can you force ssl on a website

TheMSsForum.com: The Microsoft Software Forum

is there a way in iis to make sure any requests for a website uses ssl
(https) even if they just type www.domain.com or if they type
http://www.domain.com, can iis be used to make it go to ssl/https??

many thanks
david
Top

Re: can you force ssl on a website by Ken

Ken
Wed Dec 17 05:03:05 CST 2003

a) Add your certificate to your site
b) In the IIS MMC Snapin, open the properties for your website, Directory
Security -> SSL -> Edit -> Require SSL Connection
c) Create a custom 403.4 error page that redirects the user from the http://
to https:// site. You will need to edit the security permissions of this
page so that SSL *isn't* required. Make the file type "url", and set it so
yourCustomPage.asp
d) Put the following code in the ASP page (it works on IIS6, should work on
IIS5 as well):

<%
If Request.ServerVariables("HTTPS") = "off" then

Dim strServerName
Dim strRequestedURL
Dim strRequestedFile
Dim intPosURLLocation
Dim strRedirectURL

strServerName = Request.ServerVariables("server_name")

' Get rid of "403;http://"
strRequestedURL = Mid(Request.ServerVariables("query_string"), 12)

' Find location of next / after server name
intPosURLLocation = InStr(strRequestedURL, "/")

' Extra this from strRequestedURL
strRequestedFile = Mid(strRequestedURL, intPosURLLocation)

' Build Redirect String
' You can Response.Write() this for debugging purposes
strRedirectURL = "https://" & strServerName & strRequestedFile

' Redirect
Response.Redirect(strRedirectURL)

End If
%>

HTH
Cheers
Ken

"DavidC" <david.crowhurst@questinfo.com> wrote in message
news:3fe033a0$0$18039$cc9e4d1f@news.dial.pipex.com...
: is there a way in iis to make sure any requests for a website uses ssl
: (https) even if they just type www.domain.com or if they type
: http://www.domain.com, can iis be used to make it go to ssl/https??
:
: many thanks
: david
:
:


Top

Re: can you force ssl on a website by DavidC

DavidC
Wed Dec 17 09:36:09 CST 2003

i tried it with javascript:
if (window.location != https://www.yourdomain.com){
window.location=https://www.yourdomain.com}

which doesn't seem to work the file type is set to url and /custompage.html

but get 403 forbidden page???




"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:uOZaa1IxDHA.3744@TK2MSFTNGP11.phx.gbl...
> a) Add your certificate to your site
> b) In the IIS MMC Snapin, open the properties for your website, Directory
> Security -> SSL -> Edit -> Require SSL Connection
> c) Create a custom 403.4 error page that redirects the user from the
http://
> to https:// site. You will need to edit the security permissions of this
> page so that SSL *isn't* required. Make the file type "url", and set it so
> yourCustomPage.asp
> d) Put the following code in the ASP page (it works on IIS6, should work
on
> IIS5 as well):
>
> <%
> If Request.ServerVariables("HTTPS") = "off" then
>
> Dim strServerName
> Dim strRequestedURL
> Dim strRequestedFile
> Dim intPosURLLocation
> Dim strRedirectURL
>
> strServerName = Request.ServerVariables("server_name")
>
> ' Get rid of "403;http://"
> strRequestedURL = Mid(Request.ServerVariables("query_string"), 12)
>
> ' Find location of next / after server name
> intPosURLLocation = InStr(strRequestedURL, "/")
>
> ' Extra this from strRequestedURL
> strRequestedFile = Mid(strRequestedURL, intPosURLLocation)
>
> ' Build Redirect String
> ' You can Response.Write() this for debugging purposes
> strRedirectURL = "https://" & strServerName & strRequestedFile
>
> ' Redirect
> Response.Redirect(strRedirectURL)
>
> End If
> %>
>
> HTH
> Cheers
> Ken
>
> "DavidC" <david.crowhurst@questinfo.com> wrote in message
> news:3fe033a0$0$18039$cc9e4d1f@news.dial.pipex.com...
> : is there a way in iis to make sure any requests for a website uses ssl
> : (https) even if they just type www.domain.com or if they type
> : http://www.domain.com, can iis be used to make it go to ssl/https??
> :
> : many thanks
> : david
> :
> :
>
>


Top

Re: can you force ssl on a website by Paul

Paul
Wed Dec 17 10:29:43 CST 2003

On Wed, 17 Dec 2003 10:44:43 -0000, "DavidC"
<david.crowhurst@questinfo.com> wrote:

>is there a way in iis to make sure any requests for a website uses ssl
>(https) even if they just type www.domain.com or if they type
>http://www.domain.com, can iis be used to make it go to ssl/https??
>
>many thanks
>david
>

David,

Try this KB article :

HOW TO: Use ASP to Force SSL for Specific Pages
http://support.microsoft.com/?id=239875


Regards,

Paul Lynch
MCSE
Top

Re: can you force ssl on a website by Ken

Ken
Wed Dec 17 18:35:16 CST 2003

Did you make sure that SSL is *not* required for the custom error page?
Otherwise, the user will never be able to get to the custom error page.

Cheers
Ken

"DavidC" <david.crowhurst@questinfo.com> wrote in message
news:3fe077ef$0$18036$cc9e4d1f@news.dial.pipex.com...
: i tried it with javascript:
: if (window.location != https://www.yourdomain.com){
: window.location=https://www.yourdomain.com}
:
: which doesn't seem to work the file type is set to url and
/custompage.html
:
: but get 403 forbidden page???
:
:
:
:
: "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
: news:uOZaa1IxDHA.3744@TK2MSFTNGP11.phx.gbl...
: > a) Add your certificate to your site
: > b) In the IIS MMC Snapin, open the properties for your website,
Directory
: > Security -> SSL -> Edit -> Require SSL Connection
: > c) Create a custom 403.4 error page that redirects the user from the
: http://
: > to https:// site. You will need to edit the security permissions of this
: > page so that SSL *isn't* required. Make the file type "url", and set it
so
: > yourCustomPage.asp
: > d) Put the following code in the ASP page (it works on IIS6, should work
: on
: > IIS5 as well):
: >
: > <%
: > If Request.ServerVariables("HTTPS") = "off" then
: >
: > Dim strServerName
: > Dim strRequestedURL
: > Dim strRequestedFile
: > Dim intPosURLLocation
: > Dim strRedirectURL
: >
: > strServerName = Request.ServerVariables("server_name")
: >
: > ' Get rid of "403;http://"
: > strRequestedURL = Mid(Request.ServerVariables("query_string"), 12)
: >
: > ' Find location of next / after server name
: > intPosURLLocation = InStr(strRequestedURL, "/")
: >
: > ' Extra this from strRequestedURL
: > strRequestedFile = Mid(strRequestedURL, intPosURLLocation)
: >
: > ' Build Redirect String
: > ' You can Response.Write() this for debugging purposes
: > strRedirectURL = "https://" & strServerName & strRequestedFile
: >
: > ' Redirect
: > Response.Redirect(strRedirectURL)
: >
: > End If
: > %>
: >
: > HTH
: > Cheers
: > Ken
: >
: > "DavidC" <david.crowhurst@questinfo.com> wrote in message
: > news:3fe033a0$0$18039$cc9e4d1f@news.dial.pipex.com...
: > : is there a way in iis to make sure any requests for a website uses ssl
: > : (https) even if they just type www.domain.com or if they type
: > : http://www.domain.com, can iis be used to make it go to ssl/https??
: > :
: > : many thanks
: > : david
: > :
: > :
: >
: >
:
:


Top