How to enforce/redirect HTTP to HTTPS

ssl iis-6 redirect https
6,787

Solution 1

Redirecting HTTP to HTTPS using IIS

With SSL enabled, anytime you attempt to access a page via http, the server generates a 403.4 error. IIS is now configured to run your sslredirect.asp page every time this error occurs. The error page will include a querystring which contains the error number and the page causing the error, I.e. "403;http://www.whatever.com". Our ASP file uses a simple script to just trim off the beginning part (430;http), add the necessary "https", and redirect to whatever page the user requested using SSL. Voila!

Solution 2

The cleanest way is to have a mod rewrite isapi filter installed. And redirect all http calls to https (or just those for a specific folder/page if you prefer).

http://www.isapirewrite.com/

Heres an article that explains how to do that + mentions some of the others suggested. http://www.iis-aid.com/articles/how_to_guides/three_methods_redirect_http_https

Solution 3

Check out the Microsoft Knowledgebase article How to redirect an HTTP connection to HTTPS for Outlook Web Access clients and how to redirect the Default Web Site to point to the Exchange virtual directory.

There are a few steps to configure this correctly; the code is:

<%

If Request.ServerVariables("HTTPS")  = "off" Then
Response.Redirect "https://" & Request.ServerVariables("HTTP_HOST") & "/Exchange"
End If 

%>
Share:
6,787

Related videos on Youtube

Dan
Author by

Dan

One Saturday lunchtime my dad came home from work with a £20 bonus (this was 1983). He said he thought he'd buy one of those computer things at Rumbelows (this was 1983) and a little later we returned home with a ZX Spectrum and 3 games - Space Raiders, Snooker, and Escape... My dad had to go back out maybe an hour later to buy a new tape/cassette player because ours didn't have the right plugs.

Updated on September 17, 2022

Comments

  • Dan
    Dan over 1 year

    I've been hosting a domain on a Win2003 server for the last 3 or 4 years, but I now need to make this domain accessible only via HTTPS.

    I've installed the certificate correctly and it works fine (the server hosts several domains, but this domain is hosted on a different public IP address), but I'm struggling to get IIS to just transfer all users who go to http://www.example.com to https://www.example.com.

    I've found the "require secure channel" option in IIS, but checking this results in anyone who fails to type the https:// part seeing an error message (below). What's the best way to redirect users to the HTTPS site (without the user having to worry about it)?

    The page must be viewed over a secure channel The page you are trying to access is secured with Secure Sockets Layer (SSL).

    Please try the following:

    Type https:// at the beginning of the address you are attempting to reach and press ENTER.

    HTTP Error 403.4 - Forbidden: SSL is required to view this resource.

  • RainyRat
    RainyRat over 14 years
    I disagree with the first part; many adjectives spring to mind when thinking about the ISAPI version of mod_rewrite, but "clean" isn't one of them.
  • Admin
    Admin almost 2 years
    This question was asked in 2009, and the HSTS RFC is from November 2012. Hopefully this Windows 2003 (EOL since July 2015) is not alive anymore.
  • Admin
    Admin almost 2 years
    Ah good point, I hadn't even noticed the date. I came here via google while trying to search for the term 'HSTS' because I had forgotten the name. So I figured at least someone could benefit from this answer.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Setup a redirection in IIS with parameters carried over
IIS HTTP to HTTPS relative redirect
Nginx config to proxy pass to external ip and port (https -> http)
Force HTTPS for specific URL
how can I share an asp.net session between http and https
What's correct htaccess rule to redirect mixed content to HTTPS
How to redirect http to https for IP and domain on Apache2
"Remove the following redirect chain if possible" on Nginx
Conditional https redirect to http depending on URL? (Apache)
Apache Redirect from https to https