Bookmark and Share Subscribe Bookmark and Share




  • 5081This post:
  • 124226Total visitors:
  • 385Visitors today:
  • 9118Visitors per month:

Automatically Redirect HTTP requests to HTTPS on IIS 7 using URL Rewrite 2.0


 « »    

Series: Redirecting HTTP to HTTPS

Series: URL Rewrite

In a previous article I covered the installation URL Rewrite 2.0 for IIS 7. This is a plug-in for IIS 7 that allows you to manipulate URL’s.

URL Rewrite has a GUI to allow you to enter rules within IIS 7; in the background all this does is edit the web.config file of the site. I will show you how to create a rule both ways.

In the following example we will redirect HTTP to HTTPs using URL Rewrite. You will need the following items completed in order for this to work correctly.

- SSL Certificate for site installed in IIS.
- Site properly installed and configured for SSL (site set up and binding in IIS configured).
- URL Rewrite 2.0 is installed on the sever.

GUI Version

- Select the website you wish to configure
- In the “Features View” panel, double click URL Rewrite

You will notice there are currently no rules configured for this site. Click “Add Rules…” in the Actions menu to the right of the “Features View” panel

Use the default “Blank rule” and press “OK”.

When editing a rule there are the “Name” field and 4 configuration pull down boxes.

- Enter “Redirect to HTTPS” in the name field.
- Next we will configure the first configuration pull down box called “Match URL”, on the right side of “Match URL” press the down arrow to expand the box.

Within the “Match URL” configuration box we will set the following settings:

Requested URL: Matches the Pattern
Using: Regular Expressions
Pattern: (.*)

We can now edit the next configuration pull down box which is “Conditions”, Press “Add…” to add a new condition to the configuration.

We will configure the condition with the following settings:

Condition Input: {HTTPS}
Check if input string: Matches the Pattern
Pattern: ^OFF$

Press “OK”

You should see your condition in the list of conditions.

For this setting we do not need to configure the “Server Variables” pull down box. Continue onto the “Action” configuration box and pull down the box by selecting the arrow on the right. We will configure the following settings for the “Action” configuration:

Action Type: Redirect
Redirect URL: https://{HTTP_HOST}/{R:1}
Redirect Type: See Other (303)

Press “Apply” then press “Back to Rules”

You should now see the rule configured on the main screen of the URL Rewrite module.

Test your site, it should now redirect from HTTP to HTTPS.

If we exam the web.config file we can see where the rule was entered. If we entered the rule directly into the web.config file it would show up in the GUI.

Web.Config Rule

You can also edit the web.config file of the site directly and you will be able to see the rule in the GUI. You will need to enter the following within the <system.webServer> </system.webServer> elements.

<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions><add input="{HTTPS}" pattern="^OFF$" />
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />

When implementing this solution you need to make sure to use relative paths for all references on your page because there is a possibility you will get a warning asking you if you want to display secure and insecure items. For example, if you have a logo on your page and the URL to this logo is http://domain/images/logo.jpg, do not use the whole path because including the http:// will hard code this image to use http and not https. Instead use /images/logo.jpg.

Series NavigationAutomatically Redirect HTTP requests to HTTPS using ASP
Series NavigationURL Rewrite 2.0 Installation

    Did I save you time and headaches? Buy me a cup of coffee.
    The more coffee I drink the more articles I can write.

    Donation Type:

56 Comments so far

  1. Quick Question: I would like to also enable ‘Require SSL’ – but when I do, then the site wiill not redirect and the users continue to get errors.

    - Is there a way around this so that I can ensure that it SSL is required.
    - The site is SSO enabled. Will the redirect occur before the credentials are passed?

    I’m concerned that the credentials may be going over the clear before the redirect occurs.

    • if you are forcing https through code why would you need that option?

    • Jordan said:
    • Posted on October 4th, 2013 at 12:05 am
    • Reply
    • Permalink

    This is MOSTLY working. For example, all requests to "" are redirected to https, so good to go there. HOWEVER, if I simply type "" I get a 404 error. Any advice on how to fix this?

      • jppinto2010 said:
      • Posted on October 10th, 2013 at 5:14 pm
      • Reply
      • Permalink

      you need to redirect to <a href=",” target=”_blank”>, I usually do it that through dns or url rewrite.

  2. thanks!

  3. It's important to have the http binding enabled as well, otherwise it will not work.

    • Gavin Burke said:
    • Posted on March 6th, 2013 at 10:03 am
    • Reply
    • Permalink

    This will only work if you have Application Request Routing installed so this can proxy the request else use Action Type of Redirect instead of Rewrite (or change web.config from <action ="rewrite" to <action ="redirect")

Leave a comment

Trackbacks on this post