which I believe will prevent IIS from acting on a
    >> server-side redirect. You might be able to make it happen on the
    >> client side, by generating a page with a refresh meta-header, or
    >> client script. If not, you will need to setup two virtual servers,
    >> one for HTTPS and the other for HTTP, using the same IP or domain name
    >> (if using host headers.)

    >
    > request.redirect invokes a clientside action,
    > I believe by sending an appropriate header.


    Yes the client acts on it, but status 302 is generated by the server (as
    opposed to being part of served content) which may well be why this status
    is commonly referred to as a server redirect. My assumption, based on
    observation, is that IIS declines to perform the server-side scripted
    redirect because of security issues raised by the initial request. (IOW, I
    have seen that what the OP is trying to do, doesn't work; since the exact
    reason isn't documented, and MS has declined to share IIS sources with me,
    I'm left with only my assumptions.)

    >>> With custom error set up URL to /myvirtualdirectory/redrect.asp
    >>> I got this error message:
    >>> Secure Channel Required
    >>> This Virtual Directory requires a browser that supports the configured
    >>> encryption options.

    >
    > It seems the [which?] browser does not like that header.


    As if all IIS default error messages are perfectly accurate, fully descript,
    and entirely based upon fact? IE is clearly thus capable, yet this error is
    displayed by it as easily as by whatever sleazy niche browsers might be out
    there that do not support SSL.

    If you consider end-user level error messages to be empiracle... hmm... you
    wouldn't happen to be interested in buying vacation property in the Florida
    Everglades?


    -Mark



    > --
    > Evertjan.
    > The Netherlands.
    > (Please change the x'es to dots in my emailaddress)
     
    Mark J. McGinty, May 26, 2007
    #4
  5. c676228

    c676228 Guest

    Hi Mark and Evertjan,
    Thanks for the replies. Here is another way I got from the internet.
    It is not working in IIS5.0:

    Create one HTML page[say Redirectssl.htm] with Folowing Javascript code :
    <SCRIPT type=text/javascript>
    <!--
    if (location.protocol != 'https:')
    {
    window.location = 'https://'+ location.host + location.pathname +
    location.search;
    //alert(location.host + location.pathname + location.search); Just for
    sanity check

    }
    // -->
    </SCRIPT>
    Just Save this page in root directory of WebSite & Follow the steps :
    1)Replac the 403.4[Message type be FILE] in IIS 6 with a Redirectssl.htm
    file that contains the above Javascript.
    2)Save changes & Restart IIS admin[not mandatory]


    But it is not working for me? can you help? t
    --
    Betty


    "Mark J. McGinty" wrote:

    >
    > "Evertjan." <> wrote in message
    > news:Xns993C6B1972BBBeejj99@194.109.133.242...
    > > Mark J. McGinty wrote on 26 mei 2007 in
    > > microsoft.public.inetserver.asp.general:
    > >
    > >> By setting it to require SSL you have precluded it from accepting
    > >> non-secure requests, which I believe will prevent IIS from acting on a
    > >> server-side redirect. You might be able to make it happen on the
    > >> client side, by generating a page with a refresh meta-header, or
    > >> client script. If not, you will need to setup two virtual servers,
    > >> one for HTTPS and the other for HTTP, using the same IP or domain name
    > >> (if using host headers.)

    > >
    > > request.redirect invokes a clientside action,
    > > I believe by sending an appropriate header.

    >
    > Yes the client acts on it, but status 302 is generated by the server (as
    > opposed to being part of served content) which may well be why this status
    > is commonly referred to as a server redirect. My assumption, based on
    > observation, is that IIS declines to perform the server-side scripted
    > redirect because of security issues raised by the initial request. (IOW, I
    > have seen that what the OP is trying to do, doesn't work; since the exact
    > reason isn't documented, and MS has declined to share IIS sources with me,
    > I'm left with only my assumptions.)
    >
    > >>> With custom error set up URL to /myvirtualdirectory/redrect.asp
    > >>> I got this error message:
    > >>> Secure Channel Required
    > >>> This Virtual Directory requires a browser that supports the configured
    > >>> encryption options.

    > >
    > > It seems the [which?] browser does not like that header.

    >
    > As if all IIS default error messages are perfectly accurate, fully descript,
    > and entirely based upon fact? IE is clearly thus capable, yet this error is
    > displayed by it as easily as by whatever sleazy niche browsers might be out
    > there that do not support SSL.
    >
    > If you consider end-user level error messages to be empiracle... hmm... you
    > wouldn't happen to be interested in buying vacation property in the Florida
    > Everglades?
    >
    >
    > -Mark
    >
    >
    >
    > > --
    > > Evertjan.
    > > The Netherlands.
    > > (Please change the x'es to dots in my emailaddress)

    >
    >
    >
     
    c676228, Jun 7, 2007
    #5
  6. "c676228" <> wrote in message
    news:...
    > Hi Mark and Evertjan,
    > Thanks for the replies. Here is another way I got from the internet.
    > It is not working in IIS5.0:
    >
    > Create one HTML page[say Redirectssl.htm] with Folowing Javascript code :
    > <SCRIPT type=text/javascript>
    > <!--
    > if (location.protocol != 'https:')
    > {
    > window.location = 'https://'+ location.host + location.pathname +
    > location.search;
    > //alert(location.host + location.pathname + location.search); Just for
    > sanity check
    >
    > }
    > // -->
    > </SCRIPT>
    > Just Save this page in root directory of WebSite & Follow the steps :
    > 1)Replac the 403.4[Message type be FILE] in IIS 6 with a Redirectssl.htm
    > file that contains the above Javascript.
    > 2)Save changes & Restart IIS admin[not mandatory]
    >
    >
    > But it is not working for me? can you help? t


    Define "not working for me."


    -Mark



    > --
    > Betty
    >
    >
    > "Mark J. McGinty" wrote:
    >
    >>
    >> "Evertjan." <> wrote in message
    >> news:Xns993C6B1972BBBeejj99@194.109.133.242...
    >> > Mark J. McGinty wrote on 26 mei 2007 in
    >> > microsoft.public.inetserver.asp.general:
    >> >
    >> >> By setting it to require SSL you have precluded it from accepting
    >> >> non-secure requests, which I believe will prevent IIS from acting on a
    >> >> server-side redirect. You might be able to make it happen on the
    >> >> client side, by generating a page with a refresh meta-header, or
    >> >> client script. If not, you will need to setup two virtual servers,
    >> >> one for HTTPS and the other for HTTP, using the same IP or domain name
    >> >> (if using host headers.)
    >> >
    >> > request.redirect invokes a clientside action,
    >> > I believe by sending an appropriate header.

    >>
    >> Yes the client acts on it, but status 302 is generated by the server (as
    >> opposed to being part of served content) which may well be why this
    >> status
    >> is commonly referred to as a server redirect. My assumption, based on
    >> observation, is that IIS declines to perform the server-side scripted
    >> redirect because of security issues raised by the initial request. (IOW,
    >> I
    >> have seen that what the OP is trying to do, doesn't work; since the exact
    >> reason isn't documented, and MS has declined to share IIS sources with
    >> me,
    >> I'm left with only my assumptions.)
    >>
    >> >>> With custom error set up URL to /myvirtualdirectory/redrect.asp
    >> >>> I got this error message:
    >> >>> Secure Channel Required
    >> >>> This Virtual Directory requires a browser that supports the
    >> >>> configured
    >> >>> encryption options.
    >> >
    >> > It seems the [which?] browser does not like that header.

    >>
    >> As if all IIS default error messages are perfectly accurate, fully
    >> descript,
    >> and entirely based upon fact? IE is clearly thus capable, yet this error
    >> is
    >> displayed by it as easily as by whatever sleazy niche browsers might be
    >> out
    >> there that do not support SSL.
    >>
    >> If you consider end-user level error messages to be empiracle... hmm...
    >> you
    >> wouldn't happen to be interested in buying vacation property in the
    >> Florida
    >> Everglades?
    >>
    >>
    >> -Mark
    >>
    >>
    >>
    >> > --
    >> > Evertjan.
    >> > The Netherlands.
    >> > (Please change the x'es to dots in my emailaddress)

    >>
    >>
    >>
     
    Mark J. McGinty, Jun 7, 2007
    #6
  7. c676228

    c676228 Guest

    Hi Mark,
    Not working, meaning when I entered http://xxxx.com, it didn't do anything
    and not redirect to https://, just stay as http:// protocol.

    I finally figure out to do this way on serverside:
    If Request.ServerVariables("HTTPS") = "off" Then
    Response.Redirect "https://" & Request.ServerVariables("HTTP_HOST") &
    Request.ServerVariables("URL") & "?"
    &Request.ServerVariables("QUERY_STRING")End If

    But I am not sure if this is dependable.
    --
    Betty


    "Mark J. McGinty" wrote:

    >
    > "c676228" <> wrote in message
    > news:...
    > > Hi Mark and Evertjan,
    > > Thanks for the replies. Here is another way I got from the internet.
    > > It is not working in IIS5.0:
    > >
    > > Create one HTML page[say Redirectssl.htm] with Folowing Javascript code :
    > > <SCRIPT type=text/javascript>
    > > <!--
    > > if (location.protocol != 'https:')
    > > {
    > > window.location = 'https://'+ location.host + location.pathname +
    > > location.search;
    > > //alert(location.host + location.pathname + location.search); Just for
    > > sanity check
    > >
    > > }
    > > // -->
    > > </SCRIPT>
    > > Just Save this page in root directory of WebSite & Follow the steps :
    > > 1)Replac the 403.4[Message type be FILE] in IIS 6 with a Redirectssl.htm
    > > file that contains the above Javascript.
    > > 2)Save changes & Restart IIS admin[not mandatory]
    > >
    > >
    > > But it is not working for me? can you help? t

    >
    > Define "not working for me."
    >
    >
    > -Mark
    >
    >
    >
    > > --
    > > Betty
    > >
    > >
    > > "Mark J. McGinty" wrote:
    > >
    > >>
    > >> "Evertjan." <> wrote in message
    > >> news:Xns993C6B1972BBBeejj99@194.109.133.242...
    > >> > Mark J. McGinty wrote on 26 mei 2007 in
    > >> > microsoft.public.inetserver.asp.general:
    > >> >
    > >> >> By setting it to require SSL you have precluded it from accepting
    > >> >> non-secure requests, which I believe will prevent IIS from acting on a
    > >> >> server-side redirect. You might be able to make it happen on the
    > >> >> client side, by generating a page with a refresh meta-header, or
    > >> >> client script. If not, you will need to setup two virtual servers,
    > >> >> one for HTTPS and the other for HTTP, using the same IP or domain name
    > >> >> (if using host headers.)
    > >> >
    > >> > request.redirect invokes a clientside action,
    > >> > I believe by sending an appropriate header.
    > >>
    > >> Yes the client acts on it, but status 302 is generated by the server (as
    > >> opposed to being part of served content) which may well be why this
    > >> status
    > >> is commonly referred to as a server redirect. My assumption, based on
    > >> observation, is that IIS declines to perform the server-side scripted
    > >> redirect because of security issues raised by the initial request. (IOW,
    > >> I
    > >> have seen that what the OP is trying to do, doesn't work; since the exact
    > >> reason isn't documented, and MS has declined to share IIS sources with
    > >> me,
    > >> I'm left with only my assumptions.)
    > >>
    > >> >>> With custom error set up URL to /myvirtualdirectory/redrect.asp
    > >> >>> I got this error message:
    > >> >>> Secure Channel Required
    > >> >>> This Virtual Directory requires a browser that supports the
    > >> >>> configured
    > >> >>> encryption options.
    > >> >
    > >> > It seems the [which?] browser does not like that header.
    > >>
    > >> As if all IIS default error messages are perfectly accurate, fully
    > >> descript,
    > >> and entirely based upon fact? IE is clearly thus capable, yet this error
    > >> is
    > >> displayed by it as easily as by whatever sleazy niche browsers might be
    > >> out
    > >> there that do not support SSL.
    > >>
    > >> If you consider end-user level error messages to be empiracle... hmm...
    > >> you
    > >> wouldn't happen to be interested in buying vacation property in the
    > >> Florida
    > >> Everglades?
    > >>
    > >>
    > >> -Mark
    > >>
    > >>
    > >>
    > >> > --
    > >> > Evertjan.
    > >> > The Netherlands.
    > >> > (Please change the x'es to dots in my emailaddress)
    > >>
    > >>
    > >>

    >
    >
    >
     
    c676228, Jun 7, 2007
    #7
  8. "c676228" <> wrote in message
    news:...
    > Hi Mark,
    > Not working, meaning when I entered http://xxxx.com, it didn't do anything
    > and not redirect to https://, just stay as http:// protocol.


    What was the content of the error page you were left on? Did you view
    source? Did a script error occur, or did an error file other than the one
    you expected get sent down from the server? My first-line reality check
    would've been to make the error page content visibly different (in addition
    to the added script.)

    > I finally figure out to do this way on serverside:
    > If Request.ServerVariables("HTTPS") = "off" Then
    > Response.Redirect "https://" & Request.ServerVariables("HTTP_HOST") &
    > Request.ServerVariables("URL") & "?"
    > &Request.ServerVariables("QUERY_STRING")End If
    >
    > But I am not sure if this is dependable.


    Is that not exactly where we started this thread? Oh, I see, you're using a
    different server variable...

    As far as dependability goes, I usually like to find out what was wrong with
    the things that didn't work, as understanding failure can be key to
    understanding success.

    Just to be on the safe side, I'd make the content of that error page a
    little friendlier than the default one that comes with the server. If you
    include a link to the site on it, worst case if it fails is the user will
    have to click the link -- if you tack on a easily recognizable and
    adequately unique [do-nothing] parameter, you can even monitor how often the
    link is used, by scanning the server logs.

    -Mark



    > Betty
    >
    >
    > "Mark J. McGinty" wrote:
    >
    >>
    >> "c676228" <> wrote in message
    >> news:...
    >> > Hi Mark and Evertjan,
    >> > Thanks for the replies. Here is another way I got from the internet.
    >> > It is not working in IIS5.0:
    >> >
    >> > Create one HTML page[say Redirectssl.htm] with Folowing Javascript code
    >> > :
    >> > <SCRIPT type=text/javascript>
    >> > <!--
    >> > if (location.protocol != 'https:')
    >> > {
    >> > window.location = 'https://'+ location.host + location.pathname +
    >> > location.search;
    >> > //alert(location.host + location.pathname + location.search); Just for
    >> > sanity check
    >> >
    >> > }
    >> > // -->
    >> > </SCRIPT>
    >> > Just Save this page in root directory of WebSite & Follow the steps :
    >> > 1)Replac the 403.4[Message type be FILE] in IIS 6 with a
    >> > Redirectssl.htm
    >> > file that contains the above Javascript.
    >> > 2)Save changes & Restart IIS admin[not mandatory]
    >> >
    >> >
    >> > But it is not working for me? can you help? t

