IIS7: HTTP->HTTPS Cleanly

前端 未结 6 1082
轮回少年
轮回少年 2020-12-04 06:32

Is there a clean way to redirect all attempts to going to an HTTP:// version of a site to its HTTPS:// equivalent?

相关标签:
6条回答
  • 2020-12-04 06:46

    I think by 'cleanly' you mean like with a 300 redirect. Config for a lot of servers & languages here.

    0 讨论(0)
  • 2020-12-04 06:58

    The most easy and clean solution I found was to

    1. In SSL Settings -> require SSL

    2. In Error Pages -> On 403.4 error -> Redirect to the HTTPS site

    3. In Error Pages -> Edit Features Settings... -> Set Detailed errors for local requests and custom error pages for remote request

    The benefit is that it requires no extra lines of code. Downside is that it redirects you to an absolute url.

    0 讨论(0)
  • 2020-12-04 06:58

    A clean way changes only the URL scheme from http -> https and leaves everything else equivalent. It should be server-side so that there are no browser issues.

    JPPinto.com has Step-By-Step instructions on how this is done, except that they use javascript (HttpRedirect.htm) instead of a server-side redirect. For some reason, I couldn't get IE run the javascript if you have ‘Show friendly HTTP error messages’ enabled, which is on by default. Another thing with the script is that redirection to path didn't work even in FF or Chrome. The script always redirects to root. (Maybe I have missed something, because it should redirect to path.)

    For these reasons I have used an ASP page for the redirect. The downside is of course that this requires classic ASP to be enabled on the server.

    OpsanBlog has an ASP script and instructions that work well with IIS6.

    I've had a few issues using this method with IIS7. User interface issues mostly, since IIS7 makes it really easy to miss something.

    • First, you need to install ASP as a web server role feature.
    • Second, using a virtual directory didn't not work as expected in IIS7 and I didn't try to debug this. Instead, I put the file in the root folder of the site and used the url '/SSLRedirect.asp' in the 403.4 error page to reference it.
    • Last, the most tricky part, you must NOT enforce SSL for SSLRedirect.asp. Otherwise you'll get an 403.4 error. To do this you pick the file in IIS7 'Content View', and switch to 'Features View' so that you can edit the SSL settings for the single file and disable 'Require SSL' checkbox.

    IIS manager should show the file name in the header.

    0 讨论(0)
  • 2020-12-04 06:58

    I use classic asp (intranet) and on pages that requires login the logon include file does the redirect:

    if Request.ServerVariables("SERVER_PORT_SECURE") <> "1" or Request.ServerVariables("HTTPS") <> "on" then 
        Response.Redirect "https://" & Request.ServerVariables("SERVER_NAME") & Request.ServerVariables("URL")
    end if
    

    This of course does not include GET or POST data. So in effect it's a clean redirect to your secured page.

    0 讨论(0)
  • 2020-12-04 07:01

    Global.asax

    protected void Application_BeginRequest()
    {
    if (!Context.Request.Url.AbsoluteUri.Contains("localhost") && !Context.Request.IsSecureConnection)
    Response.Redirect(Context.Request.Url.ToString().Replace("http:", "https:"));
    }
    
    0 讨论(0)
  • 2020-12-04 07:02

    I think the cleanest way is as described here on IIS-aid.com. It's web.config only and so if you change server you don't have to remember all the steps you went through with the 403.4 custom error page or other special permissions, it just works.

    <configuration>
      <system.webServer>
        <rewrite>
          <rules>
            <rule name="HTTP to HTTPS redirect" stopProcessing="true">
              <match url="(.*)" />
                <conditions>
                  <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                </conditions>
                <action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
            </rule>
          </rules>
        </rewrite>
      </system.webServer>
    </configuration>
    
    0 讨论(0)
提交回复
热议问题