Wednesday, August 26, 2015

Redirecting HTTP to HTTPS on IIS

It can be beneficial for security and SEO reasons to secure an entire web site, rather than pages were there are login forms and other private data. The myths around performance hits have been debunked, and the main potential downside is around third party ad networks (and many sites don't display ads like this anyway).

To achieve redirection from non secure to secure URLs on an IIS web site, the URL Rewrite Module will need to be installed on the server. Then the following XML will need to be added into the web.config (site root) inside the system.webserver section.
<rewrite>
    <rules>
      <rule name="HTTP to HTTPS redirect" stopProcessing="true">
        <match url="(.*)" />
        <conditions>
          <add input="{HTTPS}" pattern="off" ignoreCase="true" />
        </conditions>
        <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
      </rule>
    </rules>
</rewrite>
Now URLs such as http://example.com/page.aspx will redirect to https://example.com/page.aspx.


Do you prefer site-wide SSL or simpl on select areas/pages? Discuss in the comments below.
By on
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)