Exempt page or directory from SSL

[phpPete]

I have a need to exempt a page from being served up via SSL. Is there a way to allow a single page to be exempt from SSL or barring that a directory?

As always, thanks for any assistance.

The system is:
Windows Server 2003
IIS 6
ASP.NET
.NET Framework 2.0

[holmescreek]

Not sure about ASP (I do PHP), but you should be able to retrieve the name of the page / script being loaded from your server variables. Then check the name of the page / script for any occurance of https, if it is found, then do a redirect, otherwise let the page load normally.

in Php it would be something like :

Code:

$currentpage = $_SERVER['PHP_SELF'];  # would return something like "https://mysite.com/something/index.php"

if(str_pos($currentpage, "https")) {

header('Location: http://www.example.com/');

}


otherwise just load the page normally...

Not a direct ASP answer, but, maybe enough that you can use to figure it out.

[phpPete]

Holmes;

Thank you for your input. That's a valid approach and in the end might be something we'll go with. I'd like to know the .NET way if anyone can enlighten me on that.

[wwb_99]

Generally one enforces SSL at the IIS level rather than in your application. I am presuming the entire application is setup to enforce SSL. In that case, you can set an individual file not to require SSL by browsing to that folder in the IIS manager, then right clicking on the file and going into the File Security tab on the properties window.