    >>
    >> Define "not working for me."
    >>
    >>
    >> -Mark
    >>
    >>
    >>
    >> > --
    >> > Betty
    >> >
    >> >
    >> > "Mark J. McGinty" wrote:
    >> >
    >> >>
    >> >> "Evertjan." <> wrote in message
    >> >> news:Xns993C6B1972BBBeejj99@194.109.133.242...
    >> >> > Mark J. McGinty wrote on 26 mei 2007 in
    >> >> > microsoft.public.inetserver.asp.general:
    >> >> >
    >> >> >> By setting it to require SSL you have precluded it from accepting
    >> >> >> non-secure requests, which I believe will prevent IIS from acting
    >> >> >> on a
    >> >> >> server-side redirect. You might be able to make it happen on the
    >> >> >> client side, by generating a page with a refresh meta-header, or
    >> >> >> client script. If not, you will need to setup two virtual servers,
    >> >> >> one for HTTPS and the other for HTTP, using the same IP or domain
    >> >> >> name
    >> >> >> (if using host headers.)
    >> >> >
    >> >> > request.redirect invokes a clientside action,
    >> >> > I believe by sending an appropriate header.
    >> >>
    >> >> Yes the client acts on it, but status 302 is generated by the server
    >> >> (as
    >> >> opposed to being part of served content) which may well be why this
    >> >> status
    >> >> is commonly referred to as a server redirect. My assumption, based on
    >> >> observation, is that IIS declines to perform the server-side scripted
    >> >> redirect because of security issues raised by the initial request.
    >> >> (IOW,
    >> >> I
    >> >> have seen that what the OP is trying to do, doesn't work; since the
    >> >> exact
    >> >> reason isn't documented, and MS has declined to share IIS sources with
    >> >> me,
    >> >> I'm left with only my assumptions.)
    >> >>
    >> >> >>> With custom error set up URL to /myvirtualdirectory/redrect.asp
    >> >> >>> I got this error message:
    >> >> >>> Secure Channel Required
    >> >> >>> This Virtual Directory requires a browser that supports the
    >> >> >>> configured
    >> >> >>> encryption options.
    >> >> >
    >> >> > It seems the [which?] browser does not like that header.
    >> >>
    >> >> As if all IIS default error messages are perfectly accurate, fully
    >> >> descript,
    >> >> and entirely based upon fact? IE is clearly thus capable, yet this
    >> >> error
    >> >> is
    >> >> displayed by it as easily as by whatever sleazy niche browsers might
    >> >> be
    >> >> out
    >> >> there that do not support SSL.
    >> >>
    >> >> If you consider end-user level error messages to be empiracle...
    >> >> hmm...
    >> >> you
    >> >> wouldn't happen to be interested in buying vacation property in the
    >> >> Florida
    >> >> Everglades?
    >> >>
    >> >>
    >> >> -Mark
    >> >>
    >> >>
    >> >>
    >> >> > --
    >> >> > Evertjan.
    >> >> > The Netherlands.
    >> >> > (Please change the x'es to dots in my emailaddress)
    >> >>
    >> >>
    >> >>

    >>
    >>
    >>
     
    Mark J. McGinty, Jun 10, 2007
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alfredo Barrientos
    Replies:
    0
    Views:
    536
    Alfredo Barrientos
    Aug 31, 2005
  2. Forrest Samuels

    Jetty and http to https redirect

    Forrest Samuels, Dec 4, 2004, in forum: Java
    Replies:
    1
    Views:
    4,081
    Steve Sobol
    Dec 5, 2004
  3. =?Utf-8?B?RGFiYmxlcg==?=

    redirect from https to http w/o security warning

    =?Utf-8?B?RGFiYmxlcg==?=, Apr 27, 2006, in forum: ASP .Net
    Replies:
    6
    Views:
    18,331
    april198474
    Sep 23, 2009
  4. Axel
    Replies:
    8
    Views:
    1,190
    Adrienne Boswell
    Apr 27, 2009
  5. jotto
    Replies:
    4
    Views:
    418
    jotto
    Oct 2, 2006
Loading...

Share This Page