web.config direct to https

MasterJiq · Feb 25, 2017

Hello,

Does someone here can share web.config to redirect to https ? I tried a lot of method and read a lot of stackoverflow's thread. All I get is 'Redirect is loop' do someone can share with me ? I am on IIS 7.5/7

Thanks.

NeedForSpreed · Feb 25, 2017

Add this rule and tell me if it works,
<rule name="Redirect to https" stopProcessing="true"> <match url=".*" /> <conditions> <add input="{HTTPS}" pattern="off" ignoreCase="true" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" /> </rule>

Skickat från min FRD-L09 via Tapatalk

MasterJiq · Feb 25, 2017

@SpreedBlood, I got this error:

JynX · Feb 25, 2017

Do you have cloudflare? If so, enable a page rule for it in cloudflare.

MasterJiq · Feb 25, 2017

Yes I am using cloudflare @JynX. I've set it to flexible. I can go to my website with https (type manually). Now I am asking for who know how to make it redirect to https correctly.

JynX · Feb 25, 2017

Use a page rule as I stated above lol

MasterJiq · Feb 25, 2017

@JynX, I gived the error image which I used given web.config

Core · Feb 25, 2017

You could also do it with PHP;

if($_SERVER["HTTPS"] != "on")
{
header("Location: https://{$_SERVER["HTTP_HOST"]}{$_SERVER["REQUEST_URI"]}");
exit();
}

Also in your config make sure all links are https:// not http://
As this is likely cause of your rewrite issue.

You must be registered for see links

going to

You must be registered for see links

which then tries to load

You must be registered for see links

but redirects back again

MasterJiq · Feb 25, 2017

I put that on index.php, I get 'Redirect too many times' @Core

Zaka · Feb 26, 2017

MasterJiq said:
I put that on index.php, I get 'Redirect too many times' @Core

You can't use web.config to go to HTTPS and PHP wont know that you are on HTTPS or not because of the fact that the certificate is not on the server or so. I did get around this by writing some PHP code tho.

PHP:

public function thisFullURL($enableSSL = NULL) {
        $serverName = $_SERVER['SERVER_NAME'];
        $uri = $_SERVER['REQUEST_URI'];   
        
        if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1) || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
          $protocol = 'https://';
        }
        else {
          $protocol = 'http://';
        }
        
        $fullURL = $protocol.$serverName.$uri;
        $URL = $serverName.$uri;
        
        if ( $enableSSL && $protocol == 'http://' )
            header("location: https://{$URL}");
        else if( !$enableSSL && $protocol == 'https://' )
            header("location: http://{$URL}");
        else
            return $fullURL;
    }

Then you just have to pass true or false into the function true = SSL Redirection Enabled, false = SSL Redirection Disabled

MasterJiq · Feb 27, 2017

Put the function on index.php ? So I have to run the function ? @Zaka

MayoMayn · Feb 27, 2017

MasterJiq said:
Put the function on index.php ? So I have to run the function ? @Zaka

No reason for that whole function @Zaka provided, if you KNOW you're going to force HTTPS.

PHP:

if(empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "off"){
    $redirect = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    header('HTTP/1.1 301 Moved Permanently');
    header('Location: ' . $redirect);
    exit();
}

But yeah, put this in the global.php and not the index.php file.

There's a fix for forcing HTTPS in web.config, you all just didn't research enough.

Zaka · Feb 27, 2017

Sentinel said:
No reason for that whole function @Zaka provided, if you KNOW you're going to force HTTPS.

PHP:

if(empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "off"){ $redirect = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; header('HTTP/1.1 301 Moved Permanently'); header('Location: ' . $redirect); exit(); }

But yeah, put this in the global.php and not the index.php file.

There's a fix for forcing HTTPS in web.config, you all just didn't research enough.

When using cloudflares SSL certificate u can't just check if HTTPS is on or off. Thats why you have to check for headers + I was using that function for more than just SSL

MayoMayn · Feb 27, 2017

Zaka said:
When using cloudflares SSL certificate u can't just check if HTTPS is on or off. Thats why you have to check for headers + I was using that function for more than just SSL

Nah, that's pretty obvious, because the Flexible SSL is not a SSL hosted on the webserver, which means it doesn't work that way, and isn't even referred to as a real SSL
But yeah this line you wrote does the work.

PHP:

isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')

MasterJiq · Feb 27, 2017

@Sentinel @Zaka I am using this from stackoverflow, work fine:

Code:

if (!(isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' ||
   $_SERVER['HTTPS'] == 1) || 
   isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&   
   $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'))
{
   $redirect = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
   header('HTTP/1.1 301 Moved Permanently');
   header('Location: ' . $redirect);
   exit();
}

But sometimes after I log onto my account, the https is gray and no [SECURE] tag. Only from index page. I apply this code on index.php so It would apply to all page ?

MayoMayn · Feb 27, 2017

MasterJiq said:
@Sentinel @Zaka I am using this from stackoverflow, work fine:

Code:

if (!(isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1) || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) { $redirect = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; header('HTTP/1.1 301 Moved Permanently'); header('Location: ' . $redirect); exit(); }

But sometimes after I log onto my account, the https is gray and no [SECURE] tag. Only from index page. I apply this code on index.php so It would apply to all page ?

The reason why the https is gray, is because you're including http sources, e.g images, css / js files.
Check the console log to see why it occurs.
Again, apply it to global.php and it will be applied to the whole system.

MasterJiq · Feb 27, 2017

@Sentinel, I got this:

MayoMayn · Feb 27, 2017

MasterJiq said:
@Sentinel, I got this:

Code:

Mixed Content: The page at 'https://playprevs.com/me' was loaded over HTTPS, but requested an insecure image 'http://playrise.me/web-gallery/images/icon_habbo_small.png'. This content should also be served over HTTPS.

Simply change http:// to https:// and if the image is not accessible just download it.

EDIT:
playrise doesn't support https, so just simply download it and save it on your webserver somewhere, and then change the url to where ever the location might be.

MasterJiq · Feb 27, 2017

How ? @Sentinel you checked my hotel ?

My hotel name is playprevs not playrise @Sentinel

MayoMayn · Feb 27, 2017

MasterJiq said:
How ? @Sentinel you checked my hotel ?

My hotel name is playprevs not playrise @Sentinel

No shit, but can't you read or what? You're including a HTTP image source from PLAYRISE. Read the damn error ffs.

EDIT:
Why the heck are you asking for help, if you begin to whine over such simple things?

web.config direct to https

Member

Member

Member

Posting Freak

Member

Posting Freak

Member

Member

Member

Programmer

Member

BestDev

Programmer

BestDev

Member

BestDev

Member

BestDev

Member

BestDev

Users who are viewing this thread