Wednesday, April 13, 2011

Redirect HTTP to HTTPS with IIS 7

Getting onto two years ago now I wrote an article that has become quite popular that detailed three methods to redirect HTTP to HTTPS. At that time there wasn't a lot in the way of options for URL manipulation on IIS, and Helicon's ISAPI Rewrite 2 was the de facto standard. Now there are several options for rewriting URL's on IIS, and users of IIS 7 are able to take advantage of Microsoft's own URL Rewrite module. In this guide we'll look at how you can use Microsoft's URL rewrite module to transparently redirect HTTP to HTTPS.

For this guide to work you'll need;

  • IIS 7 installed

  • Microsoft URL Rewrite Module installed

  • Create HTTPS bindings to your IIS website and assign certificate

  • Ensure Require SSL is NOT checked under SSL Settings for your website

Once you have this done you can simply copy and paste the following code between the <rules> and </rules> tags in your your web.config file in your website root directory.

<rule name="HTTP to HTTPS redirect" stopProcessing="true">

  <match url="(.*)" />


      <add input="{HTTPS}" pattern="off" ignoreCase="true" />


  <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />


From here all you have to do is save your web.config file and test that the redirection is working. Hopefully this guide has helped you to enabled HTTP to HTTPS redirection for your website on IIS 7 using the Microsoft URL Rewrite Module. If you have any feedback or comments please post below, and if you have specific support requests please post in the forums

No comments:

Post a Comment