Subscribe to Windows IT Pro
December 09, 2001 12:00 AM

Redirecting Users to Secure Pages

Jim McBee
Windows IT Pro
InstantDoc ID #23175
Rating: (3)

If you run Exchange 2000 Server’s Outlook Web Access (OWA) 2000 but don’t use Secure Sockets Layer (SSL), users can simply type the prefix HTTP to connect to the OWA server. If you decide to use SLL to better secure your Exchange system, users must use the prefix HTTPS rather than HTTP to connect to the OWA server. The HTTPS prefix might be difficult for users to remember. You can help them one of two ways, as suggested in Chris Lehr, Reader to Reader, "Forcing Users to Use SLL," May 2001.

If users request an HTTP page from a server that requires SSL, they receive the 403.4 Forbidden: SSL required error page. An HTML file (403.4.htm) in the \winnt\system32\help\iishelp\common directory generates that error page. You can replace the HTML file with a custom HTML file that redirects clients’ browsers to the correct HTTPS address. Listing A contains the code you put into the custom HTML file. In this code, you need to replace owa.somorita.com with the correct Web server for your organization. After the custom file is in the correct directory, you need to open the Microsoft Management Console (MMC) Internet Information Services snap-in and go to the Custom Errors tab in that Web server’s Properties dialog box. Replace the path to the existing 404.3.htm file with the filename and path to your custom file. This solution works well as long as the clients’ browsers support redirection.

If the browsers don’t support redirection, you can use an alternative solution that involves creating another virtual server. First, change the current virtual server’s port to an unused port, such as 8080. Then, create a new virtual server that uses port 80. Finally, open the Internet Information Services snap-in and go to the Home Directory tab of the new virtual server’s Properties dialog box. Select the option A redirection to a URL and enter the URL of the SSL-based site, as Figure A shows.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
  • Anonymous User
    7 years ago
    May 12, 2005

    Turning off "Show Friendlt HTTP error messages", is a nice workaround, but I recently rebuilt a server that had this running witout this work around in place. Now I need to turn off friendly HTTP errors in order to make it work. The site and IIS are all the same as before and now the only difference is this workaround being needed. I know that this worked before for me with the exact cose i am using now. What makes the "Show friendly HTTP errors" show up now. What am I missing that allowed it to work before without having to use this work around?

  • Anonymous User
    7 years ago
    Apr 11, 2005

    I spent all day trying to figure out why suggestion 1 wasn't working. I found out that the client side browser settings need to be changed. In IE, click Tools, Internet Options, Advanced and change uncheck the "Show friendly HTTP error messages" option. That will fix it. I am still unclear why this fixes the problem but it does.

  • Anonymous User
    7 years ago
    Jan 24, 2005

    how do I redirect when loggof is clicked

  • Prayag
    8 years ago
    Aug 16, 2004

    Even I couldn't get the first suggestion to get working, until I changed the time delay from 0 to some higher value.

    Additional to this, MS itself recommends a process where you can write a ASP file and use that as the error page, which will redirect your page to a secured one. Not that this is something great, but only thing, 'cause this is site independent, you won't need to change the script in case you change your site URL or something like that. here's the link,

    http://support.microsoft.com/default.aspx?scid=kb;en-us;555126&Product=exch2003

    (Note: I couldn't get this to working for Exchange 2000, I suspect some silly mistake in my method :-)

  • Daryl Schweiger
    9 years ago
    Aug 01, 2003

    If you follow the second suggestion to use a second virtual server and change the default to port 8080 (or any other port), you will be causing problems with using the Exchange System Manager. (That is only if the virtual site is on the same server as Exchange 2000.) I.E. - you will not be able to manage public folders.

    The default virtual server's port needs to remain on port 80, or you can follow technet article 325920 to change the port number Exchange System Manager uses to port 8080 (or what you set the default virtual server too).

    A third option is to add a second IP address to the exchange server, assign this address to the second virtual server and set the redirection as instruction, leaving both virtual servers on port 80.

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.