sammySeltzer
asked on
Redirect an http to https????
I am trying to redirect the following:
http://ppr/tax:81/tabular.asp to
response.Redirect("https://taxcom.grwr.gov/ppr/tab ular.asp")
However, what we would like to display is:
https://ppr/tax:81/tabular.asp
Is this possible.
For more clarity, ("https://taxcom.grwr.gov is a subdomain and
http://ppr/tax:81/tabular.asp is another subdomain
But because http://ppr/tax:81/tabular.asp is does not have its dedicated ssl certificate, we would like it to inherit the certificate from https://taxcom.grwr.gov but replace taxcom with ppr.
Is this possible?
Hope this makes sense.
Thanks in advance
http://ppr/tax:81/tabular.asp to
response.Redirect("https://taxcom.grwr.gov/ppr/tab
However, what we would like to display is:
https://ppr/tax:81/tabular.asp
Is this possible.
For more clarity, ("https://taxcom.grwr.gov is a subdomain and
http://ppr/tax:81/tabular.asp is another subdomain
But because http://ppr/tax:81/tabular.asp is does not have its dedicated ssl certificate, we would like it to inherit the certificate from https://taxcom.grwr.gov but replace taxcom with ppr.
Is this possible?
Hope this makes sense.
Thanks in advance
First of all, there is a way to redirect to htttps. I have used something similar to
https://support.microsoft.com/en-us/help/239875/how-to-use-asp-to-force-ssl-for-specific-pages
There are a couple of issues though. Port 80 is the default port and your app uses port 81 which is not an issue if port 81 has ssl turned on. Then the certificate will need to match the destination url.
If port 81 has https turned on already, then the code above may not be the best. Instead:
https://www.w3schools.com/asp/coll_servervariables.asp
https://support.microsoft.com/en-us/help/239875/how-to-use-asp-to-force-ssl-for-specific-pages
If Request.ServerVariables("SERVER_PORT")=80 Then
Dim strSecureURL
strSecureURL = "https://"
strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")
strSecureURL = strSecureURL & Request.ServerVariables("URL")
Response.Redirect strSecureURL
End If
There are a couple of issues though. Port 80 is the default port and your app uses port 81 which is not an issue if port 81 has ssl turned on. Then the certificate will need to match the destination url.
If port 81 has https turned on already, then the code above may not be the best. Instead:
https://www.w3schools.com/asp/coll_servervariables.asp
if Request.ServerVariables("HTTPS") = "OFF" then
response.redirect ("https://ppr/tax:81/tabular.asp")
end if
ASKER
So sorry. I had responded to this solutions immediately but for some reason, it did not post.
In my response, I indicated that there are three important facts at play.
One, port 81 is not currently using SSL certificate and so none was turned on.
Second, our hope is to get port 81 to share the same SSL certificate that port 80 is currently using.
Third, if we are successful in redirecting port 81 to the use SSL that port 80 is currently using, we would like to remove the port 80 subdomain.
For instance, to reiterate, this is port 80:
https://taxcom.grwr.gov/ppr/tabular.asp
and this is port 81:
http://ppr/tax:81/tabular.asp
After the redirect, port 81 will now looklike:
https://ppr/tax:81/tabular.asp (without subdomain taxCom).
Is this possible?
In my response, I indicated that there are three important facts at play.
One, port 81 is not currently using SSL certificate and so none was turned on.
Second, our hope is to get port 81 to share the same SSL certificate that port 80 is currently using.
Third, if we are successful in redirecting port 81 to the use SSL that port 80 is currently using, we would like to remove the port 80 subdomain.
For instance, to reiterate, this is port 80:
https://taxcom.grwr.gov/ppr/tabular.asp
and this is port 81:
http://ppr/tax:81/tabular.asp
After the redirect, port 81 will now looklike:
https://ppr/tax:81/tabular.asp (without subdomain taxCom).
Is this possible?
Is ppr/tax:81 internal?
Once ssl is turned on, that should work.
If it is internal, you would need to get an internal/local cert or just click the warning link to skip.
Once ssl is turned on, that should work.
If it is internal, you would need to get an internal/local cert or just click the warning link to skip.
ASKER
No, they are both on DMZ and as stated, does not have SSL period.
According your second solution below:
You said this would work once SSL is turned. There is no SSL bro. Yes, IIS has a valid SSL installed but it is used by the other subdomain taxCom.
We are just trying to force ppr to share same SSL.
Also, where should I put this code?
According to the link you posted, it says to save the code as an include file and it in wwwroot directory.
Then reference it on the page that requires SSL using the following:
Does same rule apply with your second solution?
We need it in all pages, does it mean we reference the include file in all pages?
Thanks a lot for your help.
According your second solution below:
if Request.ServerVariables("HTTPS") = "OFF" then
response.redirect ("https://ppr/tax:81/tabular.asp")
end if
You said this would work once SSL is turned. There is no SSL bro. Yes, IIS has a valid SSL installed but it is used by the other subdomain taxCom.
We are just trying to force ppr to share same SSL.
Also, where should I put this code?
According to the link you posted, it says to save the code as an include file and it in wwwroot directory.
Then reference it on the page that requires SSL using the following:
<%@Language="VBSCRIPT"%>
<!--#include virtual="/ForceSSL.inc"-->
Does same rule apply with your second solution?
