Using IIS URL Rewrite to Redirect to HTTPS


Have you ever wanted to enforce the use of https (SSL) without using JavaScript? Well, you can with the help of Microsoft URL Rewrite Module 2.0 for IIS.

Here are two scenarios for redirecting to https:

  1. Website on standard port 80 using http, to be redirected to https on port 443
  2. Website on non standard port, e.g. 87 using http, to be redirected to https on port 88

Installing the Microsoft URL Rewrite Module for IIS 7

  • Browse to this site: http://www.iis.net/downloads/microsoft/url-rewrite
  • Click on Install this extension.
  • If your server does not allow direct download, click view additional downloads, then select one of WebPI / x86 / x64 links. This will allow you to download an msi file for installation locally.
  • I have clicked on the x64 link to download the 64 bit msi file for local installation
  • Go to the download folder, and click on this file to start the installation: rewrite_2.0_rtw_x64.msi
  • To confirm it was successfully installed, launch the IIS Manager, and click on the top most level icon (globe and server)
  • You should see the URL Rewrite feature icon after Server Certificates and before Worker Processes

iis-rewrite-module-4

Scenario 1: Website on standard http port 80 and https port 443

Now that the URL Rewrite Module 2.0 for IIS is installed, we can go ahead and create a rewrite rule to redirect to https. If you have not create a binding for https (ensure you have a certificate to use, either self-signed or one from a certificate authority such as VeriSign), do this now before proceeding with the steps below.

  1. Launch IIS Manager
  2. Expand Sites and click on the website with the standard port 80
  3. On the centre pane in Features View, double click the URL Rewrite icon to launch it
  4. Click Add Rule(s)… on the far right pane under Actions
  5. Select Blank rule under Inbound Rules and click OK
  6. Enter the following for the rule:
    Name: Redirect to HTTPS
    Requested URL: Match the Pattern
    Using: Regular Expression
    Pattern: (.*)
    Ignore case: ticked
    Logical grouping: Match All
    Input: {HTTPS}
    Type: Matches the Pattern
    Pattern: ^off$
    Action type: Redirect
    Redirect URL: https://{HTTP_HOST}/{R:1}
    Append query string: ticked
    Redirect type: 303
  7. Test by browsing the http page. It should automatically redirect to https.

https-redirect-1  https-redirect-2

Scenario 2: Website on non standard http and https ports (e.g. 87 and 88 respectively)

  1. Launch IIS Manager
  2. Expand Sites and click on the website with the non standard port, e.g. 87
  3. On the centre pane in Features View, double click the URL Rewrite icon to launch it
  4. Click Add Rule(s)… on the far right pane under Actions
  5. Select Blank rule under Inbound Rules and click OK
  6. Enter the following for the rule:
    Name: Redirect to HTTPS
    Requested URL: Match the Pattern
    Using: Regular Expression
    Pattern: (.*)
    Ignore case: ticked
    Logical grouping: Match All
    Input: {HTTPS}
    Type: Matches the Pattern
    Pattern: ^off$
    Action type: Redirect
    Redirect URL: https://{SERVER_NAME}:88/{R:1}
    Append query string: ticked
    Redirect type: 303
  7. Test by browsing the http page. It should automatically redirect to https

That’s all. Hopefully it worked out well for you!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s