Can't find the answer?
 

If you can't find the answer and don't have time...try out the Premium Support service.  Get personal attention and get the problem fixed by an expert.
 
Support Forums  
 
  iFinity Support Forum  DotNetNuke Modu...  Url Master  Redirect from https to http
Previous Previous
 
Next Next
New Post 5/1/2008 8:30 PM
  AJ
34 posts
8th Level Poster


Re: Redirect from https to http 
Modified By AJ on 5/1/2008 8:36:50 PM)

And now we bring the discussion back to here since it was not Pageblaster related...

After installing the SSL cert, the https page returns 200 OK, but the URL is changed (rewritten?) to http.  I was hoping for a 301.. so now I need to look into this and find out what kind of redirect is going on..

I found that in DotNetNuke.HttpModules.UrlRewriteModule it actually uses this:

Response.Clear()
' add a refresh header to the response
Response.AddHeader("Refresh", "0;URL=" & strURL)
' add the clientside javascript redirection script
Response.Write("<html><head><title></title>")
Response.Write("<!-- <script language=""javascript"">window.location.replace(""" & strURL & """)</script> -->")
Response.Write("</head><body></body></html>")
' send the response
Response.End()

This is not even a redirect, it just loads the content from one page into another and returns 200 OK - its another duplicate content problem..  But, since I'm using URL master, it should be OK, right .. well no, a quick disassembly of URL master shows this...

response.Clear();
response.AddHeader("Refresh", "0;URL=" + result.FinalUrl);
response.Write("<html><head><title></title>");
response.Write("<!-- <script language=\"javascript\">window.location.replace(\"" + result.FinalUrl + "\")</script> -->");
response.Write("</head><body></body></html>");
response.End();

If https://mysite.com/page1.aspx and http://mysite.com/page1.aspx both return 200 OK, that is duplicate content.  Multiply that by every page in the site and there is a real problem.. what can I do now?

Alan
 
New Post 5/1/2008 11:43 PM
  Bruce Chapman
336 posts
1st Level Poster


Re: Redirect from https to http 

AJ

It's true I used the same logic as the standard DNN provider, for the simple reason is that it works.

The reason a javascript redirect is used over a 301/302 redirect is because the browser will throw up a 'security' warning if the server does the redirection from https -> http.  It's a trust/security issue.

I hadn't really thought about that side of things when you first told me of the problem.  Sorry if I sent you up a dry gully with the ssl certificate, because as you've found it's not going to solve the problem from a search engine POV.

The https->http redirection is really there just to make the application work seamlessly, not really to tell search engines that something has moved.  If you make it server-based and better for the search engines, you disadvantage the user with browser warnings.  However, in your case, the user isn't (shouldn't) be requesting the https.

Let me have a think about it - I may be able to have a configurable setting of server vs client redirection for the http->https.  In the meantime, if you figure out an alternative way (with IIS or similar) let me know.
 
New Post 5/2/2008 7:13 PM
  AJ
34 posts
8th Level Poster


Re: Redirect from https to http 
Modified By AJ on 5/2/2008 7:39:47 PM)

Hi Bruce,

By security warning, do you mean the "insecure content" warning dialog (I forget the exact wording)?

I've tried setting up the redirect in both siteurls.config and dotnetnuke.config - they did not help.

Is there any chance of a custom build that replaces the javascript with the same 301 code used elsewhere?

response.Status = "301 Moved Permanently";
response.AppendHeader("X-Redirect-Reason", result.Reason.ToString().Replace("_", " ") + " Requested");
response.AddHeader("Location", result.FinalUrl);

The site was ready to go live several days ago - until I found this showstopper SSL problem.

Alan
 
New Post 5/2/2008 10:21 PM
  Bruce Chapman
336 posts
1st Level Poster


Re: Redirect from https to http 

No, it is a different warning message - something like 'the website you are visiting is trying to redirect you to unsecure content, do you want to allow it?'.  The message differs by browser but they all have it.

Alan I will put an option to 301 redirect https instead of client redirect in a release for you, but I've got a very large backlog of work at the moment so you'll have to be a little patient.

If you have the client redirect working OK it shouldn't stop you launching the site - it will just be a little while before google cleans up the index with the https entries.  It will take a while for them to update the index anyway, once you do get the 301 redirects working.  Unless I'm missing something.

 
 
New Post 5/3/2008 8:52 AM
  AJ
34 posts
8th Level Poster


Re: Redirect from https to http 

Thanks Bruce - I've found a solution, so dont worry about it.  I do appreciate that you would make a custom build though, so thank you.

Initially I was going to use the open source urlrewriter.net, it does pretty much anything, but doesnt have any DNN specific links, so its much harder to configure.  Your module came out on the day I started this project so I grabbed it quickly :) 

What I am doing now is having urlrewriter handle any https requests, and your module handle the rest.  So far seems to work really well

Alan.
 
 Page 2 of 3Previous123Next 
Previous Previous
 
Next Next
  iFinity Support Forum  DotNetNuke Modu...  Url Master  Redirect from https to http
   
Support Guidelines.. Please read before posting Maximize