Redirect an http to https????

I am trying to redirect the following:

http://ppr/tax:81/tabular.asp to
response.Redirect("https://taxcom.grwr.gov/ppr/tabular.asp")

However, what we would like to display is:
https://ppr/tax:81/tabular.asp

Is this possible.

For more clarity, ("https://taxcom.grwr.gov is a subdomain and
http://ppr/tax:81/tabular.asp is another subdomain

But because http://ppr/tax:81/tabular.asp is does not have its dedicated ssl certificate, we would like it to  inherit the certificate from https://taxcom.grwr.gov but replace taxcom with ppr.

Is this possible?

Hope this makes sense.

Thanks in advance
LVL 29
sammySeltzerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Martin MillerCTOCommented:
I don't believe it is possible to support that colon 81, :81 for the users to see and maintain https: with SSL.

if the certificate is a STAR cert, or multi-sub-domain cert, you can check if it can add secondary domains, or create new dedicated certificate.
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
First of all, there is a way to redirect to htttps. I have used something similar to

https://support.microsoft.com/en-us/help/239875/how-to-use-asp-to-force-ssl-for-specific-pages
If Request.ServerVariables("SERVER_PORT")=80 Then
      Dim strSecureURL
      strSecureURL = "https://"
      strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")
      strSecureURL = strSecureURL & Request.ServerVariables("URL")
      Response.Redirect strSecureURL
   End If

Open in new window


There are a couple of issues though. Port 80 is the default port and your app uses port 81 which is not an issue if port 81 has ssl turned on. Then the certificate will need to match the destination url.

If port 81 has https turned on already, then the code above may not be the best. Instead:

https://www.w3schools.com/asp/coll_servervariables.asp
if Request.ServerVariables("HTTPS") = "OFF" then
    response.redirect ("https://ppr/tax:81/tabular.asp")
end if

Open in new window

sammySeltzerAuthor Commented:
So sorry. I had responded to this solutions immediately but for some reason, it did not post.

In my response, I indicated that there are three important facts at play.

One, port 81 is not currently using SSL certificate and so none was turned on.
Second, our hope is to get port 81 to share the same SSL certificate that port 80 is currently using.
Third, if we are successful in redirecting port 81 to the use SSL that port 80 is currently using, we would like to remove the port 80 subdomain.

For instance, to reiterate, this is port 80:

https://taxcom.grwr.gov/ppr/tabular.asp

and this is port 81:
http://ppr/tax:81/tabular.asp

After the redirect, port 81 will now looklike:

https://ppr/tax:81/tabular.asp (without subdomain taxCom).

Is this possible?
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
Is ppr/tax:81 internal?  

Once ssl is turned on, that should work.

If it is internal, you would need to get an internal/local cert or just click the warning link to skip.
sammySeltzerAuthor Commented:
No, they are both on DMZ and as stated, does not have SSL period.

According your second solution below:

if Request.ServerVariables("HTTPS") = "OFF" then
    response.redirect ("https://ppr/tax:81/tabular.asp")
end if

Open in new window


You said this would work once SSL is turned. There is no SSL bro. Yes, IIS has a valid SSL installed but it is used by the other subdomain taxCom.

We are just trying to force ppr to share same SSL.

Also, where should I put this code?

According to the link you posted, it says to save the code as an include file and it in wwwroot directory.

Then reference it on the page that requires SSL using the following:

<%@Language="VBSCRIPT"%>
<!--#include virtual="/ForceSSL.inc"-->

Open in new window


Does same rule apply with your second solution?

We need it in all pages, does it mean we reference the include file in all pages?

Thanks a lot for your help.
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
That bit of code should be at the top of every page.  You can physically add it to every page as is, or create an include file and add your include code at the top of every page.  This is actually a better option because if you need to change something, you only have to change it once.

You can also do this via iis with a few options.
https://www.sslshopper.com/iis7-redirect-http-to-https.html
https://blogs.msdn.microsoft.com/kaushal/2013/05/22/http-to-https-redirects-on-iis-7-x-and-higher/

As far as sharing a certificate like this, I am not sure. I suggest asking that part in a new question and make sure to include the Microsoft IIS Webserver topic along with webservers and Microsoft Server OS.
sammySeltzerAuthor Commented:
I have not done classic asp in a long time. Perhaps,  I am rusty but none of the examples are working for me.

