HTTP to HTTPS in IIS – Enable HTTPS in IIS Webserver

1 Star2 Stars3 Stars4 Stars5 Stars (7 votes, average: 4.57 out of 5)
Loading...
http to https in iis

Before you start the HTTP to HTTPS redirection process within your IIS server, you must ensure that you have purchased a trusted SSL/TLS certificate and installed it correctly.

Once the SSL certificate is installed, you must work on a URL rewrite to redirect your website traffic to your newly installed SSL site.

Steps for Redirecting HTTP to HTTPS on IIS Webserver

  • First, download and install the IIS URL Rewrite Module
  • Open your IIS Manager in the console and select the website you’re looking to redirect
  • Select the URL Rewrite
  • Click on the Add Rules
  • Select Blank Rule and click OK
  • Enter the Name of the rule
  • In the Match URL section, under the Requested URL drop-down menu, select “Matches the Pattern.” In the Match URL part, enter: “(.*)”
  • Within the condition section, select the option Match All under Logical grouping and click Add
  • And, once the next window opens, enter:
    • {HTTPS} as your condition input
    • From the drop-down menu, select “Matches and the Pattern.
    • As the pattern enter ^OFF$
    • Click OK button
  • In the section Action type, click and select Redirect and then provide Redirect URL: https://{HTTP_HOST}/{R:1}
  • Check the option Append Query String check box
  • From the Redirection type drop-down, select Permanent (301)
  • Lastly, click Apply button.

Once you complete the above steps, you’ll be required to apply the rule to your website. So, HTTP URLs automatically get redirected to HTTPS. Hence, below are the steps for the same:

Setting IIS HTTP to HTTPS Redirect Rules

  • In the IIS dashboard, right-click on your website name and select the option Explore
  • Once you click on it, the Root Directory will open. From there, select and open the web.config file.
  • Ensure your web.config file contains the below-mentioned code block. If it doesn’t, then add it.
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name=”HTTPS force” enabled=”true” stopProcessing=”true”>
<match url=”(.*)” />
<conditions>
<add input=”{HTTPS}” pattern=”^OFF$” />
</conditions>
<action type=”Redirect” url=”https://{HTTP_HOST}/{R:1}” redirectType=”Permanent” />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

And, if you still need to configure your web.config file within the root directory, create a new.txt file, place the code mentioned above within it, and save it with the name web.config.

Note:

The abovementioned steps are for redirecting IIS server traffic from HTTP to HTTPS. Similarly, it works for IIS servers 5, 6, 7, 8, 8.5, and IIS 10.

Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.