IIS: Redirect from http to https

I had the need to move access to a site from http to https to accommodate a customer requirement. We had already published the http URL, and wanted to minimize the effect on the customer by redirecting requests to the SSL port.

Once SSL is required to access a web site, accessing the site via port 80 generates a useful error that advises the user to use https instead of http when accessing the site. Confirm you have access to the site over SSL by navigating to it using the https protocol.

To redirect from port 80 to 443, we must create an ASP file that redirects to the same URL over SSL upon the 403.4 (SSL required) error. The redirection file queries the request for Port 80 and reconstructs the URL for access via https. We must also create a virtual directory that points to the original application directory to support redirection.

For the purposes of this example:

  • The original (and newly secure) directory is called ‘AppDirectory’.
  • The redirection file is called ‘AppDirectory_Redirect.asp’.
  • The redirection support directory is called ‘AppDirectory_Redirect’.

First, create the redirection file and save it to ‘AppDirectory’ as ‘AppDirectory_Redirect.asp’. Here is the code:

If Request.ServerVariables("SERVER_PORT")=80 Then
Dim strSecureURL
Dim strWork

‘ Get server variables
strQUERY_STRING = Request.ServerVariables("QUERY_STRING")

‘ Fix the query string:
strWork = Replace(strQUERY_STRING,"http","https")
strWork = Replace(strWork,"403;","")

‘ Now, set the new, secure URL:
strSecureURL = strWork
‘response.write(strSecureURL) ‘ uncomment for sanity check.
Response.Redirect strSecureURL
End If

In this example, do not change “SERVER_PORT” or “SERVER_NAME” as they’re the hard-coded names of the server variables.

In IIS, use the virtual directory creation wizard to create the redirect virtual directory ‘AppDirectory_Redirect’, pointing to ‘AppDirectory’ as the physical path. Leave the access permissions as Read.

In IIS, right click the original application directory ‘AppDirectory’ and click properties. Follow these steps:

  • Click the ‘Custom Errors’ tab and double-click 403.4.
  • In the ‘Message Type’ box, click URL.
  • In the URL box, type ‘/AppDirectory_Redirect/AppDirectory_Redirect.asp’ (redirecting to the redirect file you created earlier).
  • Click the ‘Directory Security’ tab.
  • Under secure Communications, click ‘Edit’.
  • Select ‘Require secure channel (SSL). Set 128-bit encryption as appropriate for your certificate.
  • Click ‘OK’ until your changes are saved.
  • Restart IIS Admin.

Note: you can always restore the original 403.4 error message by clicking ‘Set to Default’

Test the site by navigating to ‘http://AppDirectory’; you should be redirected to the site over https.

About Michael Coates
I am a pragmatic evangelist. The products, services and solutions I write about fulfill real-world expectations and use cases. I stay up-to-date on real products I use and review, and share my thoughts here. I apply the same lens when designing an architecture, product or when writing papers. I am always looking for ways that technology can create or enhance a business opportunity .. not just technology for technology's sake. My CV says: Seasoned technology executive, leveraging years of experience with enterprise and integration architectural patterns, executed with healthy doses of business acumen and pragmatism. That's me. My web site says: Technology innovations provide a myriad of opportunities for businesses. That said, having the "latest and greatest" for its own sake isn't always a recipe for success. Business successes gained through exploiting innovation relies on analysis of how the new features will enhance your business followed by effective implementation. Goals vary far and wide: streamlining operations, improving customer experience, extending brand, and many more. In all cases, you must identify and collect the metrics you can apply to measure your success. Analysis must be holistic and balanced: business and operational needs must be considered when capitalizing on a new technology asset or opportunity.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: