There are problems which can affect an old Classic ASP website which aren't actually anything to do with ASP but are instead caused by changes in technology over the years. One of these is to do with SSL / TLS, the technology which allows websites to show the secure padlock in the address bar.

A decade or two ago most websites were hosted on addresses starting with the http:// protocol. This sends information between your browser and the server hosting the website in plain text. It's nice and simple, but it means anyone with access to your data as it travels between the two can see anything you send including passwords and credit card numbers. They can also interfere with the data the website sends you, maybe slotting their own adverts into it etc.

So at the time websites for banks and shops would run on the encrypted https:// protocol instead, which encrypts the info you send and then decrypts it on the server meaning anyone with access to it in the middle only sees a jumbled mess.

But since then the certificates needed have become cheaper and/or free, and large organisations like Google have strongly promoted the use of https:// for everyone, which means that most websites now run on https:// including older ones which have switched over.

Quite often the host of a website will contact you and persuade you to buy an SSL certificate to make your site secure. This is a good thing. However there's an issue which it causes. When your visitor's browser sees that your site is on https:// but it finds a link to a javascript (or sometimes an image or css file) which starts with http:// in your page's code it won't load it. The same goes it you try to load an external page in an iframe on your site.

If it's an iframe or an image it'll be pretty obvious that there's a problem - the image or expected content won't be on the page. But if it's a javascript you might find yourself baffled as to why stuff that used to work doesn't work any more.

If you're on a desktop machine, right-click somewhere on your web page and select Inspect. In the Inspector panel which opens up, click on Console. You may see an error there stating that a resource starting with http:// has been blocked.

Have a look at the code of your site. Anywhere you see a mention of http:// check if the same URL is available as https://.

For example if you have a link to

http://code.jquery.com/jquery-1.12.4.js

then check if you get the same information from

https://code.jquery.com/jquery-1.12.4.js

In most cases you'll find the HTTPS version of the URL works. If it does you can either change the http:// to https:// or leave the protocol out completely by linking to

//code.jquery.com/jquery-1.12.4.js

If (unusually) the https version of the URL does not give you a response you'll need to download the javascript and host it on your own website, changing the link to match.

 

One problem when using Classic ASP code to redirect a site from HTTP to HTTPS is knowing whether the current page is being served through HTTPS or not. There should be a really easy way - you check if request.servervariable("HTTPS") returns ON or OFF, and if it says OFF you redirect the page.

Unfortunately you may find that this server variable always returns OFF, even when you can see https:// in the address bar. The port will also be returned as :80, so you can't use that either.

The reason is a that the SSL certificate is being provided by an intervening CDN like Cloudflare rather than being installed on the server. So in this case, look for a server variable called HTTP_X_FORWARDED_PROTO which will return either HTTP or HTTPS.