Redirecting Bookmarked Requests to SSL-Enabled Content

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

When you update a Web site configuration to require SSL, users who have previously bookmarked pages on the site will receive a 403.4 "Forbidden: SSL required" error message when they request those pages after SSL is configured. You can prevent this situation by creating a custom error page that automatically redirects the http: call to an https: call.

The example in the following procedure uses ASP, but you can use any dynamic content handler. Because dynamic content handlers are not enabled by default when IIS is installed, you should ensure that the appropriate Web service extension is enabled.

Procedures

To redirect bookmarked requests to SSL-enabled content

  1. Create an ASP page called RedirectToSSL.asp and save it in the root directory of your Web site.

  2. Include redirection code similar to the following code example. Note that this code example does not include any error-handling code.

    <%@Language=VBScript %>
    <%
    strQueryString = Request.QueryString
    strAddress = Right(strQueryString, Len(strQueryString) - Instr(1,strQueryString, ";"))
    strSecure = Replace(strAddress, "http:", "https:", 1, 1)
    Response.Redirect strSecure
    %>
    
  3. In IIS Manager, right-click the SSL-enabled Web site and then click Properties.

  4. In the Secure communications section on the Directory Security tab, click Edit.

  5. Click Require secure channel (SSL) and then click OK.

  6. On the Custom Errors tab, select the 403;4 error message and then click Edit.

  7. In the Message Type field on the Edit Custom Error Properties dialog box, choose File, click Browse and browse to the location of the RedirectToSSL.asp page, and click OK twice.

  8. Navigate to the location of the RedirectToSSL.asp page, right-click the page, and then click Properties.

  9. In the Secure communications section on the File Security tab, click Edit.

  10. Clear Require secure channel (SSL) and then click OK twice.