Scribd Logo
Upload

Welcome to Scribd!

  • Redirigir HTTP A Https en IIS de Microsoft

    Uploaded by

    Pablo Quiros
    31 views5 pages
    This document provides steps to configure an HTTP to HTTPS redirect in IIS to force secure connections on a website. The redirect rule checks if the HTTPS protocol is off and redirects the request to the same URL with the HTTPS protocol, encrypting traffic between the server and client. Key steps include installing the URL Rewrite module, creating a blank redirect rule to match all URLs and redirect to the HTTPS version, and ensuring the rule is written to the website's web.config file.

    Original Description:

    Redirigir http a https en IIS de Microsoft

    Original Title

    Redirigir http a https en IIS de Microsoft

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides steps to configure an HTTP to HTTPS redirect in IIS to force secure connections on a website. The redirect rule checks if the HTTPS protocol is off and redirects the request to the same URL with the HTTPS protocol, encrypting traffic between the server and client. Key steps include installing the URL Rewrite module, creating a blank redirect rule to match all URLs and redirect to the HTTPS version, and ensuring the rule is written to the website's web.config file.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    31 views5 pages

    Redirigir HTTP A Https en IIS de Microsoft

    Uploaded by

    Pablo Quiros
    This document provides steps to configure an HTTP to HTTPS redirect in IIS to force secure connections on a website. The redirect rule checks if the HTTPS protocol is off and redirects the request to the same URL with the HTTPS protocol, encrypting traffic between the server and client. Key steps include installing the URL Rewrite module, creating a blank redirect rule to match all URLs and redirect to the HTTPS version, and ensuring the rule is written to the website's web.config file.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    IIS Redirect HTTP to HTTPS

    Setting up an HTTP/HTTPS redirect in IIS


    Once the SSL certificate is installed, your site still remains accessible via a
    regular insecure HTTP connection. To connect securely, visitors must specify
    the https:// prefix manually when entering your site’s address in their browsers.

    In order to force a secure connection on your website, it is necessary to set up a


    certain HTTP/HTTPS redirection rule. This way, anyone who enters your site
    using a link like “yourdomain.com” will be redirected to “https://yourdomain.com”
    or “https://www.yourdomain.com” (depending on your choice) making the traffic
    encrypted between the server and the client side.

    Below are steps to setup a IIS HTTPS redirect:

    1. Download and install the URL Rewrite module.


    2. Open the IIS Manager console and select the website you would like to apply
    the redirection to in the left-side menu:

    3. Double-click on the URL Rewrite icon.


    4. Click Add Rule(s) in the right-side menu.
    5. Select Blank Rule in the Inbound section, then press OK:
    6. Enter any rule name you wish.
    7. In the Match URL section:

    - Select Matches the Pattern in the Requested URL drop-down menu;


    - Select Regular Expressions in the Using drop-down menu;
    - Enter the following pattern in the Match URL section: (.*);
    - Check the Ignore case box.

    8. In the Conditions section, select Match all under the Logical Grouping drop-
    down menu and press Add.
    9. In the prompted window:
    - Enter {HTTPS} as a condition input;
    - Select Matches the Pattern from the drop-down menu;
    - Enter ^OFF$ as a pattern;
    - Press OK.

    10. In the Action section, select Redirect as the action type and specify the
    following for Redirect URL:

    https://{HTTP_HOST}{REQUEST_URI}

    11. Un-check the Append query string box.


    12. Select the Redirection Type of your choice. The whole Action section should
    look like this:

    NOTE: There are 4 redirect types of the redirect rule that can be selected in that
    menu:
    - Permanent (301) – preferable type in this case, which tells clients that the
    content of the site is permanently moved to the HTTPS version. Good for SEO,
    as it brings all the traffic to your HTTPS website making a positive effect on its
    ranking in search engines.
    - Found (302) – should be used only if you moved the content of certain pages
    to a new place *temporarily*. This way the SEO traffic goes in favour of the
    previous content’s location. This option is generally not recommended for a
    HTTP/HTTPS redirect.
    - See Other (303) – specific redirect type for GET requests. Not recommended
    for HTTP/HTTPS.
    - Temporary (307) – HTTP/1.1 successor of 302 redirect type. Not
    recommended for HTTP/HTTPS.

    OPTION 2: Specify the Redirect Rule as https://{HTTP_HOST}/{R:1} and


    check the Append query string box. The Action type is also to be set
    as Redirect.

    13. Click on Apply on the right side of the Actions menu.

    The IIS redirect can be checked by accessing your site via http:// specified in
    the URL. To make sure that your browser displays not the cached version of
    your site, you can use anonymous mode of the browser.

    The rule is created in IIS, but the site is still not redirected to https://

    Normally, the redirection rule gets written into the web.config file located in the
    document root directory of your website. If the redirection does not work for
    some reason, make sure that web.config exists and check if it contains the
    appropriate rule.

    To do this, follow these steps:

    1. In the sites list of IIS, right-click on your site. Choose the Explore option:
    2. Explore will open the document root directory of the site. Check if the
    web.config file is there.
    3. The web.config file must have the following code block:

    <configuration>
    <system.webServer>
    <rewrite>
    <rules>
    <rule name="HTTPS force" enabled="true" stopProcessing="true">
    <match url="(.*)" />
    <conditions>
    <add input="{HTTPS}" pattern="^OFF$" />
    </conditions>
    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"
    redirectType="Permanent" />
    </rule>
    </rules>
    </rewrite>
    </system.webServer>
    </configuration>

    4. If the web.config file is missing, you can create a new .txt file, put the
    aforementioned code there, save and then rename the file to web.config.

    You might also like