IIS7: HTTP->HTTPS Cleanly

cpuguru picture cpuguru · Sep 5, 2008 · Viewed 71.2k times · Source

Is there a clean way to redirect all attempts to going to an HTTP:// version of a site to its HTTPS:// equivalent?

Answer

toxaq picture toxaq · Sep 30, 2011

I think the cleanest way is as described here on IIS-aid.com. It's web.config only and so if you change server you don't have to remember all the steps you went through with the 403.4 custom error page or other special permissions, it just works.

<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="HTTP to HTTPS redirect" stopProcessing="true">
          <match url="(.*)" />
            <conditions>
              <add input="{HTTPS}" pattern="off" ignoreCase="true" />
            </conditions>
            <action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>