If you’re using IIS to run a website, you may want to consider setting up HTTPS redirects. This will help protect your website from being accessed by unauthorized individuals, and it can also help improve the security of your URLs. HTTPS redirects are easy to set up in IIS, and they work just like regular HTTP redirects. You simply add a new route in your IIS configuration, and then set up the appropriate security settings. Here’s an example of how to set up a HTTPS redirect in IIS:

  1. Open the IIS Manager and browse to the root of your website.
  2. In the left pane, click on the Route tab.
  3. In the Route field, enter a new route name (for example, “https://www2.”).
  4. Click on OK to create the route and save it.
  5. In the right pane of the IIS Manager, click on Web Sites .
  6. In the Web Sites list, click on your website’s name (for example “www.”).
  7. Click on HTTPS Redirects .
  8. On the left side of this screen, you’ll see a list of all of your websites’ routes (including those created earlier). You’ll also see a list of all of their security settings (including whether or not they’re using SSL). If your website is using SSL certificates instead of regular HTTP certificates, you’ll also see that information in this section; otherwise, it’s empty! 9. To add an HTTPS redirect to your website, select it from among these routes and click on Add . 10. On the next screen, you’ll be asked for some basic information about your redirected URL: its pathname (the name given to it by IIS), its hostname (the address where your site lives), and its port number (the number used by your site when

In order to force your website to load over SSL, you will likely need to incorporate redirection to push all insecure URLs to their secure counterpart. This is necessary to be sure that all users and pages support and utilize your SSL certificate to encrypt communications between your web server and visitor.

Why Would I Need to Redirect from HTTP to HTTPS?

To properly secure your website with SSL certificates, you might decide to incorporate redirects on your website, forcing all http URLs to redirect to secure https URLs, (i.e., http://mydomain.com redirects to https://mydomain.com). This way, no matter what URL a user is visiting on your site, it will automatically be directed to the secured version of that page.

Without redirects in place, some users or pages may be accessing insecure URLs and will not receive the benefits of having an SSL certificate in place. Let’s take a look at how to incorporate these changes in IIS with the URL Rewrite Redirection Module!

The first thing we will need to do is navigate to our Redirection Module. To do this, open up IIS Manager (inetmgr.exe), expand your server, and select the site you want to incorporate redirects on.

In the main window pane, scroll down until you find “URL Rewrite” under the IIS subcategory and double-click this icon.

If you do not see this module, you will have to install it from the official IIS site, here.

Note that the URL Rewrite module is only available for IIS 7 or higher.

Creating Your First Redirect Rule

Now that you have opened the URL Rewrite module, select “Add Rule(s)” from the upper-right actions menu. We are going to create a Blank Rule.

To create a redirect rule that forces all HTTP URLs to HTTPS, you will need to create a rule with the following settings:

Requested URL: Matches the Pattern Using: Regular Expressions Patten: (.*)

…with the “Ignore” Case box checked.

By setting the pattern to (.) and matching to regular expressions, the redirect rule will match and process any URL that it receives. The (.) regex pattern matches all possible combinations of characters in the URL.

Once these settings are in place, scroll down to the “Conditions” section and expand the drop-down menu.

Select “Add” and enter the following settings:

Condition Input: {HTTPS} Check if input string: Matches the Pattern Pattern: ^OFF$

Click “OK.”

Now, on the “Edit Inbound Rule” page for our new rule, scroll down to the “Action” section.

You will be setting the Action Type as “Redirect” and enter the following URL under the redirect URL section:

https://{HTTP_HOST}{REQUEST_URI}

Be sure to uncheck “Append Query String” and make sure the Redirect Type is “Permanent (301).”

Note: In case you are having some difficulties with the redirect by the end of this article, another option to try for your redirect URL would be:

https://{HTTP_HOST}/{R:1}

We are using Permanent (301) redirects for our site because we want all non-secure URLs to be automatically and permanently redirected to the secure https version of the URL. There are several other types of redirects available, but the 301 redirect will get our website behaving the way we want it it to for HTTPS.

Once you have confirmed that all of the above settings are correct, select “Apply” in the top-right Actions pane.

Testing Redirections to Confirm All Website URLs Redirect to HTTPS

Once you have applied the new redirect rule to your website, you are now able to test the redirection in your browser.

To be sure that your browser is not using cached data when being accessed, open a “Private” or “Incognito” window and navigate to any http URL on your site.

When accessing these URLs, it should automatically redirect to the HTTPS version of your page. Assuming you have already tested your SSL certificate prior to the redirect, when your non-secure URL is redirected, it should now show https and a secure lock icon by the URL bar.

If you are having difficulties with your redirect or you see it is not redirecting properly, it is in our interest to check the web.config file in the associated website to be sure that our redirect rule was properly added.

You can check this by navigating to your site in IIS, right-clicking on its name, and selecting “Explore.”

This will bring you to the root directory of your website where you will find a file named web.config. Open this file in Notepad to see it’s contents.

Your web.config should contain the following information somewhere inside its contents:

If you do not have a section that says this in your web.config file, add the above code block right before the closing </system.webServer> tag and save your file.

You should now be able to access any http URLs on your website and see that they redirect to the secured https URL! Congratulations, all pages on your site and URLs are being redirected to their secure counterpart!