Solved

How to force IIS website to redirect HTTP to HTTPS?

Posted on 2008-10-08
25
1,594 Views
Last Modified: 2011-10-19
Basically I have a website I opened to the public and set up an SSL certificate for.  How exactly do I make HTTP requests redirect to HTTPS so nobody can log in without encryption?  I clicked "Require SSL" on the website, but going to HTTP just gives a page saying "you need to view this with HTTPS"...be nice to automatically have it redirect if possible.
0
Comment
Question by:danielevans83
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
25 Comments
 
LVL 2

Expert Comment

by:gstump
ID: 22671062
I'm not an expert on this subject so about all the help I can give you is a link that may do the job for you.  Here you go.

http://blogs.msdn.com/saurabh_singh/archive/2008/01/03/http-to-https-ssl-web-request-redirection.aspx
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22671489

Three methods to redirect HTTP to HTTPS
http://www.iis-aid.com/articles/how_to_guides/three_methods_to_redirect_http_to_https

How to redirect an HTTP connection to HTTPS for Outlook Web Access clients
http://support.microsoft.com/kb/839357

IIS 6.0 HTTP to HTTPS Redirect
http://forums.whirlpool.net.au/forum-replies-archive.cfm/437721.html
0
 
LVL 2

Expert Comment

by:ScottGranado
ID: 22674951
all you have to do is setup another website in iis and configure it to listen on port 80.  so only have the real website listen on 443.   then setup a "redirection to a url" inside the home directory tab and put in the https://yourwebsite.com  site.  

so the port 80 redirection website will accept requests on port 80 and then redirect the user back out to the https site.

let me know if you have any questions!
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:danielevans83
ID: 22678385
Scott, you're the man.

I created a new IIS website that listens on TCP port 80.
I changed the old IIS website's TCP port to a random number.

I set the redirection to URL as the home directory to redirect to the HTTPS.

It works!
Anything wrong with the way I did this or is that okay?
0
 

Author Comment

by:danielevans83
ID: 22678621
Question now:  is there a way to redirect external requests to HTTPS, but allow HTTP on the local intranet?
0
 
LVL 2

Expert Comment

by:ScottGranado
ID: 22679084
Ok, on the website that you are currently only listening on port 433 you can click on the advance button and have it also listen on port 80 on a diffrent ip address.  Then you can change internal dns to point to the new private ip address on port 80.

Did that make sense?
0
 

Author Comment

by:danielevans83
ID: 22679892
Yeah it did.  So I can just pick a different IP that isn't assigned to any computers or devices, and use that to point to the internal site?  Interesting.  So I then have my external off site DNS point to the default IP that is listening on port 443, and my internal server DNS point to the IP of the port 80?  Like this?

Basic Web Template (off site DNS references this)
     192.168.0.1 (assumed IP of external site)    
      redirects port 80 to HTTPS
     
External Site (off site DNS references this)
     192.168.0.1 (assumed IP of external site)
     TCP Port : 8181             SSL Port : 443

Internal Site (Internal DNS references this)
     192.168.0.2 (assumed IP of internal site)
      TCP Port : 80
0
 
LVL 2

Accepted Solution

by:
ScottGranado earned 500 total points
ID: 22679920
yep, then just modify your internal dns to point to the 192.168.0.2 address!

woot!
0
 

Author Comment

by:danielevans83
ID: 22680027
Not sure what that did I cannot even get to my internal URL anymore.  I undid all the changes and now the external URL is inaccessible.

........
0
 

Author Comment

by:danielevans83
ID: 22681103
Nevermind must have needed to propogate settings.  Okay so HTTP forwards to HTTPS correctly, but internally I cannot get it to stop forwarding to HTTPS.  

I set the HTTP redirect site to use the regular IP, port 80
I set the Main site TCP port 80 points to the alternate IP
I set internal DNS to point to this alternate IP on port 80.

What'd I do wrong?
0
 

Author Comment

by:danielevans83
ID: 22682022
Okay the website is completely inaccessible internally.

I try to ping it, and I get time outs showing the new IP I'm using.

Are you sure all you do is assign it some random IP on the subnet?  Sounds to me like some step is missing here.
0
 
LVL 2

Expert Comment

by:ScottGranado
ID: 22682302
hey!  sorry for the delay.  Make sure you add the ip address to your network connections tcp properties first, then you should be able just to choose it from the drop down inside IIS.  You can't add the IP address in IIS without adding it to the OS and assigning it to a Network Connection first.
0
 

Author Comment

by:danielevans83
ID: 22682844
You'll have to forgive me because I'm currently training for the MCSE, not all the way there yet.

Where exactly do I add these IP addresses?  Can you give me a quick step by step on how to do this?
0
 
LVL 2

Expert Comment

by:ScottGranado
ID: 22682958
go into network connections, right click choose properties on the adapter you want, open internet protocol then properties, then click on advance at the bottom and then click add to add an additional ip address
Capture.JPG
0
 

Author Comment

by:danielevans83
ID: 22683362
Ok great, got that all in.  Something weird is happening now.  When I open the page it prompts for a login (it is a Sharepoint site that used to just log you in using the domain user you're logged on as).  When I try to login it doesn't work and replaces the username with this:
sharepoint.<ourdomain>.com\devans

I have to replace the text before the \ with our domain to be able to login.  Any idea?
0
 

Author Comment

by:danielevans83
ID: 22683679
I turned on Integrated Windows Authentication
I tried it with adding Basic Authentication
I tried it with Digest authentication...
I tried with all three.

I don't get it, the only thing changed is the IP of this IIS site for port 80.  
0
 

Author Comment

by:danielevans83
ID: 22683720
In fact it seems to be happening with Internet Explorer...

Firefox still asks for a login, but I don't have to put our domain in the username before the \
0
 
LVL 2

Expert Comment

by:ScottGranado
ID: 22683780
make the site a trusted site inside internet explorer.  this should bypass the authentication.
0
 

Author Comment

by:danielevans83
ID: 22683807
Okay I'll try that.

How can I deal with the external requests to the URL now requiring the same thing?  It also requires me to put in my domain now for some reason...
0
 

Author Comment

by:danielevans83
ID: 22685683
By the way I undid everything and reverted back to a single IIS site with a single IP and now it will not do Windows authentication at all.  I have to manually enter the domain in every time internally and externally..

What the heck changed and why did this screw up our IIS site?????
0
 

Author Comment

by:danielevans83
ID: 22687121
Also, making it a trusted site does not bypass the login.  It is still prompting me for a login no matter where I access it from, internally or externally.  It is then also making me enter in our domain name manually before the "\".  No changes to IIS seem to affect this at all.
0
 
LVL 2

Expert Comment

by:ScottGranado
ID: 22687468
is the computer a member of the domain?  if so, then trusting it should allow it to pass domain credentials.  
0
 

Author Comment

by:danielevans83
ID: 22688362
Yes, it is.  Like I said I undid all the settings and only had my one IIS site with a single IP, set up exactly as I had it before...and for some reason now it has no idea what domain I'm logging in from apparently.
0
 

Author Comment

by:danielevans83
ID: 22688794
What could have been changed in this process that would no longer be telling computers connecting what domain they're logging into?
0
 

Author Comment

by:danielevans83
ID: 22691698
Well, since this didn't help at all and it doesn't look like you're helping me figure out what is broken, looks like I get to backup, uninstall, and reinstall my Sharepoint.  Thanks...
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Here are the symptoms: You start receiving calls from users that one of your legacy web apps isn't coming up, so you log into your IIS 5 server to check it out.  When you pull up the services, you notice that the WWW Publishing service isn't runn…
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question