Redirect http to https

Discussion in 'Microsoft Development' started by OJM, Jan 17, 2006.

  1. OJM

    OJM Perch


    I was hoping someone might be able to help me please?

    At my place of work, we run the online version of Outlook, so people can check their emails from home.

    Because this runs through a secure address (https) when people browse to the http address, it says the person isn't authorised to view it.

    Is there anyway I can set it up on the server (where it's hosted), so if someone types in the address with http, it will automatically redirect them to the https address (or display a page saying 'you are being redirected etc')?

    Thanks in advance for your help!

    Kind regards,

    Oli Mortimer
  2. antic

    antic Perch

    This would be a question for your server's IT support, wouldn't it? :)
  3. OJM

    OJM Perch

    I work in the ICT department of the company, and was just wondering how I can config IIS to do the above (redirect HTTP to HTTPS, instead of showing a "HTTP Error 403 - Forbidden")
  4. antic

    antic Perch

    ah :) Well I'm not an iis admin, but logically you would first have to make sure iis is allowing http (port 80) connections - that is port 80 is mapped to your site in iis.

    Once that's done and you can see the default site by browsing to the server, you need to write the little ASP script to do the redirection, which would simply be Response.Redirect ""

    You can check the ServerVariables collection to see if the user has connected using a secure connection or not - if they haven't that's when you do the redirection.
  5. Sailor

    Sailor Perch

    Just saw this post today, but in case you're still looking here's how I do it. This first checks if they used www (since my SSL cert only works on that domain). Then I reconstruct the original URL with https and www and redirect them wher they were going.

    ' ForceSSL.asp
    ' included at top of all admin pages to force use of SSL
    Dim strSecureURL
    If Request.ServerVariables("SERVER_PORT")=80 Then
    if not inStr(Request.ServerVariables("SERVER_NAME"), "www.") > 0 then ' need to add the www part
    strSecureURL = "https://www."
    strSecureURL = "https://"
    end if

    strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")

    strSecureURL = strSecureURL & Request.ServerVariables("URL")

    strSecureURL = strSecureURL & "?" & Request.QueryString

    Response.Redirect strSecureURL
    End If
  6. OJM

    OJM Perch

    Thanks, I'll try that one!

    How would I edit that to say, if they don't have https at the start of the URL, redirect them to https ?
  7. Penhall

    Penhall Perch

    A simple redirect to https: on entry would be something like:

    Response.Buffer = True
    If (Request.ServerVariables("HTTPS") = "off") then response.redirect ""
  8. Sailor

    Sailor Perch

    If all you want to do is redirect to https, just check the port:

    If Request.ServerVariables("SERVER_PORT")=80 Then
    end if

    The rest of my script just makes sure they also have www in the URL (because my SSL cert is only for that domain name), and checks what specific page and querystring variables they were using.

Share This Page

JodoHost - 26,000 hosting end-users in 100 countries
Plesk Web Hosting
VPS Hosting
H-Sphere Web Hosting
Other Services