This is a short tutorial on how to force an HTTPS connection to your website in IIS. The way we do it is by adding a URL Rewrite rule that will redirect any unsecured incoming traffic to HTTPS.
Steps
-
The first step you need to check is if you have URL Rewrite module installed. If you don’t have it installed, you can download it from the link at the bottom of this post.
-
You can either use the GUI on IIS to set this up, or apply the rules in web.config file of your website. You just need to substitue the target URL with your own.
-
Open your web.config in a text editor and add the rewrite rule inside the system.webServer child element:
<system.webServer> <rewrite> <rules> <rule name="Force HTTPS" enabled="true" stopProcessing="true"> <match url="(.*)" /> <action type="Redirect" url="https://www.itnota.com" /> <conditions logicalGrouping="MatchAll"> <add input="{HTTPS}" pattern="^OFF$" /> </conditions> </rule> </rules> </rewrite> </system.webServer>Or if you use IIS GUI, it should look something similar to this:
That’s all there is to force HTTPS connection to your website. In this day and age, this should be the minimum setup for any websites.
Leave a Reply