Monday, May 16, 2011

Automatic HTTPS redirect in Windows 2008 R2

Hi All,

I was trying to setup automatic redirect from HTTP to HTTPS for my hosted web application in IIS 7.0/7.5 Windows 2008 R2. I spent good time trying to find out a working solution for this problem.

If you tried a solution with custom error pages 403 in IIS to redirect the http to https, this won't work in windows 2008 R2 IIS 7.0/7.5 server, as stated here:

Please follow these steps to have a working solution:
1) Install URL Rewrite 2.0 on your webserver, download url:

2) After installing url rewrite module in IIS, Open IIS Manager and select your website, you will find a newly added icon "Url Rewirte"

3) Make sure to install SSL certificate on your site and site has https binding on port 443.

4) on SSL settings in IIS, un check Require SSL check - IMPORTANT, because this will overwrite the settings you will configure on URL Rewrite and will throw http 403.4 error.

5) Don't add any custom error pages for 403 as mentioned on some blog posts, if you have please remove it.

6) double click on URL rewrite and click on add rule.

7) Select Blank rule and click on ok.

8) On Name field give name to the rule: Redirect to HTTPS

9) Set the following values on the form:
- Requested URL: Select Matches the pattern
- Using: Regular Expression
- Pattern: (.*)
- Under Conditions, Click on Add and type:
Condition Input: {HTTPS}
Check if input string: Matches the pattern
Pattern: ^OFF$
- Under Action section:
Action Type: select Redirect
Redirect URL: https://{HTTP_HOST}{REQUEST_URI}
If you tried this url: https://{HTTP_HOST}/{R:1} as stated in some blogs, this won't work as well.
Redirect Type: See Other (303)

And then click on Apply.

From IIS Manager, Try to browse the application using HTTP, The IIS will direct you to HTTPS automatically.

Hope this helps.


Mostafa Arafa

No comments: