redirect http to https

Hi all,
I am trying to set this up using asp code and IIS configuration. But it
seems not working. Here it is the way I am doing.
In IIS I set up a virtual directory with secure communication, I checked
require secure channel, require 128-bit encryption. In custom error, instead
of using default message
HTTP 403.4 - Forbidden: SSL required
Internet Information Services
in iishelp 403.4htm, I am trying to do redirect automatically.
so I have a small code from internet like this in my virtual directory:
redirect.asp
<%If Request.ServerVariables("SERVER_PORT")=80 Then
Dim strQUERY_STRING
Dim strSecureURL
Dim strWork

' Get server variables
strQUERY_STRING = Request.ServerVariables("QUERY_STRING")

' Fix the query string:
strWork = Replace(strQUERY_STRING,"http","https")
strWork = Replace(strWork,"403;","")

' Now, set the new, secure URL:
strSecureURL = strWork
'response.write(strSecureURL) ' uncomment for sanity check.
Response.Redirect strSecureURL
End If %>
But it seems not working, it only have a message like this:

With custom error set up URL to /myvirtualdirectory/redrect.asp
I got this error message:
Secure Channel Required
This Virtual Directory requires a browser that supports the configured
encryption options.

If I set up custom error file to redirect.asp, this file will be displayed,
it seems this points to the right place, it just somehow didn't executed.
can you give me a clue?
Thank you.
Betty

Re: redirect http to https

"c676228" wrote in message
news:4994275F-BE4F-40C9-ADBB-E579251157F7@microsoft.com...
> Hi all,
> I am trying to set this up using asp code and IIS configuration. But it
> seems not working. Here it is the way I am doing.
> In IIS I set up a virtual directory with secure communication, I checked
> require secure channel, require 128-bit encryption. In custom error,
> instead
> of using default message
> HTTP 403.4 - Forbidden: SSL required
> Internet Information Services
> in iishelp 403.4htm, I am trying to do redirect automatically.

By setting it to require SSL you have precluded it from accepting non-secure
requests, which I believe will prevent IIS from acting on a server-side
redirect. You might be able to make it happen on the client side, by
generating a page with a refresh meta-header, or client script. If not, you
will need to setup two virtual servers, one for HTTPS and the other for
HTTP, using the same IP or domain name (if using host headers.)

-Mark




> so I have a small code from internet like this in my virtual directory:
> redirect.asp
> <%If Request.ServerVariables("SERVER_PORT")=80 Then
> Dim strQUERY_STRING
> Dim strSecureURL
> Dim strWork
>
> ' Get server variables
> strQUERY_STRING = Request.ServerVariables("QUERY_STRING")
>
> ' Fix the query string:
> strWork = Replace(strQUERY_STRING,"http","https")
> strWork = Replace(strWork,"403;","")
>
> ' Now, set the new, secure URL:
> strSecureURL = strWork
> 'response.write(strSecureURL) ' uncomment for sanity check.
> Response.Redirect strSecureURL
> End If %>
> But it seems not working, it only have a message like this:
>
> With custom error set up URL to /myvirtualdirectory/redrect.asp
> I got this error message:
> Secure Channel Required
> This Virtual Directory requires a browser that supports the configured
> encryption options.
>
> If I set up custom error file to redirect.asp, this file will be
> displayed,
> it seems this points to the right place, it just somehow didn't executed.
> can you give me a clue?
> Thank you.
> Betty

Re: redirect http to https

Mark J. McGinty wrote on 26 mei 2007 in
microsoft.public.inetserver.asp.general:

> By setting it to require SSL you have precluded it from accepting
> non-secure requests, which I believe will prevent IIS from acting on a
> server-side redirect. You might be able to make it happen on the
> client side, by generating a page with a refresh meta-header, or
> client script. If not, you will need to setup two virtual servers,
> one for HTTPS and the other for HTTP, using the same IP or domain name
> (if using host headers.)

request.redirect invokes a clientside action,
I believe by sending an appropriate header.

>> With custom error set up URL to /myvirtualdirectory/redrect.asp
>> I got this error message:
>> Secure Channel Required
>> This Virtual Directory requires a browser that supports the configured
>> encryption options.

