IIS Force Https problem
I am trying to force HTTPS by putting the following code in a custom error page:
<html>
<head>
<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=https://site.mysite.com/">
<title>Auto Redirect</title>
</head>
<body>
</body>
</html>
The problem is instead of doing the redirect it is giving a You are not authorized to view this page error instead of doing the redirect. I checked the permissions against other custom error files in the directory and they match exactly. As soon as I move the default page back then the default error is displayed. Please help!
-D-
<html>
<head>
<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=https://site.mysite.com/">
<title>Auto Redirect</title>
</head>
<body>
</body>
</html>
The problem is instead of doing the redirect it is giving a You are not authorized to view this page error instead of doing the redirect. I checked the permissions against other custom error files in the directory and they match exactly. As soon as I move the default page back then the default error is displayed. Please help!
-D-
When I follow ALL the directions in that document when I try to view the site by http:// I get the same error:
You are not authorized to view this page
You might not have permission to view this directory or page using the credentials you supplied.
--------------------------
If you believe you should be able to view this directory or page, please try to contact the Web site by using any e-mail address or phone number that may be listed on the <domain> home page.
You can click Search to look for information on the Internet.
HTTP Error 403 - Forbidden
Internet Explorer
And yes ASP is allowed in IIS
-D-
You are not authorized to view this page
You might not have permission to view this directory or page using the credentials you supplied.
--------------------------
If you believe you should be able to view this directory or page, please try to contact the Web site by using any e-mail address or phone number that may be listed on the <domain> home page.
You can click Search to look for information on the Internet.
HTTP Error 403 - Forbidden
Internet Explorer
And yes ASP is allowed in IIS
-D-
From the IIS Log:
#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status cs(User-Agent)
2006-08-18 12:35:54 207.63.215.120 - 192.168.100.5 80 GET /redirect.asp 403;http://<url>/ 403 Mozilla/4.0+(compatible;+M
I have checked the permissions and they match the other files in the directory. I am really stumped on this one. I also tested this on IIS5 and the same result occurs...
#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status cs(User-Agent)
2006-08-18 12:35:54 207.63.215.120 - 192.168.100.5 80 GET /redirect.asp 403;http://<url>/ 403 Mozilla/4.0+(compatible;+M
I have checked the permissions and they match the other files in the directory. I am really stumped on this one. I also tested this on IIS5 and the same result occurs...
And I forgot to answer one of your questions because it was a strange one:
If you try to go to the https page directly, does it work?
Um, yes of course. I would not bother with EE until I exhausted all my ideas. If I make a seperate web and give port 80 the host header of the website and tell it in IIS to permanently redirect to https://<site> then it works as expected, but I don't want dozens of extra sites in IIS for this.. I figured it would be easy to do a code page... Apparently not. Please advise.
-D-
If you try to go to the https page directly, does it work?
Um, yes of course. I would not bother with EE until I exhausted all my ideas. If I make a seperate web and give port 80 the host header of the website and tell it in IIS to permanently redirect to https://<site> then it works as expected, but I don't want dozens of extra sites in IIS for this.. I figured it would be easy to do a code page... Apparently not. Please advise.
-D-
I think I'm missing a bit of details. So the META that directs to: https://site.mysite.com/
Does it reside on a page under: http://site.mysite.com/
Or under another domain?
When you get a You are not authorized to see this page, what's the URL on top of the browser? https://site.mysite.com/ or the HTML page? If you stick another HTML page without any meta tag, just a body of "This Works", will you see it or you see the error message? The META page is a pure HTML, ASP or something else?
Does it reside on a page under: http://site.mysite.com/
Or under another domain?
When you get a You are not authorized to see this page, what's the URL on top of the browser? https://site.mysite.com/ or the HTML page? If you stick another HTML page without any meta tag, just a body of "This Works", will you see it or you see the error message? The META page is a pure HTML, ASP or something else?
I think we are going in circles. I followed the link you posted to the letter and the same result occurs. The same thing is happening on IIS5 and IIS6 for me. Even if I make a basic page in the main site named redirect.htm:
<html>
<head>
</head>
<body>
<p>You must use HTTPS:// to connect to this site.</p>
</body>
</html>
A 403 error is still returned instead of the custom page... Your thoughts?
-D-
<html>
<head>
</head>
<body>
<p>You must use HTTPS:// to connect to this site.</p>
</body>
</html>
A 403 error is still returned instead of the custom page... Your thoughts?
-D-
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes indeed. They should add that little gem to their document. That did the trick. Thank you!
Yeah, and fix the HTML code so it shows the ASP code in IE :)
Also, you should use IIS to force https and not a META tag.
That assumes you want the whole site to be https though, or a virtual folder up...
Follow the steps here:
http://www.iisfaq.com/Default.aspx?tabid=3051
The JumpSSL.asp file is hidden in IE, it's:
<%
Data = request.servervariables("Q
URL = replace(Data, "403;", "")
URL = replace(URL, "http://", "https://")
response.Status = "200 OK"
response.redirect URL
%>