We often get requests from our customers asking how they can seamlessly redirect web requests from HTTP to HTTPS, i.e. how they can redirect a non-SSL request to an SSL based request. Recently a colleague of mine got a similar issue and we decided to use some existing scripts that we had in our database. Unfortunately none could meet the requirement.
Basically the existing scripts redirected an HTTP request to another URL and that URL was not the original request user had asked for. It took us to let's say the homepage of the site and from there one again has to click on specific links to reach the desired page. So this will be a problem for users who have book-marked their desired web page.
Here are the steps you can try for your website such that all HTTP requests get translated to HTTPS requests and have the original URL intact.
<%@ Language=VBScript %>
strQueryString = Request.QueryString
sslPort = null
PlainURL = Right(strQueryString, len(strQueryString) - 4)
FindLastCOlon = InStrRev(PlainURL, ":")
FirstPart = Mid(PlainURL, 1, FindLastColon - 1)
LastPart = Mid(PlainURL, FindLastColon)
LastPart = (Mid(LastPart, InStr(LastPart, "/")))
'If the SSL Port is not the default 443, you need to uncomment the line below, by default SSL port is 443.
'sslPort = ":449"
if (sslPort = null) then
url= FirstPart & LastPart
url = FirstPart & sslPort & LastPart
strSecure = Replace(url, "http:", "https:", 1, 1)
-- Copy the above code and put in a file redirectSSL.asp under your Website root directory for which you want redirection to work.
-- Force SSL on the web site. To do that follow the steps mentioned below: - Go to --> <Your_Web_Site> -> Properties -> Directory Security -> Edit (Secure Communications) - Select Require secure channel (SSL).
-- Uncheck "Require secure channel (SSL)" option for the redirectSSL.asp page. To achieve that: - Go to --> <Your_Web_Site> -> redirectSSL.asp -> Properties -> File Security -> Edit (Secure Communications) - Uncheck Require secure channel (SSL).
So now we are forcing SSL to be used for all of the website contents except the redirectSSL.asp page which can be accessed over non-SSL (HTTP).
-- In the IIS manager -> <Your_Web_Site> -> Properties -> Custom Errors, modify the entry for 403;4 to look like this:
Now if you try to browse to some URL, let's say http://www.abc.com/asp/test/ssl/iistsart.htm, you will be redirected to https://www.abc.com/asp/test/ssl/iistsart.htm, without you requiring to modify HTTP to HTTPS.
If your SSL port is not the default port 443 then you need to un-comment a line in the code as mentioned in there and it will redirect the request to the appropriate URL with corrected SSL port embedded in it.
currentURL = location.href.substring(4,location.href.lastIndexOf(''))
var portStartPos = currentURL.lastIndexOf(':')
var sslPort = null
var relativeURL = currentURL.substring(portStartPos)
var postPortURL = relativeURL.substring(relativeURL.indexOf('/'))
var URL = currentURL.substring(0,portStartPos)
// If you are running your SSL site on a non default port other than 443 then uncomment the next line and add the right Port number.
//sslPort = ":447"
if(sslPort == null)
currentURL = URL + postPortURL
currentURL = URL + sslPort + postPortURL
var targetURL = "https" + currentURL
window.location = targetURL
-- Copy the above code and put in a file redirectSSL.html under your Website root directory for which you want redirection to work.
So now we are forcing SSL to be used for all of the Website contents.
-- In the IIS manager -> <Your_Website> -> Properties -> custom Errors, modify the entry for 403;4 to look like this:
You need not follow the step below since we are using File Type for custom error page and not a URL as shown above in the picture. If you select URL as Type above then you will need to follow the step below.
"-- Uncheck "Require secure channel (SSL)" option for the redirectSSL.html page. To achieve that: - Go to --> <Your_Web_Site> -> redirectSSL.asp -> Properties -> File Security -> Edit (Secure Communications) - Uncheck Require secure channel (SSL)."
This is all you need and you should see your URL changing automagically from HTTP to HTTPS (SSL).
Hope this helps...
I am writing this post on the 1st of January 2008. It's a brand new day and hopefully a brand new beginning with lots of hope, expectations and ambitions being carried over my lean shoulders. I have been seeing the same day and night everyday of my life, but when it is the first day of a new year I tend to see it differently, or better said; force myself to see it differently of course with a tinge of optimism in it. With the onset of this new year I complete one year of my blogging experience and to be honest I loved it all the way. I am glad I could help some people no matter how less the number was and make change in the world how miniscule it may be...but I am happy and that's what matters.
Every year-end I spare a few hours for introspection, I sit down all alone in a secluded place and look back at the entire year...on various aspects of how my life was touched upon in both good and bad ways....but at the end of the day I end up with no grudges because I always feel whatever happens it happens for a reason and the reason is always rewarding and enriching....every experience teaches one some lesson and makes one prepared for "what come may". It's funny how people find ways to keep themselves going forward but that's a hidden agenda of how nature keeps the momentum going.....one has to move on and prepare oneself for what is coming ahead than holding oneself back with what has already gone by.
I have lot of expectations from this year for some very personal reasons. Let's see how far I can reach in achieving them. There are no new year resolutions for me; in fact I never make one because my free-will always tend to break it and go against my determination just to make a mockery of how undetermined I am. And I say this with my bitter experiences in the past ;-)
Wish you a happy and prosperous new year 2008 ahead.