It seems the [which?] browser does not like that header.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

Re: redirect http to https

"Evertjan." wrote in message
news:Xns993C6B1972BBBeejj99@194.109.133.242...
> Mark J. McGinty wrote on 26 mei 2007 in
> microsoft.public.inetserver.asp.general:
>
>> By setting it to require SSL you have precluded it from accepting
>> non-secure requests, which I believe will prevent IIS from acting on a
>> server-side redirect. You might be able to make it happen on the
>> client side, by generating a page with a refresh meta-header, or
>> client script. If not, you will need to setup two virtual servers,
>> one for HTTPS and the other for HTTP, using the same IP or domain name
>> (if using host headers.)
>
> request.redirect invokes a clientside action,
> I believe by sending an appropriate header.

Yes the client acts on it, but status 302 is generated by the server (as
opposed to being part of served content) which may well be why this status
is commonly referred to as a server redirect. My assumption, based on
observation, is that IIS declines to perform the server-side scripted
redirect because of security issues raised by the initial request. (IOW, I
have seen that what the OP is trying to do, doesn't work; since the exact
reason isn't documented, and MS has declined to share IIS sources with me,
I'm left with only my assumptions.)

>>> With custom error set up URL to /myvirtualdirectory/redrect.asp
>>> I got this error message:
>>> Secure Channel Required
>>> This Virtual Directory requires a browser that supports the configured
>>> encryption options.
>
> It seems the [which?] browser does not like that header.

As if all IIS default error messages are perfectly accurate, fully descript,
and entirely based upon fact? IE is clearly thus capable, yet this error is
displayed by it as easily as by whatever sleazy niche browsers might be out
there that do not support SSL.

If you consider end-user level error messages to be empiracle... hmm... you
wouldn't happen to be interested in buying vacation property in the Florida
Everglades?


-Mark



> --
> Evertjan.
> The Netherlands.
> (Please change the x'es to dots in my emailaddress)

Re: redirect http to https

Hi Mark and Evertjan,
Thanks for the replies. Here is another way I got from the internet.
It is not working in IIS5.0:

Create one HTML page[say Redirectssl.htm] with Folowing Javascript code :

Just Save this page in root directory of WebSite & Follow the steps :
1)Replac the 403.4[Message type be FILE] in IIS 6 with a Redirectssl.htm
file that contains the above Javascript.
2)Save changes & Restart IIS admin[not mandatory]


But it is not working for me? can you help? t
--
Betty


"Mark J. McGinty" wrote:

>
> "Evertjan." wrote in message
> news:Xns993C6B1972BBBeejj99@194.109.133.242...
> > Mark J. McGinty wrote on 26 mei 2007 in
> > microsoft.public.inetserver.asp.general:
> >
> >> By setting it to require SSL you have precluded it from accepting
> >> non-secure requests, which I believe will prevent IIS from acting on a
> >> server-side redirect. You might be able to make it happen on the
> >> client side, by generating a page with a refresh meta-header, or
> >> client script. If not, you will need to setup two virtual servers,
> >> one for HTTPS and the other for HTTP, using the same IP or domain name
> >> (if using host headers.)
> >
> > request.redirect invokes a clientside action,
> > I believe by sending an appropriate header.
>
> Yes the client acts on it, but status 302 is generated by the server (as
> opposed to being part of served content) which may well be why this status
> is commonly referred to as a server redirect. My assumption, based on
> observation, is that IIS declines to perform the server-side scripted
> redirect because of security issues raised by the initial request. (IOW, I
> have seen that what the OP is trying to do, doesn't work; since the exact
> reason isn't documented, and MS has declined to share IIS sources with me,
> I'm left with only my assumptions.)
>
> >>> With custom error set up URL to /myvirtualdirectory/redrect.asp
> >>> I got this error message:
> >>> Secure Channel Required
> >>> This Virtual Directory requires a browser that supports the configured
> >>> encryption options.
> >
> > It seems the [which?] browser does not like that header.
>
> As if all IIS default error messages are perfectly accurate, fully descript,
> and entirely based upon fact? IE is clearly thus capable, yet this error is
> displayed by it as easily as by whatever sleazy niche browsers might be out
> there that do not support SSL.
>
> If you consider end-user level error messages to be empiracle... hmm... you
> wouldn't happen to be interested in buying vacation property in the Florida
> Everglades?
>
>
> -Mark
>
>
>
> > --
> > Evertjan.
> > The Netherlands.
> > (Please change the x'es to dots in my emailaddress)
>
>
>

