IIS 7 and Above
HTTP link retrieved from database is displayed on webpage as HTTPS
Last post Sep 20, 2019 07:57 AM by Gazatteer
Sep 19, 2019 02:03 PM|Gazatteer|LINK
We recently upgraded and migrated an intranet (third party) website onto IIS 8.5, Windows 2012 R2 server.
The issue is all HTTP URLs (e.g. http://www.anyoldwebsite.com/...) retrieved from a SQL Server 2012 database are displayed on webpages as HTTPS links (e.g. https://www.anyoldwebsite.com/...). This
affects intranet and external website links. The developers are saying that it's not their code but instead are pointing the finger at SSL configuration.
SSL Settings checkbox is selected and SSL certificate installed as it was on the on the old server. There were no issues on the old server.
During the upgrade we installed URL Rewrite tool but no rules are set. Could URL Rewrite be causing the issue?
Any help is highly appreciated.
Sep 19, 2019 03:15 PM|lextm|LINK
Please use tools like Fiddler to analyze the actual contents of IIS responses. That should tell where those HTTPS links come from.
Before that it is too early to judge who changes them.
Sep 20, 2019 07:05 AM|Yuk Ding|LINK
It sounds like link in response body get written. If you wonder whether IIS is doing this, you could try to analyze Failed request tracing log.
Besides, do you have <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests" /> In your webpage or IIS response header? It will upgrade http link
to https automatically.
Sep 20, 2019 07:57 AM|Gazatteer|LINK
Thank You Lex and Yuk
This gives us something to investigate.
I shell explore the options and will get back with findings.