Redirecting Bookmarked Requests to SSL-Enabled Content (IIS 6.0)

When you update a Web site configuration to require SSL, users who have previously bookmarked pages on the site will receive a 403.4 "Forbidden: SSL required" error message when they request those pages after SSL is configured. You can prevent this situation by creating a custom error page that automatically redirects the http: call to an https: call.

The example in the following procedure uses ASP, but you can use any dynamic content handler. Because dynamic content handlers are not enabled by default when IIS is installed, you should ensure that the appropriate Web service extension is enabled.


To redirect bookmarked requests to SSL-enabled content


Create an ASP page called RedirectToSSL.asp and save it in the root directory of your Web site.


Include redirection code similar to the following code example. Note that this code example does not include any error-handling code.

<%@Language=VBScript %>
strQueryString = Request.QueryString
strAddress = Right(strQueryString, Len(strQueryString) - Instr(1,strQueryString, ";"))
strSecure = Replace(strAddress, "http:", "https:", 1, 1)
Response.Redirect strSecure


In IIS Manager, right-click the SSL-enabled Web site and then click Properties.


In the Secure communications section on the Directory Security tab, click Edit.


Click Require secure channel (SSL) and then click OK.


On the Custom Errors tab, select the 403;4 error message and then click Edit.


In the Message Type field on the Edit Custom Error Properties dialog box, choose URL, click Browse and browse to the location of the RedirectToSSL.asp page, and click OK twice.


Navigate to the location of the RedirectToSSL.asp page, right-click the page, and then click Properties.


In the Secure communications section on the File Security tab, click Edit.


Uncheck Require secure channel (SSL) and then click OK twice.

Related Information

For information about enabling web service extensions, see Enabling Web Service Extensions.

For more information about SSL, see About Secure Sockets Layer.

© 2017 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy & Cookies