We need it in all pages, does it mean we reference the include file in all pages?
Thanks a lot for your help.
That bit of code should be at the top of every page. You can physically add it to every page as is, or create an include file and add your include code at the top of every page. This is actually a better option because if you need to change something, you only have to change it once.
You can also do this via iis with a few options.
https://www.sslshopper.com/iis7-redirect-http-to-https.html
https://blogs.msdn.microsoft.com/kaushal/2013/05/22/http-to-https-redirects-on-iis-7-x-and-higher/
As far as sharing a certificate like this, I am not sure. I suggest asking that part in a new question and make sure to include the Microsoft IIS Webserver topic along with webservers and Microsoft Server OS.
You can also do this via iis with a few options.
https://www.sslshopper.com/iis7-redirect-http-to-https.html
https://blogs.msdn.microsoft.com/kaushal/2013/05/22/http-to-https-redirects-on-iis-7-x-and-higher/
As far as sharing a certificate like this, I am not sure. I suggest asking that part in a new question and make sure to include the Microsoft IIS Webserver topic along with webservers and Microsoft Server OS.
ASKER
I have not done classic asp in a long time. Perhaps, I am rusty but none of the examples are working for me.
This is my search page:
I enter address and streetname, hit search:
the page is supposed to go to searchAddress:
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include virtual="/forceSSL.inc"-->
<head>
...
...
</head>
<body>
...
...
</
</body>
I am expecting it to show https://ppr/tax:81/searchAddress.asp
but it still shows http without the S.
This is my search page:
<form name="test" action="searchAddress.asp">
<table>
<tr>
<td class="style75a" align="right">Address</td>
<td class="style75" align="left">
<input name="Address" size="38" maxlength="50" value="<%=(strAddress)%>"></td>
</tr>
<tr>
<td class="style75a" align="right" nowrap="nowrap">Partial Street Name</td>
<td class="style75" align="left">
<input name="streetName" size="38" maxlength="50" value="<%=(strStreetName)%>"></td>
</tr>
</table>
</form>
I enter address and streetname, hit search:
the page is supposed to go to searchAddress:
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include virtual="/forceSSL.inc"-->
<head>
...
...
</head>
<body>
...
...
</
</body>
I am expecting it to show https://ppr/tax:81/searchAddress.asp
but it still shows http without the S.
Start with a test.
Wher you have
That will tell us if Request.ServerVariables("H TTPS") is working.
The other issue is which url are you starting from. Do we have to account you could already be at https://ppr/tax:81/searchAddress.asp or http://ppr/tax:81/searchAddress.asp
Wher you have
<!--#include virtual="/forceSSL.inc"-->
Change your forceSSL.inc page to redirect to if Request.ServerVariables("HTTPS") = "OFF" then
'response.redirect ("https://ppr/tax:81/tabular.asp")
response.write (" <div style='height:100px;background-color:red;color:white;font-weight:bold;font-size:200%'>Request.ServerVariables("HTTPS") = "OFF"</div>
")
else
response.write (" <div style='height:100px;background-color:red;color:white;font-weight:bold;font-size:200%'>Request.ServerVariables("HTTPS") = "ON"</div>
end if
That will tell us if Request.ServerVariables("H
The other issue is which url are you starting from. Do we have to account you could already be at https://ppr/tax:81/searchAddress.asp or http://ppr/tax:81/searchAddress.asp
ASKER
I am making a silly mistake here.
It should be:
http://ppr:81/tax/searchAddress.asp. I actually have it right on our server.
To address your question, the url we are starting with is:
http://ppr:81/tax/search.asp. So, the redirect, if successful, should actually show the url as:
https://ppr:81/tax/search.asp. Does this mean that the redirect needs to happen from some other page?
In other words, when the user gets to search page, it should already have the SSL as in https://ppr:81/tax/search.asp
Then when the search button is clicked, we expect it to show:
https://ppr:81/tax/searchAddress.asp.
In a nutshell, any page that is part of the pprt folder should have the http prototcol start as https.
I am beginning to think that ppr which currently is a subdomain should have its own IP Address?
Is this a question for the server/infrastructure folks?
I have never had to deal with this kind of situation before.
It should be:
http://ppr:81/tax/searchAddress.asp. I actually have it right on our server.
To address your question, the url we are starting with is:
http://ppr:81/tax/search.asp. So, the redirect, if successful, should actually show the url as:
https://ppr:81/tax/search.asp. Does this mean that the redirect needs to happen from some other page?
In other words, when the user gets to search page, it should already have the SSL as in https://ppr:81/tax/search.asp
Then when the search button is clicked, we expect it to show:
https://ppr:81/tax/searchAddress.asp.
In a nutshell, any page that is part of the pprt folder should have the http prototcol start as https.
I am beginning to think that ppr which currently is a subdomain should have its own IP Address?
Is this a question for the server/infrastructure folks?
I have never had to deal with this kind of situation before.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I will try all of the options you listed; one of them must surely work.
Thanks for your help.
Thanks for your help.
ASKER
Thanks a lot
if the certificate is a STAR cert, or multi-sub-domain cert, you can check if it can add secondary domains, or create new dedicated certificate.