I talked to our IIS Admin, and this is how we do a redirect from an http to https site with the same URI.
We do a full http://www.mysite.com to https://www.mysite.com redirect here at work. Here is how we do it. Our original site, IP address of 200.200.200.100 URL of http://www.mysite.com web root of e:\wwwroot\ IIS properties set to A redirection to a URL: https://www.mysite.com$S$Q Permanent redirection and exact url checked. We added another site in IIS, pointing to the same web root using the same IP with SSL Required. The trick was to set the TCP Port to 8080 (a pretty safe port). All users going to the old http url were redirected to the https site, no browser errors. No fuss, no muss, no asp no javascript. The 8080 port is pretty common and typically not blocked by firewalls.. This works for a whole site. IF you have to manage this at the file/ folder level, you have a nightmare to manage on your hands. On Jul 15, 5:04 pm, Mike Gillespie <[email protected]> wrote: > not 100% sure, but I think the problem may be that with cflocation, > server sie, the browser is not able to do the SSL handshake so you get > the page cannot be displayed - a good thing in this new CrossSite > scripting world. > > You could set up the http to https redirects in IIS, but it sounds > like you are trying to do this at the file level. What a bout > javascript - not normally a good idea to use something that relies on > the browser to re-direct, but here goes. > > In your cf code, if not ssl, send a javascript redirect back to > browser, otherwise process as normal > > if (location.protocol != 'https:') > { > //may need to tweak a bit to get query_string > window.location = 'https://'+ location.host + location.pathname + > location.search; > > } > > This will work fine for links, but will kill form posts. To preserve > form vars, before you send the js back to the browser, copy the form > scope into the session. On page load after redirect, if > session.savedformscope exists, cfloop collection from > session.savedformscope to form scope. CF will not let you duplicate > session.savedformscope over form scope, but it will let you > dynamically add or update form keys. > > If you want to do it all in IIS, try this link; > > http://weblogs.asp.net/pwilson/archive/2004/12/23/331455.aspx > > unfortunately IIS > will let you redirect fromhttp://www.site1.comtohttps://www.site2.com > but nothttp://www.site1.comtohttps://www.site1.com- the protocol > shift confuses it <grin> > > There are also ASP redirect tricks you can do as well that replace the > 403.4 error page. > > If you do a permanent redirect in IIS, make sure your redirect url > ishttps://www.mysite.com$S$Q- this captures path and querystring for > you. > > HTH. > > On Jul 15, 3:55 pm, "Mark Davis" <[email protected]> wrote: > > > > > hey guys, > > > anyone have a good method of forcing https for requests to a specific > > application and forcing http for others? Our site has numerous applications > > (defined as having their own application.cfc or cfm.) and as the user > > navigates from some sections to others, I want to redirect between https and > > http. > > > I was trying something as simple as adding this in the application.cfm... > > <cfif cgi.SERVER_PORT eq 80> > > > doing a cflocation to the same url and query string they had but with > > https > > > </cfif> > > > but I generally get browser errors "IE cannot display thge webpage." Can > > IIS do redirect like this on different directores? or something else? > > > Mark Davis | Developer > > > ............................................................................ > > ............................................. > > > Round Table Group, Inc. > > > (281) 717-4575 > > > [email protected] > > > <outbind://696-00000000879C9B08D9D9434BB0980BC1C3F44FE364B25100/www.roundtab > > legroup.com>www.roundtablegroup.com > > > ............................................................................ > > ............................................. > > > https://www.roundtablegroup.com/secure/staff/emailSignature/RTG_logo.bmp > > > The Leading Authority in Expert Witness Search & ReferralTM > > > CONFIDENTIALITY NOTE: This e-mail, and any attachments thereto, is intended > > only for use by the addressee(s) named in the message originated by me and > > may contain legally privileged and/or confidential information. If the > > reader of this message is not the intended recipient, you are hereby > > notified that any dissemination, distribution or copying of this > > communication is strictly prohibited. If you have received this email in > > error, please notify me immediately by telephone and permanently delete the > > original and any copy of the email, and any printout thereof. Thank you. > > > image001.gif > > 5KViewDownload- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [email protected] For more options, visit http://groups.google.com/group/houcfug?hl=en -~----------~----~----~----~------~----~------~--~---
