Redirecting Users to Secure Pages

If you run Exchange 2000 Server’s Outlook Web Access (OWA) 2000 but don’t use Secure Sockets Layer (SSL), users can simply type the prefix HTTP to connect to the OWA server. If you decide to use SLL to better secure your Exchange system, users must use the prefix HTTPS rather than HTTP to connect to the OWA server. The HTTPS prefix might be difficult for users to remember. You can help them one of two ways, as suggested in Chris Lehr, Reader to Reader, "Forcing Users to Use SLL," May 2001.

If users request an HTTP page from a server that requires SSL, they receive the 403.4 Forbidden: SSL required error page. An HTML file (403.4.htm) in the \winnt\system32\help\iishelp\common directory generates that error page. You can replace the HTML file with a custom HTML file that redirects clients’ browsers to the correct HTTPS address. Listing A contains the code you put into the custom HTML file. In this code, you need to replace with the correct Web server for your organization. After the custom file is in the correct directory, you need to open the Microsoft Management Console (MMC) Internet Information Services snap-in and go to the Custom Errors tab in that Web server’s Properties dialog box. Replace the path to the existing 404.3.htm file with the filename and path to your custom file. This solution works well as long as the clients’ browsers support redirection.

If the browsers don’t support redirection, you can use an alternative solution that involves creating another virtual server. First, change the current virtual server’s port to an unused port, such as 8080. Then, create a new virtual server that uses port 80. Finally, open the Internet Information Services snap-in and go to the Home Directory tab of the new virtual server’s Properties dialog box. Select the option A redirection to a URL and enter the URL of the SSL-based site, as Figure A shows.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.