Articles
Redirect HTTP to HTTPS with IIS 7
Getting onto two years ago now I wrote an article that has become quite popular that detailed three methods to redirect HTTP to HTTPS. At that time there wasn't a lot in the way of options for URL manipulation on IIS, and Helicon's ISAPI Rewrite 2 was the de facto standard. Now there are several options for rewriting URL's on IIS, and users of IIS 7 are able to take advantage of Microsoft's own URL Rewrite module. In this guide we'll look at how you can use Microsoft's URL rewrite module to transparently redirect HTTP to HTTPS.
For this guide to work you'll need;
- IIS 7 installed
- Microsoft URL Rewrite Module installed
- Create HTTPS bindings to your IIS website and assign certificate
- Ensure Require SSL is NOT checked under SSL Settings for your website
Once you have this done you can simply copy and paste the following code between the <rules> and </rules> tags in your your web.config file in your website root directory.
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>From here all you have to do is save your web.config file and test that the redirection is working.
Hopefully this guide has helped you to enabled HTTP to HTTPS redirection for your website on IIS 7 using the Microsoft URL Rewrite Module. If you have any feedback or comments please post below, and if you have specific support requests please post in the forums.
- Add new comment
- 15032 reads
Comments
Example Config
Since my web.config didn't have any rewrite paths I figured someone may find this useful (mainly because there is a "rules" and "rule" path that has to follow properly):
<?xml version="1.0" encoding="utf-8"?><configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Fails when used at application level
This worked for me in my application web.config
Help Please !!!!!!!!!!!!!!!!!!!!!11
Hi !
I have implemented this on my SSL site, It working great ! many many thanks!
But I have small issue again :)
Coz, When someone types my site name as http://www.mywebsite.com , It adds HTPS , Thats OK.
But when user types http://mywebsite.com
It gives SSL certificate error ,Saying that Certificate was issued to another website.
My Website certificate is issued to =www.mywebsite.com not =mywebsite.com
Helpppppppppppppppppppppppppppppppppppppppp Please......!
Thanks in adavnce
Sandy
New certificate or rewrite to the current one?
Hi Sandy,
You have two options. Either get yourself a new certificate for mywebsite.com or alter your rewrite rules to redirect any non www traffic to www (i.e mywebsite.com to www.mywebsite.com)
----------------
Dominic Ryan
5 x Microsoft IIS MVP, MCSE, MCSA
IIS Aid owner/webmaster
Slight correction
This didn't work for me in the case where the url contains a subfolder.
for example:
http://www.example.com/admin/Default.aspx?a=b
goes to:
https://www.example.com/Default.aspx?a=b
The following should work:
<rewrite><rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" /> <!-- Require SSL must be OFF in the site settings -->
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{REQUEST_URI}" />
</rule>
</rules>
</rewrite>
</system.webServer>