We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

URL Rewrite for SSL redirectionRSS

20 replies

Last post Aug 28, 2014 02:14 PM by flyinaway

  • URL Rewrite for SSL redirection

    Nov 13, 2008 09:18 AM|bd1966|LINK

    Can URL Rewrite be used to change http: to https: for directories on my site which require ssl? If not, does anybody have any suggestions on how to achieve this?

    Thanks in advance.

  • Re: URL Rewrite for SSL redirection

    Nov 13, 2008 09:57 AM|diholaiis|LINK

     Something like this?

            <rewrite>
    <rules>
        <clear />
        <rule name="Force HTTPS" enabled="true">
            <match url="(.*)" ignoreCase="false" />
            <conditions>
                <add input="{HTTPS}" pattern="off" />
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="true" redirectType="Permanent" />
        </rule>

            </rewrite>

     

  • Re: URL Rewrite for SSL redirection

    Nov 13, 2008 11:48 AM|ruslany|LINK

    You may want to change it a little:

        <rule name="Force HTTPS" enabled="true">
            <match url="(.*)" ignoreCase="false" />
            <conditions>
                <add input="{HTTPS}" pattern="off" />
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
        </rule>

    {REQUEST_URI} contains the entire requested URL including query string, so your original rule would end up duplicating query string parameters when redirecting.

    https

  • Re: URL Rewrite for SSL redirection

    Nov 17, 2008 01:49 PM|bd1966|LINK

    Thanks for the advice. I will give it a try.

  • Re: URL Rewrite for SSL redirection

    Nov 19, 2008 10:03 AM|bd1966|LINK

    The rule that you gave me is working. However, I need a rule that changes https back to http for all of the other directories in the site.

  • Re: URL Rewrite for SSL redirection

    Nov 19, 2008 10:22 AM|bd1966|LINK

    Disregard the last message. I was able to create a rule which turns off the https.

  • Re: URL Rewrite for SSL redirection

    Mar 04, 2009 04:09 AM|monaung|LINK

     Hi

     can you show fully code and please tell me how to deploy.

    I just install URLRewrite and i don't know how to do??

     I also need redirect http to https

    Thanks

    https

  • Re: URL Rewrite for SSL redirection

    Mar 04, 2009 12:12 PM|emumford|LINK

    <rules>
    	<rule name="RequiresSSL-Redirect" stopProcessing="true">
    		<match url="(.+)" />
    		<conditions>
    			<add input="{HTTPS}" pattern="off" />
    			<add input="{RequiresSSL:{R:1}}" pattern="(.+)" />
    		</conditions>
    		<action type="Redirect" url="https://{HTTP_HOST}/{C:1}" appendQueryString="true" redirectType="Permanent" />
    	</rule>
    </rules>
    <rewriteMaps>
    	<rewriteMap name="RequiresSSL">
    		<add key="path/to/secure/page.aspx" value="path/to/secure/page.aspx" />
    		<add key="nextpath/to/secure/page.aspx" value="nextpath/to/secure/page.aspx" />
    	</rewriteMap>
    </rewriteMaps>
    
  • Re: URL Rewrite for SSL redirection

    Jul 22, 2009 01:32 AM|SlitheryImp|LINK

    I'm having some trouble getting this working, it doesn't seem to be redirecting at all (to HTTPS, or to HTTP)

     I am using th redirect code above but my rewriteMap looks like this:

    <rewriteMaps>
      <rewriteMap name="RequiresSSL">
        <add key="admin" value="admin/" />
        <add key="secure" value="secure/" />
      </rewriteMap>
    </rewriteMaps>

     I have also tried it with a path directly to an .aspx page instead of a folder, but still, nothing seems to be working.

    Other rules are working fine, (ie. toLowercase, from non-www to www) and I have also disabled these temporarily to see if they where getting in the way.

  • Re: URL Rewrite for SSL redirection

    Jul 22, 2009 01:51 PM|ruslany|LINK

    Can you give examples of full URLs you have tried requesting and they did not redirect?

    Also, you may try temporarily commenting out the condition that calls to rewrite map to check that actual redirection part works as expected. That will help to narrow down the cause of the problem.

  • Re: URL Rewrite for SSL redirection

    Oct 21, 2010 07:33 AM|Joffies|LINK

    Good day.

