Re: Getting default of https:// instead of http://

From: onelikeseabass (joshua.collins_at_gmail.com)
Date: 01/18/05

  • Next message: JOE Burgos: "Unable to start debugging on Web Server"
    Date: 18 Jan 2005 08:53:22 -0800
    
    

    This only works if the end user has "show friendly HTTP error messages"
    turned OFF in IE. If they don't have it turned off, IE will give them a
    locally generated error message and never even look at the custom
    403.4.

    This is *not* an issue with Firefox/Netscape/any other non-IE browser.

    David Wang [Msft] wrote:
    > This is also a FAQ, so make good use of Google...
    >
    > Actually, you're asking the wrong question... You cannot force IIS
    to use
    > https://www.mysite.com because IIS does not make the decision of what
    > protocol to use on a given request.
    >
    > When someone types in www.mysite.com, the BROWSER/CLIENT CHOOSES a
    default
    > protocol, like http://, to prepend to the URL and make the request.
    >
    > What you CAN do is configure IIS to only accept SSL requests. Now,
    when a
    > browser makes a http:// request, IIS will respond with a 403.4 custom
    error
    > telling the browser "this web page requires SSL". However, browsers
    will
    > just dumbly display that custom error... so what you have to do is
    change
    > the 403.4 custom error that IIS responds with to be a 302 redirection
    to
    > https:// (sorta like the web server telling the browser "hey you, I
    don't
    > accept HTTP requests, but if you let me redirect you to this HTTPS
    URL, we
    > can try that again" ).
    >
    > This is pretty easy to do -- create a ASP page that uses
    Response.Redirect ,
    > set it for the 403.4 custom error, and turn on "SSL-only" at the root
    of
    > your website.
    >
    > Now, if you also need vdirs that are NOT SSL-only, you obviously need
    to
    > configure them specifically to accept non-SSL requests (uncheck the
    "only
    > accept SSL requests" option) and change their 403.4 custom error as
    > appropriate.
    >
    > --
    > //David
    > IIS
    > This posting is provided "AS IS" with no warranties, and confers no
    rights.
    > //
    > "David" <anonymous@discussions.microsoft.com> wrote in message
    > news:52E16370-54EE-4732-80EF-CF20B0E0D58D@microsoft.com...
    > I am using SSL on the root of my web site. How can I force IIS to
    use
    > "https://www.mysite.com" instead of the default
    "http://www.mysite.com" when
    > someone types in "www.mysite.com"
    >
    > Thanks in advance.
    >
    > David Johnson


  • Next message: JOE Burgos: "Unable to start debugging on Web Server"

    Relevant Pages

    • Re: IIS not responding to some requests Error: 12029
      ... Error 12029 is *not* a HTTP status code. ... connect to the internet (I assume that you do *not* see anything in the IIS ... logs that matches these requests from XMLHTTP? ... The error frequency is not correlated to server activity. ...
      (microsoft.public.inetserver.iis)
    • Re: External access to HTTP
      ... Well, if IIS is receiving the requests for "outside", then you should see ... something in the IIS HTTP logs. ... then it means that no HTTP server could be ...
      (microsoft.public.inetserver.iis.security)
    • Re: IIS Warm Up Period
      ... did not think of the idea to use IPSECCMD to block the requests! ... occurs on IIS 6) and the IIS server shuts down the process. ... request your webpages to invoke custom code. ... Regular restarts of IIS or the OS are ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: IIS Warm Up Period
      ... did not think of the idea to use IPSECCMD to block the requests! ... occurs on IIS 6) and the IIS server shuts down the process. ... request your webpages to invoke custom code. ... Regular restarts of IIS or the OS are ...
      (microsoft.public.inetserver.iis)
    • HTTP Debugger...
      ... I am looking for a tool like Fiddler that will allow me to debug HTTP ... requests as they come into the web server (iis 6.0) can anyone recommend ...
      (microsoft.public.inetserver.iis.security)