I’ve been building this blog along with my consulting business and needed to secure my websites with SSL for BBB accreditation. That accreditation is still pending at this time, but I want to show good faith in business practices to attain that accreditation.
So, I purchased my certificate and preformed the following to assure that all traffic to my websites are SSL secured. There are a number of ways to do it, and even do it for Exchange, (which I will cover in another post), but I found a great article that is simple and will work for most standard web sites. The link will be at the bottom in the references section. 🙂
Redirect all HTTP traffic for your website to HTTPS
- You will need to download the URL Rewrite Tool: Instructions HERE
- Ensure that the IIS site you are using is configured for the proper port 80 binding. In this case we are listening for all traffic on port 80. But you could restrict this based on host header as needed
- Next, once URL Rewrite is installed, create a new URL Rewrite Rule on the website that you want to make the change on:
- Use the following steps exactly to create the redirection properly for your website:
- Match URL Setting:
- Name your rule (i.e. ‘http to https’)
- Requested URL: ‘Matches the Pattern’
- Using: ‘Wildcards’
- Pattern: ‘*’
- Ignore Case: ‘Checked’
- Conditions Setting:
- Click Add
- Condition Input: ‘{HTTPS}’
- Check if input string: ‘Matches the pattern’
- Pattern: ‘off’
- Ignore Case: ‘Checked’
- Server Variables Setting:
- No Settings Changed or Added
- Action Setting:
- Action Type: ‘Redirect’
- Action Properties
- Redirect URL: ‘https://{HTTP_HOST}{REQUEST_URI}’
- Append Query String: ‘Checked’
- Redirect Type: Found (302)
Note: In this example {HTTPS}, {HTTP_HOST}, and {REQUEST_URI} are all URL parts that can be accessed using the URL Rewrite module. More information on URL parts can be found here.
- Apply the rule so that it is saved to IIS
- Perform an IISRESET from an Administrative PowerShell Session or Command Prompt to Enable all the settings properly
Changes Made
The URL rewrite rules get written to the web.config file for the site you are working in. For example, the above configuration should result in this addition to the web.config file:
1 2 3 4 5 6 7 8 9 10 11 | <rewrite> <rules> <rule name="Redirect to http" enabled="true" patternSyntax="Wildcard" stopProcessing="true"> <match url="*" negate="false" /> <conditions logicalGrouping="MatchAny"> <add input="{HTTPS}" pattern="off" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Found" /> </rule> </rules> </rewrite> |
That should take of it all for you and now when users connect to your website via http, they will be automatically redirected to https SSL.
HAPPY CONFIGURING!
PLEASE COMMENT!
References:
Creating Rewrite Rules for the URL Rewrite Module
URL Rewrite for IIS7 http to https redirection
URL Component Reference
Redirect from HTTP to HTTPS using the IIS URL Rewrite module
