Bookmark and Share Subscribe Bookmark and Share

Categories

Advertisement



Automatically Redirect HTTP requests to HTTPS on IIS 6

Jan
17

 « »    

This article is for IIS 6 for the IIS 7 please refer to this article.

If you configure IIS to only allow https connections, a user will get a 403.4 error when attempting to access the page via http. To fix this problem we create a custom 403.4 page that redirects http requests to https. We will be changing this configuration in a couple of steps:

Step 1 – Verify SSL is required for the selected site
Step 2 – Create a HttpRedirect.htm file and save it to C:\InetPub
Step 3 – Set the 403.4 error page to use this file instead of the regular error file
Step 4 – Test

This is a standard 403.4 error message file provided out of the box with IIS.

Step 1 – Verify SSL is required for the selected site

1)      Open IIS Manager (Start Menu\Programs\Administrative Tools or %SystemRoot%\system32\inetsrv\iis.msc)
2)      Expand the Computer Name
3)      Expand Web Sites
4)      Right click the web site we wish to modify
5)      Select “Properties”

6)      Select the “Directory Security” tab
7)      Select “Edit” in the Secure Communications section
8)      Check off the “Require secure channel (SSL)” option. (This will only allow pages on this site to be viewed only with https.)
9)      Press OK and close all Properties windows

Step 2 – Create a HttpRedirect.htm file and save it to C:\InetPub

We will be creating an HTM file containing the following code. We will save this file to C:\Inetpub.

1)      Open Notepad and copy in the following code below
2)      Go to File > Save as and save this file as HttpRedirect.htm, and save the file to C:\Inetpub directory.

You can download a copy of this file here: HttpRedirect.zip

<!-- beginning of HttpRedirect.htm file -->

<script type="text/javascript">

function redirectToHttps()

{

var httpURL = window.location.hostname+window.location.pathname;

var httpsURL = "https://" + httpURL ;

window.location = httpsURL ;

}

redirectToHttps();

</script>

<!-- end of HttpRedirect.htm file --> 

 

Step 3 – Set the 403 error page to use this file instead of the regular error file

1)      Expand the Computer Name
2)      Expand Web Sites
3)      Right click the web site you wish to modify
4)      Select “Properties”

5)      Select “Custom Errors” Tab
6)      Select the “403;4” error
7)      Press the “Edit” button
8)      Browse to and Select the HttpRedirect.htm file in C:\Inetpub
9)      Press OK and close all Properties windows

Step 4 – Test

1)      Bring up a web browser and try to access the site by https, verify that this is working ok
2)      Try to access the site via http now. You should see the browser change the http:// to https://

Note

In the unlikely event that a client does not have JavaScript enabled, this will not work. JavaScript must be enabled on the client machine for this to work.

Series NavigationAutomatically Redirect HTTP requests to HTTPS using ASP

    Did I save you time and headaches? Buy me a cup of coffee.
    The more coffee I drink the more articles I can write.




28 Comments so far

    • Chris said:
    • Posted on January 30th, 2013 at 11:43 pm
    • Reply
    • Permalink

    Great work, thjis is exactly what I needed. I agree with reordering the steps to reduce downtime, seemed logical to me so I did anyhow.

    • Mansoor said:
    • Posted on December 10th, 2012 at 8:06 am
    • Reply
    • Permalink

    very good, it has helped me…thank u very much !

    • tecpress said:
    • Posted on October 23rd, 2012 at 9:16 pm
    • Reply
    • Permalink

    thank you for shared…

    • tecpress said:
    • Posted on October 22nd, 2012 at 6:57 pm
    • Reply
    • Permalink

    Obrigado! por compartilha!

    • Michael said:
    • Posted on August 22nd, 2012 at 2:46 pm
    • Reply
    • Permalink

    I would recommend reordering the steps to avoid the downtime created step 1. I recommend executing in the following order:
    2: Create file
    3: Modify error
    1: Restrict SSL
    4: Test

    If you restrict SSL then the site locks out while you execute steps 2 and 3.

    • Rakesh said:
    • Posted on December 19th, 2011 at 1:53 am
    • Reply
    • Permalink

    i get another 403 forbidden message saying :
    The website declined to show this webpage
    HTTP 403
    Most likely causes:
    •This website requires you to log in.

    What you can try:
    Go back to the previous page.

    More information

    This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.

    For more information about HTTP errors, see Help.

Leave a comment

Trackbacks on this post