Re: redirect http to https

"c676228" wrote in message
news:C0A4C7C8-FBC6-4468-A47A-E657D88D911D@microsoft.com...
> Hi Mark and Evertjan,
> Thanks for the replies. Here is another way I got from the internet.
> It is not working in IIS5.0:
>
> Create one HTML page[say Redirectssl.htm] with Folowing Javascript code :
>
> Just Save this page in root directory of WebSite & Follow the steps :
> 1)Replac the 403.4[Message type be FILE] in IIS 6 with a Redirectssl.htm
> file that contains the above Javascript.
> 2)Save changes & Restart IIS admin[not mandatory]
>
>
> But it is not working for me? can you help? t

Define "not working for me."


-Mark



> --
> Betty
>
>
> "Mark J. McGinty" wrote:
>
>>
>> "Evertjan." wrote in message
>> news:Xns993C6B1972BBBeejj99@194.109.133.242...
>> > Mark J. McGinty wrote on 26 mei 2007 in
>> > microsoft.public.inetserver.asp.general:
>> >
>> >> By setting it to require SSL you have precluded it from accepting
>> >> non-secure requests, which I believe will prevent IIS from acting on a
>> >> server-side redirect. You might be able to make it happen on the
>> >> client side, by generating a page with a refresh meta-header, or
>> >> client script. If not, you will need to setup two virtual servers,
>> >> one for HTTPS and the other for HTTP, using the same IP or domain name
>> >> (if using host headers.)
>> >
>> > request.redirect invokes a clientside action,
>> > I believe by sending an appropriate header.
>>
>> Yes the client acts on it, but status 302 is generated by the server (as
>> opposed to being part of served content) which may well be why this
>> status
>> is commonly referred to as a server redirect. My assumption, based on
>> observation, is that IIS declines to perform the server-side scripted
>> redirect because of security issues raised by the initial request. (IOW,
>> I
>> have seen that what the OP is trying to do, doesn't work; since the exact
>> reason isn't documented, and MS has declined to share IIS sources with
>> me,
>> I'm left with only my assumptions.)
>>
>> >>> With custom error set up URL to /myvirtualdirectory/redrect.asp
>> >>> I got this error message:
>> >>> Secure Channel Required
>> >>> This Virtual Directory requires a browser that supports the
>> >>> configured
>> >>> encryption options.
>> >
>> > It seems the [which?] browser does not like that header.
>>
>> As if all IIS default error messages are perfectly accurate, fully
>> descript,
>> and entirely based upon fact? IE is clearly thus capable, yet this error
>> is
>> displayed by it as easily as by whatever sleazy niche browsers might be
>> out
>> there that do not support SSL.
>>
>> If you consider end-user level error messages to be empiracle... hmm...
>> you
>> wouldn't happen to be interested in buying vacation property in the
>> Florida
>> Everglades?
>>
>>
>> -Mark
>>
>>
>>
>> > --
>> > Evertjan.
>> > The Netherlands.
>> > (Please change the x'es to dots in my emailaddress)
>>
>>
>>

Re: redirect http to https

Hi Mark,
Not working, meaning when I entered http://xxxx.com, it didn't do anything
and not redirect to https://, just stay as http:// protocol.

