A sudden policy decision may force you to change your server configuration to gain more time, be more efficient, use less resources and tighten security.
Security is a very vague topic and there are numerous subjects that I can write about, but in this article I would like to focus on redirecting your websites traffic from HTTP to HTTPS.
There are TWO ways that you can redirect all your websites traffic from HTTP to HTTPS.
- Redirect using the Custom errors
- Redirect using HTTP Redirect on windows 2008 R2
Now lets focus on each step separately.
- Redirect using the Custom errors
Before you start this phase you need to know that customer error pages can be set at multiple levels in IIS, what I mean is that you can set it at the Server level, and at a specific domain site in IIS.
So let`s assume that you want to set this up to a specific domain. This will be done in three steps:
Step 1: Check the option “Require SSL” for your web application in IIS.
Select the Default Website or a specific domain then click on SSL settings
Step 2: Now you need to create an HTML file with a redirect code from HTTP to HTTPS.
To do so; create a file and use Java script and HTML codes below, then save the file as HTML in C:inetpub
<html>
<head>
<title> Redicting to HTTPS
</title>
</head>
<script Language=JavaScript>
Function redirectHttpToHttps()
{
var httpURL= window.location.hostname + window.location.pathname;
var httpsURL=https:// + httpURL;
window.location = httpsURL;
}
redirectHttpToHttps();
</script>
</body>
</html>
Step 3: Configure an Error page on IIS.
To do so, go to your IIS and select the server level (figure 1), search for error pages, double click on the result “Error Pages” locate 403.4 if not found add it. Point to the html file you just created then click OK.
Next step and always under the error pages, you need to click on Edit feature settings located at the right pane. By default, when the window opens, Detailed errors is selected which shows detailed information about the error when the https is not available. The correct function we want to show is to redirect to the html file we created, therefore we must chose “Custom error page” and under the default page path point to your html page created in Step 2 (figure3)
Figure 1:
Figure2:
Figure 3:
2. Redirect using HTTP Redirect on windows 2008 R2
The redirect in windows 2008 R2 is very simple; open IIS and select the default website or chose a specific website if you have many websites.
Once you have made your choice, double click on “HttpRedirect”(figure1), check this option “Redirect requests to this destination” then enter the https URL.
If the destination is going to be outside of the internal network then you need to check the option “Redirect all requests to exact destination (instead of relative to destination)” otherwise check “Only redirect requests to content in this directory (not subdirectories)” (figure 2). In the last section “Status” make sure it is set to “Found ()”.
Figure1:
Figure2:
Leave a Comment