Friends I want to know for when a secured hosting is done, we require an unique ip address to associate our SSL Certificate to it. Also, I kinda read in one tutorial that when a browser requests for a secured conncetion then all the SSL process initiates. But how does a browser request for a secure connection. Don't we just write www.chase.com? And then our browser converts the http to https? Whats happening in the background?
+3
A:
In your programming code, you evaluate the protocol and redirect using a 301 (server side). This is not done in the browser.
You can do this in ASP.NET in the Global.asax file
I'm not sure about other programming languages (PHP, Ruby, etc). Others can feel free to chime in and edit my answer with more examples if they please.
if(!Request.IsSecureConnection)
{
string redirectUrl = Request.Url.ToString().Replace("http:", "https:");
HttpContext.Current.Response.Status = "301 Moved Permanently";
HttpContext.Current.Response.AddHeader("Location", redirectUrl);
}
I think you can do this by default in Apache using .htaccess, but as far as I can tell, if you want to do it in IIS you need to run an asp script or include it in your .net application. I could be wrong, but this is what I've come up against in my trials of this.
rockinthesixstring
2010-10-07 15:14:35
Do you mean that I should first check the response code and then if its 301 then i should redirect.
vinayvasyani
2010-10-07 15:27:00
You can do it in any such language. You can also do it in configuration settings on most webservers and not need to program at all.
Jon Hanna
2010-10-07 15:27:16
@vinayvasyani, 301 **is** a redirect. If you send 301 to a browser it goes to another URI. Look at RFC 2616.
Jon Hanna
2010-10-07 15:28:19
Unless you're trying to build a browser you should not have anything to do with reading the 301 status code.
Alin Purcaru
2010-10-07 15:30:42
[Jon Hanna](http://stackoverflow.com/users/400547/jon-hanna) you are correct, this is just one option. [vinayvasyani](http://stackoverflow.com/users/312965/vinayvasyani) no you don't check for a 301 you evaluate the protocol (`if NOT https - then send 301 AND include the https URL`)
rockinthesixstring
2010-10-07 15:33:10
@Jon: Thanks. About putting the redirections in the config file: Is it something like you just have to say that if the response code is X then RedirectURL = Y?
vinayvasyani
2010-10-07 15:33:44
@vinayvasyani, in this case it would normally be a matter of saying http://yourdomain/* redirects to https://yourdomain/* so that all pages redirect to their HTTPS equivalent. The precise details of how to do so depend on the webserver in question.
Jon Hanna
2010-10-07 15:42:08
@Jon: Got you. So its to be done on the server settings. I was confused thinking to have such settings in the browser application project. Thanks again.
vinayvasyani
2010-10-07 15:47:04
"browser application project" ... are you building your own browser? If so, you will need to know more about [RFC 2616](http://www.w3.org/Protocols/rfc2616/rfc2616.html) and how to deal with all of that good stuff.
rockinthesixstring
2010-10-07 15:49:53
@rockinthesixstring: I am not building one currently but was just curious how one browser app does such a thing programmatically.
vinayvasyani
2010-10-07 15:56:25
@vinayvasyani, in the case of a browser, it's coded to always look for the Location header and follow it if it receives a 301 (or a few other codes, that do redirects with slightly different semantics). I've had to do so manually in client code a few times, but very rarely.
Jon Hanna
2010-10-07 16:05:37
well that's a completely different question then. My answer is based on a developer creating a website. Your question is better answered by [Alin Purcaru](http://stackoverflow.com/users/321468/alin-purcaru) on how it all works. But you'll be in for a lot of programming if you're thinking of building your own browser.
rockinthesixstring
2010-10-07 16:06:52
+7
A:
In the background:
- The client types www.example.com
- The browser sends a HTTP GET call to www.example.com
www.example.com responds with a moved status code.
HTTP/1.1 301 Moved Permanently
Location: https://www.example.com/
The browser reads that and knows that it must start a secure HTTP connection.
- ...and so on. This is where things get more complicated because the browser and the server exchange multiple messages until the secure connection is established.
Anyway if what you need is to install a SSL certificate you must make sure that your client is redirected from http to https. That should be accomplished from the server configurations.
Alin Purcaru
2010-10-07 15:17:32
good answer [Alin Purcaru](http://stackoverflow.com/users/321468/alin-purcaru)... I tried to give the "programming" answer in order to keep this question from being closed... ;-)
rockinthesixstring
2010-10-07 15:23:35