Don't mess with the MS!

HTTP to HTTPS redirect for websites in IIS

I’ve been building this blog along with my consulting business and needed to secure my websites with SSL for BBB accreditation. That accreditation is still pending at this time, but I want to show good faith in business practices to attain that accreditation.

So, I purchased my certificate and preformed the following to assure that all traffic to my websites are SSL secured. There are a number of ways to do it, and even do it for Exchange, (which I will cover in another post), but I found a great article that is simple and will work for most standard web sites. The link will be at the bottom in the references section. 🙂

Redirect all HTTP traffic for your website to HTTPS

  • You will need to download the URL Rewrite Tool: Instructions HERE
  • Ensure that the IIS site you are using is configured for the proper port 80 binding. In this case we are listening for all traffic on port 80. But you could restrict this based on host header as needed
  • Next, once URL Rewrite is installed, create a new URL Rewrite Rule on the website that you want to make the change on:
Steps to create a new URL Rewrite Rule
  • Use the following steps exactly to create the redirection properly for your website:
  • Match URL Setting:
    • Name your rule (i.e. ‘http to https’)
    • Requested URL: ‘Matches the Pattern’
    • Using: ‘Wildcards’
    • Pattern: ‘*’
    • Ignore Case: ‘Checked’
  • Conditions Setting:
    • Click Add
    • Condition Input: ‘{HTTPS}’
    • Check if input string: ‘Matches the pattern’
    • Pattern: ‘off’
    • Ignore Case: ‘Checked’
  • Server Variables Setting:
    • No Settings Changed or Added
  • Action Setting:
    • Action Type: ‘Redirect’
    • Action Properties
      • Redirect URL: ‘https://{HTTP_HOST}{REQUEST_URI}’
      • Append Query String: ‘Checked’
      • Redirect Type: Found (302)

Note: In this example {HTTPS}, {HTTP_HOST}, and {REQUEST_URI} are all URL parts that can be accessed using the URL Rewrite module. More information on URL parts can be found here.

  • Apply the rule so that it is saved to IIS
  • Perform an IISRESET from an Administrative PowerShell Session or Command Prompt to Enable all the settings properly

Changes Made

The URL rewrite rules get written to the web.config file for the site you are working in. For example, the above configuration should result in this addition to the web.config file:

That should take of it all for you and now when users connect to your website via http, they will be automatically redirected to https SSL.

HAPPY CONFIGURING!
PLEASE COMMENT!

LDLNET - Banner
LDLNET LLC – Life In Action! Your Source for Professional IT Services!

References:
Creating Rewrite Rules for the URL Rewrite Module
URL Rewrite for IIS7 http to https redirection
URL Component Reference
Redirect from HTTP to HTTPS using the IIS URL Rewrite module

Get E-Mail Updates
I agree to have my personal information transfered to MailChimp ( more information )
Want to know when I post new content? Sign up here to get an email when I do post!
I despise spam. Your email address will not be sold or shared with anyone else.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.