Control SSL error page or detect capable SSL connection?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Is it possible to somehow redirect users to a cutom page if their
browsers/firewall do not support SSL? Almost like a customized 404

We'd like to offer SSL form submits by default, but show a special page
if SSL is not possible for the user.

Re: Control SSL error page or detect capable SSL connection?

Quoted text here. Click to load it

If the user clicks on a https: URL and the browser does not
support SSL, it doesn't contact your server in any way so
you have no way to know it failed.

You might possibly get around this with trying to load a subframe from
a secure page with JavaScript, which is Turned Off (tm).  Javascript
is more likely to be turned off than SSL.

Quoted text here. Click to load it

You should provide the form via SSL (so the lock icon shows on the
page while the user is filling in the information).  This also tests
that SSL works before the user spends time filling in the form and
then has it not work.  You can provide a second link on the page
that leads TO the form, for use in case the first one doesn't work.

                        Gordon L. Burditt

Re: Control SSL error page or detect capable SSL connection?

Quoted text here. Click to load it

Hi Jan,

From my knowledge with IIS I know this is possible from a server-side point  
of view, though you have to cheat somewhat.

Within IIS Manager, locate the file/folder you require to be SSL enabled,  
then go into file security - secure communications - edit and then tick  
enable 'Require secured channel (SSL)'.  Now viewing this page over a HTTP  
connection will generate a 403 error message.  Off the top of my head I  
don't think you can do any kind of detection with this, as the error message  
is generated from IIS before any pages are executed.  By default this 403  
error message is a typical one that Microsoft ship with IIS, plain white  
background with the error:

"The page must be viewed over a secure channel
The page you are trying to access is secured with Secure Sockets Layer  
blah blah blah"

Now, to redirect the user, simply create your own custom 403 error page that  
contains redirect code (I prefer to use meta refresh as it's cleaner) and  
using the 'Custom Errors' tab within the previous options in IIS, set the  
default 403 error page to your new one.

Voila.  Once people try and access your page using a non-secure connection  
they'll get redirected to this new page.

This may not be useful to you if you intend to pass session variables and  
the like, I really haven't tested it in much detail with PHP, but it may be  
of some use to you.

Hope this helps,

Site Timeline