I finally figure out to do this way on serverside:
If Request.ServerVariables("HTTPS") = "off" Then
Response.Redirect "https://" & Request.ServerVariables("HTTP_HOST") &
Request.ServerVariables("URL") & "?"
&Request.ServerVariables("QUERY_STRING")End If

But I am not sure if this is dependable.
--
Betty


"Mark J. McGinty" wrote:

>
> "c676228" wrote in message
> news:C0A4C7C8-FBC6-4468-A47A-E657D88D911D@microsoft.com...
> > Hi Mark and Evertjan,
> > Thanks for the replies. Here is another way I got from the internet.
> > It is not working in IIS5.0:
> >
> > Create one HTML page[say Redirectssl.htm] with Folowing Javascript code :
> >
> > Just Save this page in root directory of WebSite & Follow the steps :
> > 1)Replac the 403.4[Message type be FILE] in IIS 6 with a Redirectssl.htm
> > file that contains the above Javascript.
> > 2)Save changes & Restart IIS admin[not mandatory]
> >
> >
> > But it is not working for me? can you help? t
>
> Define "not working for me."
>
>
> -Mark
>
>
>
> > --
> > Betty
> >
> >
> > "Mark J. McGinty" wrote:
> >
> >>
> >> "Evertjan." wrote in message
> >> news:Xns993C6B1972BBBeejj99@194.109.133.242...
> >> > Mark J. McGinty wrote on 26 mei 2007 in
> >> > microsoft.public.inetserver.asp.general:
> >> >
> >> >> By setting it to require SSL you have precluded it from accepting
> >> >> non-secure requests, which I believe will prevent IIS from acting on a
> >> >> server-side redirect. You might be able to make it happen on the
> >> >> client side, by generating a page with a refresh meta-header, or
> >> >> client script. If not, you will need to setup two virtual servers,
> >> >> one for HTTPS and the other for HTTP, using the same IP or domain name
> >> >> (if using host headers.)
> >> >
> >> > request.redirect invokes a clientside action,
> >> > I believe by sending an appropriate header.
> >>
> >> Yes the client acts on it, but status 302 is generated by the server (as
> >> opposed to being part of served content) which may well be why this
> >> status
> >> is commonly referred to as a server redirect. My assumption, based on
> >> observation, is that IIS declines to perform the server-side scripted
> >> redirect because of security issues raised by the initial request. (IOW,
> >> I
> >> have seen that what the OP is trying to do, doesn't work; since the exact
> >> reason isn't documented, and MS has declined to share IIS sources with
> >> me,
> >> I'm left with only my assumptions.)
> >>
> >> >>> With custom error set up URL to /myvirtualdirectory/redrect.asp
> >> >>> I got this error message:
> >> >>> Secure Channel Required
> >> >>> This Virtual Directory requires a browser that supports the
> >> >>> configured
> >> >>> encryption options.
> >> >
> >> > It seems the [which?] browser does not like that header.
> >>
> >> As if all IIS default error messages are perfectly accurate, fully
> >> descript,
> >> and entirely based upon fact? IE is clearly thus capable, yet this error
> >> is
> >> displayed by it as easily as by whatever sleazy niche browsers might be
> >> out
> >> there that do not support SSL.
> >>
> >> If you consider end-user level error messages to be empiracle... hmm...
> >> you
> >> wouldn't happen to be interested in buying vacation property in the
> >> Florida
> >> Everglades?
> >>
> >>
> >> -Mark
> >>
> >>
> >>
> >> > --
> >> > Evertjan.
> >> > The Netherlands.
> >> > (Please change the x'es to dots in my emailaddress)
> >>
> >>
> >>
>
>
>

Re: redirect http to https

"c676228" wrote in message
news:9DE990AF-963A-400C-AC5A-758B16CFA007@microsoft.com...
> Hi Mark,
> Not working, meaning when I entered http://xxxx.com, it didn't do anything
> and not redirect to https://, just stay as http:// protocol.

What was the content of the error page you were left on? Did you view
source? Did a script error occur, or did an error file other than the one
you expected get sent down from the server? My first-line reality check
would've been to make the error page content visibly different (in addition
to the added script.)

> I finally figure out to do this way on serverside:
> If Request.ServerVariables("HTTPS") = "off" Then
> Response.Redirect "https://" & Request.ServerVariables("HTTP_HOST") &
> Request.ServerVariables("URL") & "?"
> &Request.ServerVariables("QUERY_STRING")End If
>
> But I am not sure if this is dependable.

Is that not exactly where we started this thread? Oh, I see, you're using a
different server variable...

