1

I"ve got a client who currently has a site that's not SSL who wants to print materials with a URL on them. However, we're going to SSL in the next couple of months and I want to make sure that the URL we publish will seamlessly redirect if we have to.

I'm running ASP Classic (and some .NET) on Windows Server 2003 64-bit running in 32-bit mode.

Advice?

Thanks!

Caveatrob
  • 111
  • 3
  • 12
  • 1
    Any URL Rewriting module can do that -- issue a 301 Permanent Redirect (or any other 3xx code). For example: (for IIS 6) Helicon ISAPI_Rewrite v3 -- syntax is almost identical to the one used by Apache's mod_rewrite. – LazyOne Sep 10 '11 at 00:28

2 Answers2

1

It isn't necessarily the best idea from a security standpoint. Someone could perform a MITM attack while the user is initially connecting to the http and redirect the user to an evil site, instead of your trusted site. OTOH, redirecting to https from an http site is very common.

Setting up a redirect in IIS is pretty easy. Here is a description of the procedure.

http://www.serverintellect.com/support/iis6/iis-url-redirect.aspx

Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • 1
    Note: The link only describes how to redirect any URL on one site to a single URL on another site (the https version in your case). If you need a more robust solution to redirects any URL to the corresponding/matching URL on the https site, you'll need to add some URL rewriting module to IIS, or write some ASP/ASP.NET to do the routing for you. – Mufasa Sep 12 '11 at 12:23
1

Couldn't you just set your site to require SSL, then modify the 403.4 custom error page to automatically redirect to https? I had used this kind of thing for years before we started terminating ssl at the load-balancer. The code on the 403-4.htm custom error page would be something like this:

<html><head><title>Error 403.4</title>

<meta name="robots" content="noindex">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"></head>

<body>

<script language="JavaScript">
var href = self.location.href;
var originalURL = href.substring(7,href.length);
self.location = 'https://' + originalURL;
</script>

</body>
</html>

This is a pretty old script that's been around for a while and there's probably a cooler way to do it but this works fine.

mahnsc
  • 1,776
  • 13
  • 11