ASP.NET HTTPS/SSL Caching and Dynamic Pages - asp.net

I have an IIS6 ASP.NET 2/3.5 site that ALWAYS seems to be caching anything that goes through a https request. HTTP requests always work the same, but i see old/invalid data on https requests.
I see this a lot with pages where i'm doing http rewriting--but in general, it almost seems like the site has one set of values it shows to http requests and another to https requests-- without having any backend code that renders differently based upon the scheme.
Any ideas? Does IIS have a weird ssl caching option i'm not aware of?

The ports were set up wrong in IIS-- although the domain was correct because i was using port 443 it got forwarded to another site (because of host headers setup).

Related

How to stop redirection from HTTP to HTTPS

When I access to EC2 with http://XXX.XXX.XXX.XXX, the access was redirected to https://XXX.XXX.XXX.XXX.
Also, EC2 instance does not have certificate for HTTPS.
How do I stop the redirection.
By the way, I am using AMIMOTO of Wordpress.
I am looking forward to your reply.
There are 2 things to consider:
HTTPS redirect is done via server redirect, usually with HTTP status code 301. Depending on your server (nginx, apache etc) there are different ways to achieve that, but assuming it's apache, take a look at this to know what to look for
Once you are hit with redirect, modern browsers cache that 301 response for a long time. So even after you disable it you can still experience redirect. Here's example how to clear that in Chrome. This will obviously affect only your browser and if any customers hit the page, they will still be redirected for quite some time.
But best approach would undeniably be to set up and enable SSL.

How can I make IIS and ASP.NET aware of SSL Offloading so that it uses correct protocol for Response.Redirect?

How can I make IIS and ASP.NET aware of SSL Offloading so that it uses correct protocol for Response.Redirect?
I am working with a client who is using F5 load balancer with SSL offloading. The IIS web site (and ASP.NET web app) are bound to HTTP, not HTTPS, and so whenever ASP.NET uses Response.Redirect(url) it results in 302 redirect to http instead of https
Obvious solution would be to bind to HTTPS in IIS, but client does not operate that way. They have numerous other applications (mostly on apache) and report that it works just fine (it is somehow aware of SSL Offloading). SSL terminates at the load balancer, meaning user-to-load balancer is HTTPS, and then load balancer-to-server is HTTP. And they want to keep it that way (makes it easier for IDS to detect attacks in encrypted payloads, IT can snoop on users, etc.).
We've tried URL Rewrite module (from Microsoft) with very limited success. Client's IT dept reports they have also tried some configuration with F5 but I am not familiar with this product and apparently neither are they. It would be much easier if we could just force a flag in IIS or something, but I have been looking over Msft docs with no answer found so far.
Looking for a solution that is applied only to IIS, please. Thanks!

Website displays differently in https from http. How to fix that

Sorry for this stupid question but
Can someone suggest why the following website is displaying differently in http and https? Here are the two links
https://www.sportengland.org/careers/jobs-at-sport-england/
http://www.sportengland.org/careers/jobs-at-sport-england/
the content is not displaying properly in http website is iFrame content.
Basically, the HTTP or HTTPS protocol will not effect the format of the page.
It might be because they have hosted the site in two hosting one with SSL (HTTPS) and another with non SSL (HTTP).
And there could be chance that they updated one application and not done the same changes in another.

Using a Loadbalancer ssl terminated, how to generate links and other urls with https

I am having a problem with an old school asp.net site that has been moved behind a SSL terminated loadbalancer. All traffic to IIS is coming from the load balancer as port 80 http traffic. IIS is rendering all the script/image/link urls into http://....
The problem for us is the client browers are seeing pages with absolute URLs containing http protocol links within a https:// page. The browsers are warning about mixing secure and insecure content.
How can this be fixed so that the links are generated with https:// instead of http://
Thanks in Advance
bille
We solved our issue. The problem turned out to be the load balancer configuration. The client is very compartmentalized and denied us access to the LB swearing that the config was correct. After proving to them that telnetting into 443 was being blocked for some stuff we were allowed access to the LB. In addition to just being set up wrong (cut and paste) the LB url rewrite rules were messed up. Fixing those all is good.

Weird IIS7 http redirection behavior

I have a web server running Windows Server 2008 with IIS7. I have a bunch of websites which are all bound to the same IP address, but with different host header values. Most of the host headers are something like www.sitename.com.
I also have a corresponding website entry for each which listens for the host "sitename.com" and does a redirect to "www.sitename.com" within IIS7 (to cater for non-www requests). Now this is all pretty straight forward, but I've noticed the when setting up the Http Redirection, some wierd things happen:
Firstly, the "redirect" website entries must be pointed at a different physical directory than the site it's trying to redirect to, otherwise the redirection settings get set for both sites at once.
Secondly, sometimes whilst setting up Http Redirection on an individual site, Http Redirection gets set at a server level, and all sites start redirecting to that one URL.
How does this happen? Under what circumstances could setting Http Redirection on an individual site affect all sites? This is scary!!!
You need to point each of the websites to different physical location so that Http Redirection module can make a webconfig file for each of them.

Resources