web.config direct to https

MasterJiq

Member
Jul 8, 2016
385
23
Hello,

Does someone here can share web.config to redirect to https ? I tried a lot of method and read a lot of stackoverflow's thread. All I get is 'Redirect is loop' do someone can share with me ? I am on IIS 7.5/7

Thanks.
 

NeedForSpreed

Member
May 18, 2014
326
71
Add this rule and tell me if it works,
<rule name="Redirect to https" stopProcessing="true"> <match url=".*" /> <conditions> <add input="{HTTPS}" pattern="off" ignoreCase="true" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" /> </rule>

Skickat från min FRD-L09 via Tapatalk
 

MasterJiq

Member
Jul 8, 2016
385
23
@SpreedBlood, I got this error:
tt6DaiR.png
 

MasterJiq

Member
Jul 8, 2016
385
23
Yes I am using cloudflare @JynX. I've set it to flexible. I can go to my website with https (type manually). Now I am asking for who know how to make it redirect to https correctly.
 

Core

Member
Nov 10, 2016
356
138
You could also do it with PHP;

if($_SERVER["HTTPS"] != "on")
{
header("Location: https://{$_SERVER["HTTP_HOST"]}{$_SERVER["REQUEST_URI"]}");
exit();
}

Also in your config make sure all links are https:// not http://
As this is likely cause of your rewrite issue.

going to which then tries to load but redirects back again
 

Zaka

Programmer
Feb 9, 2012
471
121
I put that on index.php, I get 'Redirect too many times' @Core
You can't use web.config to go to HTTPS and PHP wont know that you are on HTTPS or not because of the fact that the certificate is not on the server or so. I did get around this by writing some PHP code tho.
PHP:
public function thisFullURL($enableSSL = NULL) {
        $serverName = $_SERVER['SERVER_NAME'];
        $uri = $_SERVER['REQUEST_URI'];   
        
        if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1) || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
          $protocol = 'https://';
        }
        else {
          $protocol = 'http://';
        }
        
        $fullURL = $protocol.$serverName.$uri;
        $URL = $serverName.$uri;
        
        if ( $enableSSL && $protocol == 'http://' )
            header("location: https://{$URL}");
        else if( !$enableSSL && $protocol == 'https://' )
            header("location: http://{$URL}");
        else
            return $fullURL;
    }

Then you just have to pass true or false into the function true = SSL Redirection Enabled, false = SSL Redirection Disabled
 

MayoMayn

BestDev
Oct 18, 2016
1,423
683
Put the function on index.php ? So I have to run the function ? @Zaka
No reason for that whole function @Zaka provided, if you KNOW you're going to force HTTPS.
PHP:
if(empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "off"){
    $redirect = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    header('HTTP/1.1 301 Moved Permanently');
    header('Location: ' . $redirect);
    exit();
}
But yeah, put this in the global.php and not the index.php file.

There's a fix for forcing HTTPS in web.config, you all just didn't research enough.
 

Zaka

Programmer
Feb 9, 2012
471
121
No reason for that whole function @Zaka provided, if you KNOW you're going to force HTTPS.
PHP:
if(empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "off"){
    $redirect = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    header('HTTP/1.1 301 Moved Permanently');
    header('Location: ' . $redirect);
    exit();
}
But yeah, put this in the global.php and not the index.php file.

There's a fix for forcing HTTPS in web.config, you all just didn't research enough.
When using cloudflares SSL certificate u can't just check if HTTPS is on or off. Thats why you have to check for headers + I was using that function for more than just SSL
 

MayoMayn

BestDev
Oct 18, 2016
1,423
683
When using cloudflares SSL certificate u can't just check if HTTPS is on or off. Thats why you have to check for headers + I was using that function for more than just SSL
Nah, that's pretty obvious, because the Flexible SSL is not a SSL hosted on the webserver, which means it doesn't work that way, and isn't even referred to as a real SSL
But yeah this line you wrote does the work.
PHP:
isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
 

MasterJiq

Member
Jul 8, 2016
385
23
@Sentinel @Zaka I am using this from stackoverflow, work fine:
Code:
if (!(isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' ||
   $_SERVER['HTTPS'] == 1) || 
   isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&   
   $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'))
{
   $redirect = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
   header('HTTP/1.1 301 Moved Permanently');
   header('Location: ' . $redirect);
   exit();
}
But sometimes after I log onto my account, the https is gray and no [SECURE] tag. Only from index page. I apply this code on index.php so It would apply to all page ?
 

MayoMayn

BestDev
Oct 18, 2016
1,423
683
@Sentinel @Zaka I am using this from stackoverflow, work fine:
Code:
if (!(isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' ||
   $_SERVER['HTTPS'] == 1) ||
   isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
   $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'))
{
   $redirect = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
   header('HTTP/1.1 301 Moved Permanently');
   header('Location: ' . $redirect);
   exit();
}
But sometimes after I log onto my account, the https is gray and no [SECURE] tag. Only from index page. I apply this code on index.php so It would apply to all page ?
The reason why the https is gray, is because you're including http sources, e.g images, css / js files.
Check the console log to see why it occurs.
Again, apply it to global.php and it will be applied to the whole system.
 

MayoMayn

BestDev
Oct 18, 2016
1,423
683
Code:
Mixed Content: The page at 'https://playprevs.com/me' was loaded over HTTPS, but requested an insecure image 'http://playrise.me/web-gallery/images/icon_habbo_small.png'. This content should also be served over HTTPS.
Simply change http:// to https:// and if the image is not accessible just download it.

EDIT:
playrise doesn't support https, so just simply download it and save it on your webserver somewhere, and then change the url to where ever the location might be.
 

Users who are viewing this thread

Top