As far as dependability goes, I usually like to find out what was wrong with
the things that didn't work, as understanding failure can be key to
understanding success.

Just to be on the safe side, I'd make the content of that error page a
little friendlier than the default one that comes with the server. If you
include a link to the site on it, worst case if it fails is the user will
have to click the link -- if you tack on a easily recognizable and
adequately unique [do-nothing] parameter, you can even monitor how often the
link is used, by scanning the server logs.

-Mark



> Betty
>
>
> "Mark J. McGinty" wrote:
>
>>
>> "c676228" wrote in message
>> news:C0A4C7C8-FBC6-4468-A47A-E657D88D911D@microsoft.com...
>> > Hi Mark and Evertjan,
>> > Thanks for the replies. Here is another way I got from the internet.
>> > It is not working in IIS5.0:
>> >
>> > Create one HTML page[say Redirectssl.htm] with Folowing Javascript code
>> > :
>> >
>> > Just Save this page in root directory of WebSite & Follow the steps :
>> > 1)Replac the 403.4[Message type be FILE] in IIS 6 with a
>> > Redirectssl.htm
>> > file that contains the above Javascript.
>> > 2)Save changes & Restart IIS admin[not mandatory]
>> >
>> >
>> > But it is not working for me? can you help? t
>>
>> Define "not working for me."
>>
>>
>> -Mark
>>
>>
>>
>> > --
>> > Betty
>> >
>> >
>> > "Mark J. McGinty" wrote:
>> >
>> >>
>> >> "Evertjan." wrote in message
>> >> news:Xns993C6B1972BBBeejj99@194.109.133.242...
>> >> > Mark J. McGinty wrote on 26 mei 2007 in
>> >> > microsoft.public.inetserver.asp.general:
>> >> >
>> >> >> By setting it to require SSL you have precluded it from accepting
>> >> >> non-secure requests, which I believe will prevent IIS from acting
>> >> >> on a
>> >> >> server-side redirect. You might be able to make it happen on the
>> >> >> client side, by generating a page with a refresh meta-header, or
>> >> >> client script. If not, you will need to setup two virtual servers,
>> >> >> one for HTTPS and the other for HTTP, using the same IP or domain
>> >> >> name
>> >> >> (if using host headers.)
>> >> >
>> >> > request.redirect invokes a clientside action,
>> >> > I believe by sending an appropriate header.
>> >>
>> >> Yes the client acts on it, but status 302 is generated by the server
>> >> (as
>> >> opposed to being part of served content) which may well be why this
>> >> status
>> >> is commonly referred to as a server redirect. My assumption, based on
>> >> observation, is that IIS declines to perform the server-side scripted
>> >> redirect because of security issues raised by the initial request.
>> >> (IOW,
>> >> I
>> >> have seen that what the OP is trying to do, doesn't work; since the
>> >> exact
>> >> reason isn't documented, and MS has declined to share IIS sources with
>> >> me,
>> >> I'm left with only my assumptions.)
>> >>
>> >> >>> With custom error set up URL to /myvirtualdirectory/redrect.asp
>> >> >>> I got this error message:
>> >> >>> Secure Channel Required
>> >> >>> This Virtual Directory requires a browser that supports the
>> >> >>> configured
>> >> >>> encryption options.
>> >> >
>> >> > It seems the [which?] browser does not like that header.
>> >>
>> >> As if all IIS default error messages are perfectly accurate, fully
>> >> descript,
>> >> and entirely based upon fact? IE is clearly thus capable, yet this
>> >> error
>> >> is
>> >> displayed by it as easily as by whatever sleazy niche browsers might
>> >> be
>> >> out
>> >> there that do not support SSL.
>> >>
>> >> If you consider end-user level error messages to be empiracle...
>> >> hmm...
>> >> you
>> >> wouldn't happen to be interested in buying vacation property in the
>> >> Florida
>> >> Everglades?
>> >>
>> >>
>> >> -Mark
>> >>
>> >>
>> >>
>> >> > --
>> >> > Evertjan.
>> >> > The Netherlands.
>> >> > (Please change the x'es to dots in my emailaddress)
>> >>
>> >>
>> >>
>>
>>
>>