Date:  09/06/2002 09:01:22 PM Msg ID:  000874
From:  FoxWeb Support Thread:  000815
Subject:  Re: Response.Status - 403.4
As it turns out, IIS includes additional information to the reply, which is why you see the 403.4 SSL Required message.  When the additional text is not sent, then the browser displays nothing.  In fact, by default IIS uses the file C:\WINNT\Help\iisHelp\common\403-4.htm (configurable in the Custom Errors tab of the Internet Services Manager).
 
The following code duplicates this behavior:
 
<%
Response.Status = "403 Forbidden"
%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link   {font:8pt/11pt verdana; color:FF0000}
a:visited  {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page must be viewed over a secure channel</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
  <tr>  
    <td align="left" valign="middle">
 <h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page must be viewed over a secure channel</h1>
    </td>
  </tr>
 
  <tr>
    <td width="400" colspan="2">
 <font style="COLOR:000000; FONT: 8pt/11pt verdana">The page you are trying to view requires the use of "https" in the address.</font></td>
  </tr>
 
  <tr>
    <td width="400" colspan="2">
 <font style="COLOR:000000; FONT: 8pt/11pt verdana">
 <hr color="#C0C0C0" noshade>
 
    <p>Please try the following:</p>
 <ul>
      <li>Try again by typing <strong>https://</strong> at the beginning of the address you are attempting to reach.</li>
    </ul>
 
    <h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.4 - Forbidden: SSL required<br>
    Internet Information Services</h2>
 <hr color="#C0C0C0" noshade>
 
 <p>Technical Information (for support personnel)</p>
 
<ul>
<p>
<li>Background:<br>
This error indicates that the page you are trying to access is secured with Secure Sockets Layer (SSL).</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.4&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
 </font></td>
  </tr>
 
</table>
</body>
</html>

FoxWeb Support Team
support@foxweb.com email

Sent by FoxWeb Support on 08/21/2002 05:55:33 PM:
Other status codes work fine, so my guess is that IIS re-interprets status codes returned by ISAPI and CGI scripts, such as FoxWeb.  We will do some additional tests with other Web servers to confirm this and post the answer to this forum.

FoxWeb Support Team
support@foxweb.com email

Sent by Joël Croquet on 08/15/2002 07:30:16 AM:
 
I made a custom error message in IIS 5 for the error code 403.4 (ssl required).
 
It works fine if I set the property "require secure channel" on a subdir of the site.
 
I try to send the 403.4 to the user within foxweb with the following code :
if lower(Request.ServerVariables("HTTPS")) # "on"
 Response.Status = "403.4 Forbidden: SSL required"
 && also tried : Response.Status = "403.4"
 Response.Write("403.4 Forbidden: SSL required")
 Response.End
endif
The user receives a standard message "403 - Forbidden" and not the one set for 403.4.
Does I am wrong with the use of the response.status command ?
 
I've found a workaround with the response.redirect command calling the error page but it's not exactly what I want.
 
Joël.