JavaScript to redirect to https

by martin 22. July 2009 21:41

First off, you should never use JavaScript as a security enforcement mechanism, but you can use it within your server's "HTTPS required" error page to automatically (and easily) redirect your viewers to the proper secure page.

So first, configure IIS or Apache to "Require SSL".  This will automatically take all users that attempt to target a non HTTPS url to your servers configured 403 (or 403.4) error page.  Now go edit that error page (my IIS 7 error page was located at C:\inetpub\custerr\en-US\403.htm; for IIS 6 it was C:\WINDOWS\Help\iisHelp\common\403-4.htm) and add something like this:

<script type="text/javascript">


function RedirNonHttps() {

    if (location.href.indexOf("https://") == -1) {

        location.href = location.href.replace("http://", "https://");





Then, simply call the RedirNonHttps function on page load :

<body onload="RedirNonHttps();" >

Currently rated 1.5 by 73 people

  • Currently 1.506849/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags: ,


Local IP Address bug in some JVMs

by martin 21. October 2008 23:47

This guy from Spi Dynamics (now HP) told me how you can get the local IP address in some browser / JVM combinations a few months back.;

Click here to see if you are at risk.

Inside an applet, you seem to always be able to get the internal ip address using code like :

String strLocalIPAddress = (new Socket(strWebHost, intPort)).getLocalAddress().getHostAddress();

I haven't been able to get this work via javascript. Go to see Lars Kindermann's MyAddress applet to check if you are at risk:

I also ran across a cool DNS Pinning applet/service that did port scanning.

Now add in CIFS / SMB into your dns pinned applet and ? ?  

Currently rated 1.8 by 46 people

  • Currently 1.804348/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags: , , ,

Java | JavaScript


Please contact me if you have a great idea for a project and need technical expertise in designing, developing, or integrating a custom software solution.

Recent Comments

Comment RSS