Automatically Redirect HTTP requests to HTTPS on IIS 7 using URL Rewrite 2.0 |
Mar
10
|
| « Windows Live Messenger crashes Router/Internet Connection | Hyper-V Installation on Windows Server 2008 » |
- Automatically Redirect HTTP requests to HTTPS on IIS 6
- Automatically Redirect HTTP requests to HTTPS on IIS 7
- Automatically Redirect HTTP requests to HTTPS using ASP
- Automatically Redirect HTTP requests to HTTPS on IIS 7 using URL Rewrite 2.0
In a previous article I covered the installation URL Rewrite 2.0 for IIS 7. This is a plug-in for IIS 7 that allows you to manipulate URL’s.
URL Rewrite has a GUI to allow you to enter rules within IIS 7; in the background all this does is edit the web.config file of the site. I will show you how to create a rule both ways.
In the following example we will redirect HTTP to HTTPs using URL Rewrite. You will need the following items completed in order for this to work correctly.
- SSL Certificate for site installed in IIS.
- Site properly installed and configured for SSL (site set up and binding in IIS configured).
- URL Rewrite 2.0 is installed on the sever.
GUI Version
- Select the website you wish to configure
- In the “Features View” panel, double click URL Rewrite
You will notice there are currently no rules configured for this site. Click “Add Rules…” in the Actions menu to the right of the “Features View” panel
Use the default “Blank rule” and press “OK”.
When editing a rule there are the “Name” field and 4 configuration pull down boxes.
- Enter “Redirect to HTTPS” in the name field.
- Next we will configure the first configuration pull down box called “Match URL”, on the right side of “Match URL” press the down arrow to expand the box.
Within the “Match URL” configuration box we will set the following settings:
Requested URL: Matches the Pattern
Using: Regular Expressions
Pattern: (.*)
We can now edit the next configuration pull down box which is “Conditions”, Press “Add…” to add a new condition to the configuration.
We will configure the condition with the following settings:
Condition Input: {HTTPS}
Check if input string: Matches the Pattern
Pattern: ^OFF$
Press “OK” 
You should see your condition in the list of conditions.
For this setting we do not need to configure the “Server Variables” pull down box. Continue onto the “Action” configuration box and pull down the box by selecting the arrow on the right. We will configure the following settings for the “Action” configuration:
Action Type: Redirect
Redirect URL: https://{HTTP_HOST}/{R:1}
Redirect Type: See Other (303)
Press “Apply” then press “Back to Rules”
You should now see the rule configured on the main screen of the URL Rewrite module.
Test your site, it should now redirect from HTTP to HTTPS.
If we exam the web.config file we can see where the rule was entered. If we entered the rule directly into the web.config file it would show up in the GUI.
Web.Config Rule
You can also edit the web.config file of the site directly and you will be able to see the rule in the GUI. You will need to enter the following within the <system.webServer> </system.webServer> elements.
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions><add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
When implementing this solution you need to make sure to use relative paths for all references on your page because there is a possibility you will get a warning asking you if you want to display secure and insecure items. For example, if you have a logo on your page and the URL to this logo is http://domain/images/logo.jpg, do not use the whole path because including the http:// will hard code this image to use http and not https. Instead use /images/logo.jpg.
I used HTTP redirect and redirected my website to HTTPS://DNSNAME/application then checked the “redirect all requests to exact destination” check box.
Works like a charm.
Doesn’t work here either. I have tried so many different URL redirect tips but none seems to work….
I have an exchange sever: exchange.domain.com and simple want to redirect HTTPS and still be able to access /OWA sites.
WSRV2008 R2 X64 with URL rewrite 2.0
What rules are you using? Your rule should be very similar to the rule in this article. Make sure the rule is on the correct site, then restart IIS after implementing the rule.
Hi.
First i must thank you for this site it is very useful. Now i have problems with using Automatically Redirect HTTP requests to HTTPS on IIS 7 using URL Rewrite 2.0
This solution is not working for me. I tried a solution with file, but is not working. I dont’ know what i am doing wrong.
I have Default Web Site with one test virutal with name ‘virtual’ directory like this: C:\inetpub\wwwroot\Test – this is location of real folder. In this folder i have one test page.
I made a rule like you, but still i am getting the error HTTP Error 403.4 – Forbidden
The page you are trying to access is secured with Secure Sockets Layer (SSL).
Please help me.
Check to make sure the rule is active and that the rule is configured for that site.
This is because in your website’s SSL Settings you have checked the “Require SSL” setting. This forces IIS to throw a 403.4 error before the Url Rewriting module has a chance to rewrite the rule.
You’ll have to disable it, and let the rewriting module force users to use SSL :)