OIT Web Center

HOW TO: Use ASP to Force SSL for Specific Pages

Description

Web forms need to protect private information. If you have a form that collects private information you should force that page to use the HTTPS secure protocol so that the information will be encrypted when it is transmitted.

Code Reference Page: HOW TO: Use ASP to Force SSL for Specific Pages

Instructions

*Note: This code is for Classic ASP pages only.

1. Open your ASP page with an editor.
2. Paste the code below into the file where it will be executed before any other code.
3. Save the file.

Code

<%
   If Request.ServerVariables("SERVER_PORT")=80 Then
      Dim strSecureURL
      strSecureURL = "https://"
      strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")
      strSecureURL = strSecureURL & Request.ServerVariables("URL")
      Response.Redirect strSecureURL
   End If
%> 

Notes

1. The above code can be put in a separate include file if you have several ASP pages that need to be protected.
2. If you put the code in a separate file you must use a line similar to the following in each asp page:

   <!--#include virtual="/ForceSSL.inc"--> 
   		

Site maintained by Skip Knox — sknox@boisestate.edu