We help IT Professionals succeed at work.

403 Error when using HTTPS but fine with HTTP

Medium Priority
1,154 Views
Last Modified: 2012-05-06
I am getting this error when trying to access my website on my IIS 7.0 server using HTTPS.

Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)

The firewall is open for 443 and passes.
The windows firewall is open for 443 and passes.
The site passes the SSL Certificate Check (3rd party) perfect.

Once it passes all of that I get the 403 error from my web-server. If I try using only HTTP I can get to my web page just fine.

What am I missing here?

Thank you!
Comment
Watch Question

This is happening as browser looks for an address statrting with "https" ,but as there is no page crosponding to this address ,it throws the error.

Resolution:
1> Go to ur website properties in InetMgr
2>Go to Custom Errors and look for error listed Error Code 403 Sub Code 4
3> Edit its property and give a path to a page which will do the redirect from https to http
Example "C:\PathForYourWebSite\SSLRedirect.htm"
4>And in the SSLRedirect.htm page put the code shown below:

So how it works is ..when ever IIS throws an error 403 ,our html page will be invokes which will change
the url replacing  https with http ,and u will be correctly redirected to ur correct page

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>Redirect to secure page</title>
</head>
<body>
<script language="JavaScript" type="text/javascript" >
<!-- 
 
function goElseWhere()
{
    var oldURL = window.location.href;
    var newURL = oldURL.replace("http://", "https://"); 
    window.location = newURL;
}
goElseWhere(); 
 
// -->
</script>
 
</body>
</html>

Open in new window

CERTIFIED EXPERT

Commented:
That code referenced I'm sure works but I don't think you want to do that.
That code will essentially by-pass the requirement for SSL.
If you have code that has a relative reference to another site on the server that is not enabled for SSL that is causing this problem then you need to fix the problem.  Either change the code to a full URL or SSL enalbe the directory and files it is trying to access.

From your description though I get the feeling this is not the problem.  It sounds like NOTHING is working via SSL on your site.

Take a look at this page and see if you have missed anything in the configuration of SSL on your machine/site ... http://learn.iis.net/page.aspx/144/how-to-setup-ssl-on-iis-7/

Author

Commented:
I see my problem...

I was trying to forward port 443 from the firewall to two different IP address.

Now my next question is how to forword port 443 to ISA server then read the Header and send to my web server?

How can i do this?
CERTIFIED EXPERT

Commented:
Look at the page I referenced ... it should give you the command lline syntax to configure the port forwarding that you need to do.
Praveen DMInfra Team Lead
CERTIFIED EXPERT
Top Expert 2008

Commented:
I solved my problem.

I was trying to port forward the same Port 443 to two different IP address, which as far as I know cannot be done, without hardware that can forward based on header info.

The only way around this is to have a second external IP address.

 

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.