Bookmark and Share Subscribe Bookmark and Share

Categories

Advertisement



Automatically Redirect HTTP requests to HTTPS on IIS 6

Jan
17

 « »    

This article is for IIS 6 for the IIS 7 please refer to this article.

If you configure IIS to only allow https connections, a user will get a 403.4 error when attempting to access the page via http. To fix this problem we create a custom 403.4 page that redirects http requests to https. We will be changing this configuration in a couple of steps:

Step 1 – Verify SSL is required for the selected site
Step 2 – Create a HttpRedirect.htm file and save it to C:\InetPub
Step 3 – Set the 403.4 error page to use this file instead of the regular error file
Step 4 – Test

This is a standard 403.4 error message file provided out of the box with IIS.

Step 1 – Verify SSL is required for the selected site

1)      Open IIS Manager (Start Menu\Programs\Administrative Tools or %SystemRoot%\system32\inetsrv\iis.msc)
2)      Expand the Computer Name
3)      Expand Web Sites
4)      Right click the web site we wish to modify
5)      Select “Properties”

6)      Select the “Directory Security” tab
7)      Select “Edit” in the Secure Communications section
8)      Check off the “Require secure channel (SSL)” option. (This will only allow pages on this site to be viewed only with https.)
9)      Press OK and close all Properties windows

Step 2 – Create a HttpRedirect.htm file and save it to C:\InetPub

We will be creating an HTM file containing the following code. We will save this file to C:\Inetpub.

1)      Open Notepad and copy in the following code below
2)      Go to File > Save as and save this file as HttpRedirect.htm, and save the file to C:\Inetpub directory.

You can download a copy of this file here: HttpRedirect.zip

<!-- beginning of HttpRedirect.htm file -->

<script type="text/javascript">

function redirectToHttps()

{

var httpURL = window.location.hostname+window.location.pathname;

var httpsURL = "https://" + httpURL ;

window.location = httpsURL ;

}

redirectToHttps();

</script>

<!-- end of HttpRedirect.htm file --> 

 

Step 3 – Set the 403 error page to use this file instead of the regular error file

1)      Expand the Computer Name
2)      Expand Web Sites
3)      Right click the web site you wish to modify
4)      Select “Properties”

5)      Select “Custom Errors” Tab
6)      Select the “403;4” error
7)      Press the “Edit” button
8)      Browse to and Select the HttpRedirect.htm file in C:\Inetpub
9)      Press OK and close all Properties windows

Step 4 – Test

1)      Bring up a web browser and try to access the site by https, verify that this is working ok
2)      Try to access the site via http now. You should see the browser change the http:// to https://

Note

In the unlikely event that a client does not have JavaScript enabled, this will not work. JavaScript must be enabled on the client machine for this to work.

Series NavigationAutomatically Redirect HTTP requests to HTTPS using ASP

    Did I save you time and headaches? Buy me a cup of coffee.
    The more coffee I drink the more articles I can write.




28 Comments so far

  1. Thank you. It works great!. To simplify, add the "HTTPRedirect.htm" in the same location as the current/default 403:4 error file.

  2. how would i implement this solution just to login page in my website. background: i need to implement wildcard ssl encryption only to my login page ,did that creating subfolder and then redirect that to my login page( since my login page naming convention was is not sutiable for direct wild card implementation). issue comees when user knows my http login page url naming convention

    • Kobina Nyame said:
    • Posted on June 17th, 2013 at 11:34 am
    • Reply
    • Permalink

    I really appreciate these instructions – simple, clear and effective.

  3. sam is correct!

    Guys, just wondering why you would rather make the site crash/bug/fail, catch the error, put a javascript in there and redirect… when ISS has a builtin function to redirect sites…

    – Create a site on port80 (let's say "MySite-Redirect), go in the properties, set the home page tab with "Redirect to this URL" = https://www.whateversitename.com
    – Create another site (let's say "MySite-SSL"), on port443 to answer the request

    Just a thought

  4. Help needed from expert
    I did all the steps for redirecting to https
    when i type 207.234.225.70 it redirect me to https://207.234.225.70
    but i get the above error

    This is a standard 403.4 error message file provided out of the box with IIS.

  5. It works great, Thank you

Leave a comment

Trackbacks on this post