I’ve got an internal website that runs in IIS 6, for which I have enabled SSL. Due to the nature of this website, and the login credentials used, I want to make sure any access is always encrypted, but still allow my users to access it at http:// for ease of use.
Fortunately I found a pretty simple way of doing this with IIS 6 (I don’t know whether it’s still supported in IIS 7, but I imagine it would).
First, create a file called sslredirect.htm, with the contents as:
<SCRIPT type=text/javascript> <!-- if (location.protocol != 'https:') { window.location = 'https://'+ location.host + location.pathname + location.search; //alert(location.host + location.pathname + location.search); Just for sanity check } // --> </SCRIPT> |
Then, go into the properties of your IIS site, and on the Custom Errors tab, change error 403:4 to point to your sslredirect.htm file.
Now, if someone opens up http://www.website.com, it will automatically redirect them to https://www.website.com.
Thank you