Enforcing ssl for certain site but not for an other one

Question

I have a site and a test version of the site hosted on the same server. I want the live version to use ssl but not not the test version. I use the following code to enforce SSL for live and not for test:

 If HttpContext.Current.Request.IsSecureConnection.Equals(False) AndAlso HttpContext.Current.Request.IsLocal.Equals(False) AndAlso HttpContext.Current.Request.RawUrl.Contains("test.mydomain.com") = False Then

            Response.Redirect("https://" + Request.ServerVariables("HTTP_HOST") + HttpContext.Current.Request.RawUrl)
        End If

The live version of the site is live.mydomain.com.

The result i get is that any request to test.mydomain.com goes to live.mydomain.com. I have no idea how this is possible. The browser actually displays test.mydomain.com in the address field but is clearly using the live version. There is no SSL binding for test.mydomain.com. I have spent several days on this and was wondering if someone knew what is wrong with my code or what else i may try.

many thanks in advance

Answer 1

You can do this in IIS (without any code in your application) by rewriting the URL using the IIS7 URL Rewrite module.

This is a really useful resource for this kind of thing: http://ruslany.net/2009/04/10-url-rewriting-tips-and-tricks/

What you want to do is a combination of (3) and (4).

So it says IF the request is NOT coming in on HTTPS AND the hostname is live.domain.com THEN redirect to HTTPS.

Something like this:

<rule name="Redirect to HTTPS" stopProcessing="true">
  <match url="(.*)" />
  <conditions>
    <add input="{HTTPS}" pattern="^OFF$" />
    <add input="{HTTP_HOST}" negate="true" pattern="live\.mydomain\.com$" /> 
  </conditions>
  <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>