Setting up an HTTP/HTTPS redirect in IIS
Once the SSL certificate is installed, your site still remains
accessible via a regular insecure HTTP connection. To connect securely,
visitors must specify the https:// prefix manually when entering your site’s
address in their browsers.
In order to force a secure connection on your website, it is
necessary to set up a certain HTTP/HTTPS redirection rule. This way, anyone who
enters your site using a link like “yourdomain.com” will be redirected to
“https://yourdomain.com” or “https://www.yourdomain.com” (depending on your
choice) making the traffic encrypted between the server and the client side.
Below are steps to setup HTTPS redirect:
1. Open the IIS Manager console and select the
website you would like to apply the redirection to in the left-side menu:
2.
Double-click on the URL Rewrite icon.
3.
Click Add Rule(s) in the right-side menu.
4.
Select Blank Rule in the Inbound section, then
press OK:
5.
Enter any rule name you wish.
6.
In the Match URL section:
- Select Matches the Pattern in the Requested URL drop-down menu;
- Select Regular Expressions in the Using drop-down menu;
- Enter the following pattern in the Match URL section: (.*);
- Check the Ignore case box.
7.
In the Conditions section, select Match all
under the Logical Grouping drop-down menu and press Add.
8.
In the prompted window:
- Enter {HTTPS} as a
condition input;
- Select Matches the Pattern from the drop-down menu;
- Enter ^OFF$ as a
pattern;
- Press OK
9. In the Action section, select
Redirect as the action type and specify the following for Redirect URL:
https://{HTTP_HOST}{REQUEST_URI}
10.
Un-check the Append query string box.
Select the Redirection Type of your choice. The whole Action
section should look like this:
NOTE: There are 4 redirect types of the redirect rule that can be
selected in that menu:
-
Permanent (301) – preferable type in this case, which tells clients that the
content of the site is permanently moved to the HTTPS version. Good for SEO, as
it brings all the traffic to your HTTPS website making a positive effect on its
ranking in search engines.
- Found (302) – should
be used only if you moved the content of certain pages to a new place
*temporarily*. This way the SEO traffic goes in favour of the previous
content’s location. This option is generally not recommended for a HTTP/HTTPS
redirect.
- See Other (303) –
specific redirect type for GET requests. Not recommended for HTTP/HTTPS.
- Temporary (307) –
HTTP/1.1 successor of 302 redirect type. Not recommended for HTTP/HTTPS.
OPTION 2: Specify
the Redirect Rule as https://{HTTP_HOST}/{R:1} and check the Append query
string box. The Action type is also to be set as Redirect.
Click on Apply on the right side of the Actions menu.
The IIS redirect can be checked by accessing your site via http://
specified in the URL. To make sure that your browser displays not the cached
version of your site, you can use anonymous mode of the browser.
The rule is created in IIS, but the site is still not redirected
to https://
Normally, the redirection rule gets written into the web.config
file located in the document root directory of your website. If the redirection
does not work for some reason, make sure that web.config exists and check if it
contains the appropriate rule.
To do this, follow these steps:
In the sites list of IIS, right-click on your site. Choose the
Explore option:
Explore will open the document root directory of the site. Check
if the web.config file is there.
The web.config file must have the following code block:
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="HTTPS force"
enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}"
pattern="^OFF$" />
</conditions>
<action type="Redirect"
url="https://{HTTP_HOST}{REQUEST_URI}"
redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
If the web.config file is missing, you can create a new .txt file,
put the aforementioned code there, save and then rename the file to web.config.
No comments:
Post a Comment