Force HTTPS redirect for specific published webpath
- Is it possible to force HTTP to HTTPS redirection for a specific published public web path? For instance, given the following paths on www.contoso.com:
/
/images
/pages
/publicforms
I would want to allow public access to all paths, but ensure content to and from /publicforms is properly passed through HTTPS.
The web listener that I am currently using is configured for both HTTP and HTTPS connections, with no redirection configured. I have looked at using the "Notify HTTP users to use HTTPS instead" option within the web publishing rule, which ensures the content is delivered through the appropriate protocol but is not as customer/user friendly as a redirect.
If there are other options to support this type of deployment, I'd be happy to evaluate them as well.
All Replies
There are two ways to do this. One way, which MIGHT work, is to set up a specific rule for the path you want the redirection, and listen only for http traffic. In this rule, set it up as a deny and redirect it to the https URL. Set up a separate rule for the path and only accept https traffic making it an allow rule. Make sure the http rule is above the https rule.
The second way, which is what we did, was to just give up and make everything https. This way you can configure the listener to redirect all traffic to https.
Rob
RobAgrees with Rob, deny with redirect to https is one way, but...
You do not state the reason for wanting https on that path, but maybe it is because you want them to authenticate. In that case redirect only authenticaed traffic on listener might do the trick for you.- Unfortunately, a deny rule with a redirect is infeasible given that the redirect capability in the deny rule only allows a redirect to an arbitrary page. If there was a mechanism to gracefully hand-off a web path from one listener to another, including all of its request data, that would work well.
The content in question is designed for public access, but is typically a form that we would prefer be encrypted in transit.
Thanks. - PageGuard can do this in theory but there's not a TMG build released yet.
- You should be able to do this with two listeners. Let's say you have listener A for a web publishing rule except for the publicforms. This could be an http only listener. Then create listener B which is both http and https but redirects http traffic to https. Use listener B for a web publishing rule for publicforms. List this second rule below the first one and it should work. The second listener will redirect the entire URL to https, not to a specific page.
I'm proposing this as an answer...I have not specifically tested it.
Rob - Moving to the other listener would require a new hostname->IP->listener redirection.
This might be possible to get using LinkTranslation for links to http://listner1.hostname/publicform -> https://listener2.hostname/publicform
