Reputation: 53
How to make site use https default?
Currently we have a site that the public can use to access and make payments. On IIS, the site is enabled for use on http and https on ports 80 and 443.
When I access the site without specifying http or https, it will default go to http, for example if I go to example.com, it goes to http://example.com.
If I remove the port 80 binding on the site, will that then make the site default to https if I access it by example.com?
Or do I need to use URL rewrite or HTTP Redirect for this?
Thank you!
Upvotes: 0
Views: 386
Answers (1)
Reputation: 263
If you want to ensure that people can only use specific pages securely no matter what links they come from, it’s best to use a server-side approach to redirect the user if it’s not HTTPS. You can do that with a code snippet inserted on top of your secure page. Here’s one in PHP:
// Require https
if ($_SERVER['HTTPS'] != "on") {
$url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
header("Location: $url");
exit;
}
Taken from http://www.howto-expert.com/how-to-get-https-setting-up-ssl-on-your-website/
Upvotes: 0
Related Questions
- Disable automatic redirect to https iis
- How to redirect http to https with url rewrite
- How to enable https in IIS?
- URL should hit https instead of http
- http to https in IIS
- Redirect from HTTP to HTTPS - IIS 7.5
- Redirect http to https in default.aspx
- IIS URL-Rewrite: HTTP to HTTPS
- How do I make my ASP.NET application serve pages only over HTTPS?
- Force HTTP instead of HTTPS