November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

Categories

November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  
«  
  »

IIS7 redirect HTTP to HTTPS

Memorise

IIS7 redirect HTTP to HTTPS

The method of setting up an IIS7 redirect HTTP to HTTPS is to Require SSL on the site or part of the site and set up a custom 403.4 error page. To do this, just following these steps:

  1. Install your SSL certificate in IIS 7 and bind it to your website
  2. In IIS, click on the site name, and go to the SSL Settings section
  3. Check Require SSL and Require 128-bit SSL and click Apply
  4. After doing this, users will normally receive error:
  5. Create a new text file and paste the following into it:

<html>
<head><title>Redirecting…</title></head>
<script language=”JavaScript”>
function redirectHttpToHttps()
{
var httpURL= window.location.hostname + window.location.pathname + window.location.search;
var httpsURL= “https://” + httpURL;
window.location = httpsURL;
}
redirectHttpToHttps();
</script>
<body>
</body>
</html>

6. Save the file as redirectToHttps.htm in your C:\Inetpub directory

7. Back in IIS, click on the site name and double-click the Error Pages option

8. Click Add… and enter 403.4 as the Status code. Browse for the redirectToHttps.htm file you just created and click OK

9. Select the error code and press Edit Feature Settings…

10. Click the Custom error pages option and again browse for the redirectToHttps.htm file

11. Test the site by going to http://www.yoursite.com and making sure it redirects

A caveat of using a custom error page to do an IIS7 redirect from HTTP to HTTPS is that the web browser must have JavaScript enabled for the redirection to work.

If you get “Lock violation” error in IIS 7.5

All you need to do is to open file “%windir%\System32\inetsrv\config\applicationHost.config” and remove ‘defaultPath’ from the following line:

<httpErrors lockAttributes=”allowAbsolutePathsWhenDelegated,defaultPath”>

 

GUI Version

 

URL Rewrite has a GUI to allow you to enter rules within IIS 7; in the background all this does is edit the web.config file of the site. I will show you how to create a rule both ways.

In the following example we will redirect HTTP to HTTPs using URL Rewrite. You will need the following items completed in order for this to work correctly.

– SSL Certificate for site installed in IIS.
– Site properly installed and configured for SSL (site set up and binding in IIS configured).
– URL Rewrite 2.0 is installed on the sever.

GUI Version

– Select the website you wish to configure
– In the “Features View” panel, double click URL Rewrite

031010_2252_Automatical1

You will notice there are currently no rules configured for this site. Click “Add Rules…” in the Actions menu to the right of the “Features View” panel031010_2252_Automatical2

 

 

Use the default “Blank rule” and press “OK”.

031010_2252_Automatical3

When editing a rule there are the “Name” field and 4 configuration pull down boxes.

 

– Enter “Redirect to HTTPS” in the name field.
– Next we will configure the first configuration pull down box called “Match URL”, on the right side of “Match URL” press the down arrow to expand the box.

 

 

Within the “Match URL” configuration box we will set the following settings:

 

Requested URL: Matches the Pattern
Using: Regular Expressions
Pattern: (.*)

 

 

031010_2252_Automatical4

We can now edit the next configuration pull down box which is “Conditions”, Press “Add…” to add a new condition to the configuration

031010_2252_Automatical5

 

We will configure the condition with the following settings:

Condition Input: {HTTPS}
Check if input string: Matches the Pattern
Pattern: ^OFF$

Press “OK”

href=”http://rmohan.com/wp-content/uploads/2013/10/031010_2252_Automatical7.png”>031010_2252_Automatical7 031010_2252_Automatical8 031010_2252_Automatical9 031010_2252_Automatical10

You should now see the rule configured on the main screen of the URL Rewrite module.

Test your site, it should now redirect from HTTP to HTTPS.

If we exam the web.config file we can see where the rule was entered. If we entered the rule directly into the web.config file it would show up in the GUI.

031010_2252_Automatical11
Test your site, it should now redirect from HTTP to HTTPS.

If we exam the web.config file we can see where the rule was entered. If we entered the rule directly into the web.config file it would show up in the GUI.

031010_2252_Automatical12

Web.Config Rule

You can also edit the web.config file of the site directly and you will be able to see the rule in the GUI. You will need to enter the following within the <system.webServer> </system.webServer> elements.

 

<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions><add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
When implementing this solution you need to make sure to use relative paths for all references on your page because there is a possibility you will get a warning asking you if you want to display secure and insecure items. For example, if you have a logo on your page and the URL to this logo is http://domain/images/logo.jpg, do not use the whole path because including the http:// will hard code this image to use http and not https
October 16th, 2013 | Category: IIS

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>