HTTPS 403.4 Javascript Redirector for IIS 5.0, 6.0

Posted by KMFNJ | Filed under Toolbox, Tutorials

My friend Eric Thompson who works with me at OCS Corp created an awesome lil' piece of javascript for use as a custom 403.4 error when you want to FORCE someone to use HTTPS protocol in IIS. 
<!--
    Author: Eric Thompson
    Last Updated: 12/12/2006
    Purpose: use as custom error file for 403.4 errors on IIS secure sites.
    When people use http:// instead of https://, they get smoothly redirected.
-->

<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
    <head>
        <title> </title>
        <script>
            function doRedirect() {
                document.body.removeChild(document.getElementById('header'));
                document.body.removeChild(document.getElementById('para'));
                document.location.href=document.location.href.replace(/undefined/, '').replace(/http/, 'https');
            }
        </script>
    </head>
    <body onload="doRedirect();">
        <h1 id="header">Secure Site</h1>
        <p id="para">
            If this page is not reloading, your browser does not have Javascript enabled.
            Please make sure the URL in the address bar starts with "https://" instead of "http://".
        </p>
    </body>
</html>

Implementation

1. Get the source code for HTTPS 403.4 Redirector(right-click > "Save As") 2. Open IIS 5/6.0, right-click the site you're modifying and click "properties" IIS HTTPS Step 1 3. Navigate to the "Custom Errors" Tab IIS HTTPS Step 2 4. Locate the 403.4 Error and click "Edit Properties" IIS HTTPS Step 3 5. Choose the file you saved, click OK, OK IIS HTTPS Step 4 6. One last thing we gotta do is click on the "Directory Security" Tab, and click the "Edit" button under "Secure Communications" HTTPS Redirect - Step 5 7. Tick the "Require secure channel (SSL)" checkbox -- this is what will force our site to use the HTTPS protocol and throw the user to the 403.4 error, and thus activating our clever javascript to save them from the insecurities of HTTP!!! Click OK, OK, OK and you're done! HTTPS Redirect - Step 6 You can easily test the script by visiting HTTP://whateveryoursiteis.com and watch as you're silently transported to your HTTPS connection - SWEET! :) Technorati Tags: , ,


Permalink | Comments (0) | Dec 12, 2006

Leave a Reply

You must be logged in to post a comment.