    Just trying out the redirect to SLL as per sample above on a site in IIS 7.5

    Rule snippet:

    <rule name="Force HTTPS" enabled="true">
                 <match url="(.*)" ignoreCase="false" />
                 <conditions>
                  <add input="{HTTPS}" pattern="off" />
                 </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
    </rule>

    Actions:

    Typing in http://172.12.13.61 in the address bar and would expect it to redirect/force to https://172.12.13.61 but it does not happen.

    Any ideas? Thanks

  • Re: URL Rewrite for SSL redirection

    Oct 21, 2010 09:06 AM|Joffies|LINK

    Not sure if it has anything to do with the fact that I am running a classic asp application.

    I still cannot make the above rule work, but thought Id ask this too. 

    On IIS 6 we used the following to jump/force/redirect SSL on 403;4 errors by setting it to a page that includes the following.

    <%
       If Request.ServerVariables("SERVER_PORT")=80 Then
          Dim strSecureURL
          strSecureURL = "https://"
          strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")
          strSecureURL = strSecureURL & Request.ServerVariables("URL")
          Response.Redirect strSecureURL
       End If
    %>

    Is this still feasible or would the URL Rewrite be the prefferred method in IIS 7.5?

  • Re: URL Rewrite for SSL redirection

    Oct 21, 2010 04:46 PM|dihola15|LINK

     Hi,

    I have no idea about Classic ASP, does it use web.config files as well? The rules above I use them in such file.

    Also, I don't think it works when run with Visual Studio, has to be against IIS7 itself. The rules seem ok, perhaps try using a domain name rather than an ip address?

     

    Good luck

  • Re: URL Rewrite for SSL redirection

    Oct 22, 2010 04:32 AM|Joffies|LINK

    No Classic ASP does not use the webconfig so I guess the question is if it actually gets looked at at all when using the URL rewrite module on a classic asp application?

    I cannot imagine that using the domain name would make a difference, I did try it and still cannot make it work.

    Anybody out there that could shine some light on the matter? :)

  • Re: URL Rewrite for SSL redirection

    Oct 22, 2010 05:02 AM|dihola15|LINK

    My guess is no... Why don't you use a third-party url rewrite tool such as http://www.isapirewrite.com/ ?

  • Re: URL Rewrite for SSL redirection

    Oct 22, 2010 05:46 AM|Joffies|LINK

    Well I just need to redirect/jump to SSL so handling the 404 error with a jumptossl.asp page will do the trick for me and therefore no need for a third party component.

    Thanks anyway.

  • Re: URL Rewrite for SSL redirection

    Nov 02, 2012 06:09 PM|la_rollin|LINK

    Is there a way to create an exception if a specific port is used?
  • Re: URL Rewrite for SSL redirection

    Jan 07, 2013 06:32 AM|stak007|LINK

    diholaiis

     Something like this?

            <rewrite>
    <rules>
        <clear />
        <rule name="Force HTTPS" enabled="true">
            <match url="(.*)" ignoreCase="false" />
            <conditions>
                <add input="{HTTPS}" pattern="off" />
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="true" redirectType="Permanent" />
        </rule>

            </rewrite>

     

    This worked perfectly, thanks alot!

  • Re: URL Rewrite for SSL redirection

    Aug 15, 2013 01:30 PM|azamtav|LINK

    "Disregard the last message. I was able to create a rule which turns off the https."

    Can you post the code for this please?

  • Re: URL Rewrite for SSL redirection

    Aug 22, 2014 06:10 PM|TObject|LINK

    If you already have a canonical domain name rule configured for your website, you can easily add https redirection to that rule. Here is how to do it: https://www.orderfactory.com/articles/IIS-URL-Rewrite-to-HTTPS.html

    HTH

    URLRewrite tls https

  • Re: URL Rewrite for SSL redirection

    Aug 28, 2014 02:14 PM|flyinaway|LINK

    Hi - how were you able to do this? Here is my situation:

    http:// was set up to redirect https://  using a separate site in IIS. I don't know what else was done to enable the redirect or if that was necessary, but I also don't know how to undo it to accomplish what I need to.

    Now, we have changed the hosting server for www, and it is no longer secure, but search engines and media had bookmarked the https:// domain. How do I get https:// to redirect to http:// for the www. subdomain? Here are some looks at what I have tried:

    Original redirect:

    Pattern: (.*)

    Input {HTTPS} Pattern ^OFF$

    Redirect URL https://{HTTP_HOST}/{R:1}

    What I need is to make sure the www subdomain redirect to http, while other subdomains (in this case auctions.) maintains the http -> https redirect

    Many thanks for the help...

    https