Capture and Redirect HTTP to HTTPS with SharePoint 2007
SharePoint administrators are often asked to securely publish their sites either to the Internet, internally, or both. This is a fairly straightforward process of configuring your MOSS installation for SSL and publishing your site using any one of the numerous firewalls or proxy servers available on the market. But what happens if your users forget the site is SSL secured and enter http://your.moss.site instead of https://your.moss.site? Well, if you’ve properly secured your site and blocked HTTP traffic from the Internet, they receive the all too familiar 404 page not found error and you get a call asking why the site is down. If they are internal users and enter http://your.moss.site, they receive a 403.4 Forbidden: SSL is required… error.
What you want to do is intercept all HTTP calls to the site and redirect them to HTTPS while still allowing all direct HTTPS calls to process normally. This is pretty easy to do with a standard web site, but MOSS will behave differently because the full URL as well as the data is stored in the SQL database. Fortunately this problem is easy to overcome, but the solution is not immediately apparent.
The way to do this in SharePoint is to create an alternate access mapping combined with some clever port redirection as follows.
First, access your “Central Administration” site and navigate to the alternate access mappings configuration page. The AAM page is found at: “Central Administration > Operations > Alternate Access Mappings.” Change the view to your.moss.site’s “Alternate Access Mapping Collection” then select “Edit public URLs” and change the default URL from http://your.moss.site to https://your.moss.site and save.
Then, open the IIS management console and right click on your.moss.site , select “Properties” and change the TCP port to something random like, 8001. Next, click the “Directory Security” tab and in “Secure Communications,” click “Edit” then check “Require secure channel,” click “OK.”
Now create a new site named “your.moss.site redirector” with a host header that matches the original site name. This works because the IIS ports are different. Click Next, Browse and create a new folder, name it “redirect”, or something similar. This folder will not contain any data. It exists only as an IIS requirement when creating a new site.
Finally, open the properties on your “your.moss.site redirector” site and click the “Home Directory” tab then select a “Permanent redirection for this resource.” Redirect the site to https://your.moss.site and save. This completes the configuration process.
Now all requests for http://your.moss.site are automatically redirected to https://your.moss.site and direct requests for https://your.moss.site will work as expected.
This is how you do it with SharePoint 2007. If you are using WSS, the procedure is essentially the same. Also, if publishing your site to the Internet, don’t forget to allow HTTP as well as HTTPS through the firewall so the redirector will be triggered.
17 comments
(7 votes, average: 4.00 out of 5)
Loading ...17 Comments so far
Leave a reply
Simple and effective. Why didn’t I think of that?
Thanks!
i have multiple portals.right now i have 10 portals and it might increase rapidly…(http://*.vin.com) do we need to create a duplicate website for each portal we have… Is there a way to create one single website and use that for all diff portals…something like a wildcard.
Using a DNS trick, you can do wildcard redirection of sites with host headers. I’d need to do some testing to see if that’s possible with MOSS. In the meantime, do a search on “iis wildcard host headers” and take a look at this site: http://msmvps.com/blogs/bernard/archive/2005/03/22/39218.aspx
[...] Here’s a good description of the problem and fix [...]
We’re using the 403.4 error page to redirect, but we haven’t worked all the bugs out yet. (Think there’s something wrong with the cert.)
————
function doLoad()
{
setTimeout( “rewriteURL()”, 0000 );
document.getElementById(‘redirect’).innerHTML = window.location.href.replace(“http”,”https”);
}
function rewriteURL()
{
window.location.href = window.location.href.replace(“http”,”https”);
}
I have mutiple sites in my single Sharepoint installation. When users try to hit the sites directly, how will they get redirected?
For eg, if they hit sharepoint.com\site1 and sharepoint.com\site2, with your solution, they will be redirected to sharepoint.com homepage
thanks much!
Side note, if you are using IIS 7, follow the directions up to the paragraph about Permanent Redirection. Instead, open the Error Pages icon for the redirector site, and edit the 401 error. Check the radio button for “Respond with a 302 redirect” and enter your SSL site in the Absolute URL box.
Hi,
The line here says
select “Edit public URLs” and change the default URL from http://your.moss.site to https://your.moss.site and save.
But u have mentioned that the site is already in https, ..then the default URL will be https://your.moss.site in AAM..
Hi,
can you please explain this line “select “Edit public URLs” and change the default URL from http://your.moss.site to https://your.moss.site and save.”
As the site is already in “https” the default URL will already be pointing to https://your.moss.site..then what changes r u doing here?
Sanjay,
The web application was created as an http (non SSL) site so you need to change the AAM from http to https for the public URL. Are you thinking of the AAM pages, or the IIS site? I was referring to the AAMs in the post.
[...] Capture and Redirect HTTP to HTTPS with SharePoint 2007 (tags: sharepoint ssl) [...]
Thanks for the nice solution. It works for me. But after applying this solution, I came across another issue. Actually I have a windows based wss site on Port 80 and I have mapped the drive to this site.so users can share the drive with sharepoint document library. As per your solution, I have changed the port from 80 to 8001 and assigned the 80 port to the new IIS site. But after making these changes, my mapping functionality stops working. So I would really appreciate if you find out any solution for this.
that was a great solutions thanks. also add the alternative mapping in sharepoint, that will also help a bit
But now is searching unuseable with search engine in MOSS. Because all items in search points to http… instead to https..Does anyone know for this solution too ?
@nicky Same problem here, temp solution is if you have a firewall before the Sharepoint server you can force the HTTPS redirect and this will not affect WSSIndexer from the inside.
[...] I searched online and found after a little digging this helpful article from a SharePoint blog at http://www.os.com/blog/capture-and-redirect-http-to-https-with-sharepoint-2007/. Here’s the crux of [...]
[...] link here Capture and Redirect HTTP to HTTPS with SharePoint 2007 Tech Tips, News and Tribal Knowledge [...]