Saturday, October 19, 2013

How to Redirect from HTTP to HTTPS with URL Rewrite

I ran into an issue with trying to trick IIS into redirecting using the method that I described in my previous blog post HTTP to HTTPS Redirect in IIS7. I tried to get my rewrite configured manually using the out of the box HTTP Redirect in IIS, but was not having much luck.
I did not have all day, so after looking around for a bit, I found a GUI that works with the HTTP Redirect module to make creating the redirect easier. This demonstration will be using Microsoft URL Rewrite Module 2.0 for IIS 7 (x64) with the update Update for URL Rewrite Module 2.0 (KB2749660) (x64). You will need to be an Administrator on the machine where you install the module. There are not any parameters to set during the installation, they are both Next-Next-Finish installations. However, the Update runs a repair installation module, which is still just an N-N-F install. You also have the option to use the Web Platform Installer to install the URL Rewrite module.
If you do not stop IIS before installing, a server reboot will be required.
After installation is complete, you should see the new module added to the sites in IIS
Objective
Our goal is going to take a standard HTTP request for http://sp2010.contoso.com and redirect it to https://sp2010.contoso.com.
Let's Get Started
Please remember that this is a GUI for writing information into your web.config file. It is always best to make a copy of your web.config file before making any changes (GUI based or manually).

To get started, double click on the URL Rewrite module, and select Add Rule(s)... 
which will open a window to select the type of rule template to use.
Start by naming your rule...  Be descriptive as you never know what else you might add at a later date... Then update the Match URL section to match the image below.
If you press the Test pattern... button, and enter a URL such as http://sp2010.contoso.com/sites/sales, take notice of the Capture groups, as you will see the Back Reference used in an upcoming setting. The important take away is that the values of the Back References are for the exact URL that you entered, meaning that the entire URL is ready for the next step in the Redirect.

After closing out the Test Pattern window, in the Conditions section, click the Add... button to create a condition for the redirect rule and set the parameters as seen in the image below.
The Test Pattern for this condition will always fail as it does not test the URI scheme (HTTP or HTTPS).
There are not any changes or additions required for the Server Variables section.
In the Action section, set the parameters based off the image below.
When you are done entering the parameters, click the Apply link and then click the Back to Rules link.
If you have more questions about URL Rewrite and how it works, the Online Help link is very useful.
After pressing Apply, and Back, your URL Rewrite rule should look something like this:
Let's Clean Things Up
You now have the ability to redirect, but have you set your bindings in IIS? And if you are using SharePoint, have you set your Alternate Access Mappings? Don't forget that you will also need an SSL Certificate (preferably a SAN certificate) so that you can create your port 443 binding. Remember that out of the box, IIS 7 will only allow one (1) port 443 binding per server. Please read my other post on how to host more than one URL with port 443 bindings on the same IP address (coming soon).
Troubleshooting
There are a couple of things that you need to keep in mind when using a redirect. 

  • You will still need to have the port 80 binding enabled.
  • Under the site's SSL Settings, the Require SSL check box should NOT be selected.

Behind the Scenes
The URL Rewrite module is a nice tool that keeps you physically out of your web.config file. As a second reminder, URL Rewrite is a GUI for writing information into your web.config file. It is always best to make a copy of your web.config file before making any changes (GUI based or manually). 
After you hit the Apply link, this is what has been added to the IIS site's web.config file:
If you wish to add the redirect manually, copy/paste below to your web.config file (after backing it up first).
</handlers>
  <rewrite>
    <rules>
      <rule name="HTTP to HTTPS Redirect" stopProcessing="true">
        <match url="(.*)" />
        <conditions>
          <add input="{HTTPS}" pattern="off" />
        </conditions>
        <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Found" />
      </rule>
    </rules>
  </rewrite>
</system.webServer>

Update 10/20/2013: Added the web.config information for copy/paste
Update 01/05/2015: Added the link to reference information to download via Web Platform Installer

26 comments:

  1. Thanks for the concise and simple directions.

    ReplyDelete
    Replies
    1. Thanks Ben, I appreciate you taking the time to leave a comment.

      Delete
  2. Replies
    1. Thanks Pablo, glad this helped you out!

      Delete
  3. Your are the best! Thanks a lot bro...

    ReplyDelete
  4. I think i spoke too soon... there is so many inconsistency with this solution. Doesn't seem to work in some browsers and sometime generate SharePoint error. It doesn't load at all on mobile. I've had to turn if off.

    ReplyDelete
    Replies
    1. This solution is IIS web.config based. It updates your web.config for rerouting. If you are having issues, I would check the order of how things are being prioritized within IIS, as you would want the routing to happen first.

      Delete
  5. When running the Test Pattern, both R:0 and R:1 show the url at http.

    ReplyDelete
    Replies
    1. That's correct Bill, and they should be the same.

      Delete
  6. I was looking for a good way to do this. Your article was the only one that explained what was happening and not just giving me a bunch of steps/code that I couldn't tweak for my needs. Thank you for taking the time!

    ReplyDelete
    Replies
    1. fuzzy, thank you for taking the time to leave a comment (especially a positive one). Hope this solution worked out for you and your needs.
      -Patrick

      Delete
  7. Patrick, thanks very much for your detailed description. The solution worked great for me, and have a question. Thanks to your description, I have http://aaa.com and http://www.aaa.com both redirecting to https://www.aaa.com. Now I'd like to redirect a second domain (bbb.com and www.bbb.com) also to https://www.aaa.com. Do you know how to do that using URL Rewrite? Thanks for any help.

    ReplyDelete
    Replies
    1. Bill, you would open up the bbb.com site in IIS and create the a rule that would redirect to aaa.com. You would have to hardcode the https://www.aaa.com URL into the rule unfortunately.

      Delete
  8. Great post !!!

    we had a site with 443 binding only https://something.domain.com

    we wanted it to work without typing https. I applied this solution as mentioned.

    obviously I created port 80 (http) binding as well.

    But if I type http://something.domain.com its not redirecting to https automatically...Am I missing something?

    Would appreciate if you assist me on this...

    ReplyDelete
  9. Also the Required SSL is unchecked in SSL settings

    ReplyDelete
    Replies
    1. Thank you, this is very relevant.

      Delete
  10. Very helpful article ! I was always curious about all these complex algorithms that are being used in these ssl encryptions.

    ReplyDelete
  11. Replies
    1. Thank you Yatika, glad you found this useful

      Delete
  12. Hi! The use of URL Rewrite "may work" but it is "not supported" by Microsoft: https://support.microsoft.com/en-us/kb/2818415

    ReplyDelete
    Replies
    1. Stefano, it is the tools (URL Rewrite and ARG) that would not be supported when used in conjunction with SharePoint. From a SharePoint perspective, this method is still supported as we are just changing the URL scheme, and not affecting the URL's host, path, or query.

      Delete
  13. Hi!
    URL rewrite installed on a Sharepoint 2013 server and configured. All went well. But when i want to open Central Administration Console (http) i got an error. Can i exclude the Console of URL rewrite or set the Console on HTTPS? Anyone?

    ReplyDelete
    Replies
    1. You can filter out the CA port number by adding another condition where {SERVER_PORT} "Does Not Match the Pattern" 2013 (replace 2013 for your CA's port number)

      Delete
    2. Hi Patrick,

      Could you please let me know where i can add the above condition for CA. Also will this module redirects even when we access the page like http://xxx.com.default.aspx?

      Thanks in Advance.

      Delete
    3. Sorry typo error eg: http://xxx.com/default.aspx

      Delete
  14. Thanks Patrick, helped me catch a typo.

    ReplyDelete