This is my search page:

       <form name="test" action="searchAddress.asp">
<table>
              <tr>
                <td class="style75a" align="right">Address</td>
                <td class="style75" align="left">&nbsp;
                  <input name="Address" size="38" maxlength="50" value="<%=(strAddress)%>"></td>
              </tr>
			   <tr>
                <td class="style75a" align="right" nowrap="nowrap">Partial Street Name</td>
                <td class="style75" align="left">&nbsp;
                  <input name="streetName" size="38" maxlength="50" value="<%=(strStreetName)%>"></td>
              </tr>
</table>
</form>

Open in new window


I enter address and streetname, hit search:

the page is supposed to go to searchAddress:
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include virtual="/forceSSL.inc"-->
<head>
...
...
</head>
<body>
...
...
</
</body>
I am expecting it to show https://ppr/tax:81/searchAddress.asp

but it still shows http without the S.
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
Start with a test.

Wher you have
<!--#include virtual="/forceSSL.inc"-->

Open in new window

Change your forceSSL.inc page to redirect to

if Request.ServerVariables("HTTPS") = "OFF" then
    'response.redirect ("https://ppr/tax:81/tabular.asp")
   response.write ("  <div style='height:100px;background-color:red;color:white;font-weight:bold;font-size:200%'>Request.ServerVariables("HTTPS") = "OFF"</div>
")
else
response.write ("  <div style='height:100px;background-color:red;color:white;font-weight:bold;font-size:200%'>Request.ServerVariables("HTTPS") = "ON"</div>
end if

Open in new window


That will tell us if Request.ServerVariables("HTTPS") is working.

The other issue is which url are you starting from. Do we have to account you could already be at https://ppr/tax:81/searchAddress.asp or http://ppr/tax:81/searchAddress.asp
sammySeltzerAuthor Commented:
I am making a silly mistake here.

It should be:

http://ppr:81/tax/searchAddress.asp. I actually have it right on our server.

To address your question, the url we are starting with is:

http://ppr:81/tax/search.asp. So, the redirect, if successful, should actually show the url as:

https://ppr:81/tax/search.asp. Does this mean that the redirect needs to happen from some other page?

In other words, when the user gets to search page, it should already have the SSL as in https://ppr:81/tax/search.asp

Then when the search button is clicked, we expect it to show:

https://ppr:81/tax/searchAddress.asp.

In a nutshell, any page that is part of the pprt folder should have the http prototcol start as https.

I am beginning to think that ppr which currently is a subdomain should have its own IP Address?

Is this a question for the server/infrastructure folks?

I have never had to deal with this kind of situation before.
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
I think there is some confusion.

First, there is simply redirecting from http to htttps. That is all the include file is supposed to do.  If you are not using absolute links, you really only need that redirection on main log in page. If somebody is entering data on http and then get redirected to https, I believe you lose the data.  So get them on the right thing to start with.


Your other redirection is making sure people are not using  taxcom.grwr.gov and isntead are using /ppr/tax:81.  Again, this should be at the sart and not in the middle if this is a log in site. If they are on taxcom.grwr.gov/some_page.asp as an entry point to the site, I suggest redirecting them to the main  log in page of /ppr/tax:81

Lastly, you stated, "Then when the search button is clicked, we expect it to show: https://ppr:81/tax/searchAddress.asp". If this is all you want to do then your form code should have that in the action.  
<form method="post" action="https://ppr:81/tax/searchAddress.asp">
<!-- form fields -->
</form>

Open in new window


If everything else is working fine and your main issue is your search results page, then just update your form action. Otherwise, your /forceSSL.inc file should first redirect to https, then check to make sure you are on the right domain  (ppr vs taxcom.grwr.gov)  To do that,  you can can try https://www.w3schools.com/asp/coll_servervariables.asp REMOTE_HOST
if Request.ServerVariables ("REMOTE_HOST")="taxcom.grwr.gov" then
   response.redirect "https://ppr:81/"
end if

Open in new window


If that does not work, check to see what the response is using
response.write Request.ServerVariables ("REMOTE_HOST")

Open in new window

From the w3schools link, you can see there are multiple ways to detect what is going on, where the user is coming from etc.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sammySeltzerAuthor Commented:
Ok, I will try all of the options you listed; one of them must surely work.

Thanks for your help.
sammySeltzerAuthor Commented:
Thanks a lot
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP

From novice to tech pro — start learning today.