Research
Security News
The Growing Risk of Malicious Browser Extensions
Socket researchers uncover how browser extensions in trusted stores are used to hijack sessions, redirect traffic, and manipulate user behavior.
By Kush Pandya - Jun 13, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
SecurePages
Secure pages is a simple way to manage https and non-https for asp.net MVC and Web Forms sites. Specify specific urls, use regular expressions, define custom rules and force all non-specified urls to http.
#Secure Pages#
Secure pages is a simple way to manage https and non-https for asp.net MVC and Web Forms sites. Specify specific urls, use regular expressions, define custom rules and force all non-specified urls to http.
##Changelog:##
###Version 1.0.5109.19336 - December 27 2013###
- Removed majority of string usage and replaced with Uri.
- Fixed small bugs in TestHelpers.RequestedUrl
###Version 1.0.5007.19696 - September 16 2013###
- Added TestHelpers.RequestedUrl - more here
- Fixed SecurePagesConfig.cs references
###Version 1.0.4930.15380 - July 01 2013###
- Added SecureUrlCollection.IgnoreUrl(string, RegexOptions) providing the ability to ignore URLs
- Added more test coverage
###Version 1.0.4927.20371 - June 28 2013###
- Added ability to set HttpRootUrl
- Added ability to set HttpsRootUrl
- Small bug fixes
#Adding it to your solution#
Install package from nuget: Install-Package SecurePages
What it adds to your solution
Two Files:
- App_Start/SecurePagesConfig.cs
- App_Readme/securepages.readme.txt
One Web.config alteration:
<configuration>
<system.webServer>
<modules>
<add name="SecurePageModule" type="SecurePages.Infrastructure.SecurePageModule" />
</modules>
</system.webServer>
</configuration>
#Usage#
##Add Url##
Specify a specific relative url to be forced to https
SecurePagesConfiguration.Urls.AddUrl("/cart");
By default, specifying a url will be case insensitive. To specify case sensitivity, pass caseInsensitive:false as the optional second argument
SecurePagesConfiguration.Urls.AddUrl("/cart", caseInsensitive:false );
##Add Regex##
Specify a regex pattern to be forced to https
SecurePagesConfiguration.Urls.AddRegex(@"(.*)account", RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.Singleline);
##Ignore URLs##
To ignore URLs, such as JavaScript or CSS files you can call IgnoreUrl on the URL Collection
SecurePagesConfiguration.Urls.IgnoreUrl(@"(.*)\.css");
SecurePagesConfiguration.Urls.IgnoreUrl(@"(.*)\.js");
IgnoreUrl takes a regex string and optionally as a second argument RegexOptions.
##Custom Secure Request Rules##
Specify a custom https match rule. This is an example of checking the request headers to determine if the originating request was secure (needed for AppHarbor).
SecurePagesConfiguration.RegisterCustomMatchRule(c =>
{
return string.Equals(c.Request.Headers["X-Forwarded-Proto"], "https",
StringComparison.InvariantCultureIgnoreCase);
});
The delegate signature is Func<HttpContextBase, bool> and should return true if the request is https.
##Specify secure and unsecure root URLs
By default, secure pages will use the current URL and just alter the protocol too and from http(s). If your secure domain is different (https://secure.mydomain.com/), you will need to explicitly set the secure and nonsecure URLs.
SecurePagesConfiguration.HttpRootUrl = "http://yourdomain.com/";
SecurePagesConfiguration.HttpsRootUrl = "https://yourdomain.com/";
##For Local Testing##
SecurePagesConfiguration.IgnoreLocalRequests = true;
By default, secure pages will ignore all request from localhost
##Testing your configuration
SecurePages comes with a test helper class called RequestedUrl with 3 helper methods:
-
ShouldBeHttp
-
ShouldBeHttps
-
ShouldIgnore
Here is an example of testing a configuration (the below code is using xUnit for testing but you can use nUnit, MSTest etc)
The rules
SecurePagesConfiguration.Urls.IgnoreUrl(@"(.*)\.css");
SecurePagesConfiguration.Urls.IgnoreUrl(@"(.*)\.js");
SecurePagesConfiguration.Urls.IgnoreUrl(@"(.*)\.png");
SecurePagesConfiguration.Urls.IgnoreUrl(@"(.*)\.jpg");
SecurePagesConfiguration.Urls.IgnoreUrl(@"(.*)\.gif");
//Securing all pages with account/
SecurePagesConfiguration.Urls.AddRegex(@"(.*)account", RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.Singleline);
//All other urls will be forced to http
The tests
public class SecureUrlTests {
public SecureUrlTests() {
// Make sure you register your configuration rules
SecurePagesConfig.RegisterUrls(SecurePagesConfiguration.Urls);
}
[Fact]
public void WhenAccountUrlIsCalledWithHttpItShouldRedirectToHttps() {
var result = RequestedUrl.When("http://test.com/account/register").ShouldBeHttps();
Assert.True(result);
}
[Fact]
public void WhenAccountUrlIsCalledWithHttpsItShouldStayOnHttps() {
var result = RequestedUrl.When("https://test.com/account/register").ShouldBeHttps();
Assert.True(result);
}
[Fact]
public void WhenHomePageIsCalledWithHttpsItShouldRedirectToHttp() {
var result = RequestedUrl.When("https://test.com/").ShouldBeHttp();
Assert.True(result);
}
[Fact]
public void WhenHomePageIsCalledWithHttpItShouldRemainOnHttp() {
var result = RequestedUrl.When("http://test.com/").ShouldBeHttp();
Assert.True(result);
}
[Fact]
public void WhenCssFilesAreCalledTheyShouldBeIgnored() {
var result = RequestedUrl.When("http://test.com/main.css").ShouldIgnore();
Assert.True(result);
}
[Fact]
public void WhenImageFilesAreCalledTheyShouldBeIgnored() {
Assert.True(RequestedUrl.When("http://test.com/img.jpg").ShouldIgnore());
Assert.True(RequestedUrl.When("http://test.com/img.png").ShouldIgnore());
Assert.True(RequestedUrl.When("http://test.com/img.gif").ShouldIgnore());
}
}
FAQs
Secure pages is a simple way to manage https and non-https for asp.net MVC and Web Forms sites. Specify specific urls, use regular expressions, define custom rules and force all non-specified urls to http.
We found that securepages demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 27 Dec 2013
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
2025 Blockchain and Cryptocurrency Threat Report: Malware in the Open Source Supply Chain
An in-depth analysis of credential stealers, crypto drainers, cryptojackers, and clipboard hijackers abusing open source package registries to compromise Web3 development environments.
By Kirill Boychenko - Jun 12, 2025
Security News
pnpm 10.12 Introduces Global Virtual Store and Expanded Version Catalogs
pnpm 10.12.1 introduces a global virtual store for faster installs and new options for managing dependencies with version catalogs.
By Sarah Gooding - Jun 11, 2025