HTTP to HTTPS (SSL) Web Request Redirection

We often get requests from our customers asking how they can seamlessly redirect web requests from HTTP to HTTPS, i.e. how they can redirect a non-SSL request to an SSL based request. Recently a colleague of mine got a similar issue and we decided to use some existing scripts that we had in our database. Unfortunately none could meet the requirement.

Basically the existing scripts redirected an HTTP request to another URL and that URL was not the original request user had asked for. It took us to let's say the homepage of the site and from there one again has to click on specific links to reach the desired page. So this will be a problem for users who have book-marked their desired web page.

Here are the steps you can try for your website such that all HTTP requests get translated to HTTPS requests and have the original URL intact.

Here are two sample codes which one can try. Both of them should *hopefully* work. First one uses VBScript in an ASP page and second one uses Javascript in an HTML page.

a).

redirectSSL.asp

 <%@ Language=VBScript %>
 <% 
 strQueryString = Request.QueryString
 sslPort = null
 PlainURL = Right(strQueryString, len(strQueryString) - 4)
 FindLastCOlon = InStrRev(PlainURL, ":")
 FirstPart = Mid(PlainURL, 1, FindLastColon - 1)
 LastPart = Mid(PlainURL, FindLastColon)
 LastPart = (Mid(LastPart, InStr(LastPart, "/")))
  
 'If the SSL Port is not the default 443, you need to uncomment the line below, by default SSL port is 443.
 'sslPort = ":449"
 if (sslPort = null) then
     url= FirstPart & LastPart
 else
     url = FirstPart & sslPort & LastPart
 end if 
 strSecure = Replace(url, "http:", "https:", 1, 1)
 Response.Redirect strSecure
 %> 

Steps:

-- Copy the above code and put in a file redirectSSL.asp under your Website root directory for which you want redirection to work.

-- Force SSL on the web site. To do that follow the steps mentioned below:
      - Go to --> <Your_Web_Site> -> Properties -> Directory Security -> Edit (Secure Communications)
      - Select Require secure channel (SSL).

-- Uncheck "Require secure channel (SSL)" option for the redirectSSL.asp page. To achieve that:
     - Go to --> <Your_Web_Site> -> redirectSSL.asp -> Properties -> File Security -> Edit (Secure Communications)
     - Uncheck Require secure channel (SSL).

So now we are forcing SSL to be used for all of the website contents except the redirectSSL.asp page which can be accessed over non-SSL (HTTP).

-- In the IIS manager -> <Your_Web_Site> -> Properties -> Custom Errors, modify the entry for 403;4 to look like this:

image

Now if you try to browse to some URL, let's say http://www.abc.com/asp/test/ssl/iistsart.htm, you will be redirected to http**s**://www.abc.com/asp/test/ssl/iistsart.htm, without you requiring to modify HTTP to HTTPS.

If your SSL port is not the default port 443 then you need to un-comment a line in the code as mentioned in there and it will redirect the request to the appropriate URL with corrected SSL port embedded in it.

b).

redirectSSL.html

 <html>
 <head>
  
 <script language="javascript">
  
 var currentURL=location.href.substring(0,5)
  
 if(currentURL.toLowerCase()!="https")
 {
 currentURL = location.href.substring(4,location.href.lastIndexOf(''))
 var portStartPos = currentURL.lastIndexOf(':')
 var sslPort = null
 if(portStartPos!=0)
 {
 var relativeURL = currentURL.substring(portStartPos)
 var postPortURL = relativeURL.substring(relativeURL.indexOf('/'))
 var URL = currentURL.substring(0,portStartPos)
 // If you are running your SSL site on a non default port other than 443 then uncomment the next line and add the right Port number.
 //sslPort = ":447"
 if(sslPort == null)
     currentURL = URL + postPortURL
 else
     currentURL = URL + sslPort + postPortURL
 }
  
 var targetURL = "https" + currentURL
 window.location = targetURL
 }
 </script> 
  
 </head>
 </html>

Steps:

-- Copy the above code and put in a file redirectSSL.html under your Website root directory for which you want redirection to work.

-- Force SSL on the web site. To do that follow the steps mentioned below:
      - Go to --> <Your_Web_Site> -> Properties -> Directory Security -> Edit (Secure Communications)
      - Select Require secure channel (SSL).

So now we are forcing SSL to be used for all of the Website contents.

-- In the IIS manager -> <Your_Website> -> Properties -> custom Errors, modify the entry for 403;4 to look like this:

image

You need not follow the step below since we are using File Type for custom error page and not a URL as shown above in the picture. If you select URL as Type above then you will need to follow the step below.

"-- Uncheck "Require secure channel (SSL)" option for the redirectSSL.html page. To achieve that:
- Go to --> <Your_Web_Site> -> redirectSSL.asp -> Properties -> File Security -> Edit (Secure Communications)
- Uncheck Require secure channel (SSL)."

 

This is all you need and you should see your URL changing automagically from HTTP to HTTPS (SSL).

Hope this helps...