Saturday, October 19, 2013

How to Redirect from HTTP to HTTPS with URL Rewrite

I ran into an issue with trying to trick IIS into redirecting using the method that I described in my previous blog post HTTP to HTTPS Redirect in IIS7. I tried to get my rewrite configured manually using the out of the box HTTP Redirect in IIS, but was not having much luck.
I did not have all day, so after looking around for a bit, I found a GUI that works with the HTTP Redirect module to make creating the redirect easier. This demonstration will be using Microsoft URL Rewrite Module 2.0 for IIS 7 (x64) with the update Update for URL Rewrite Module 2.0 (KB2749660) (x64). You will need to be an Administrator on the machine where you install the module. There are not any parameters to set during the installation, they are both Next-Next-Finish installations. However, the Update runs a repair installation module, which is still just an N-N-F install. You also have the option to use the Web Platform Installer to install the URL Rewrite module.
If you do not stop IIS before installing, a server reboot will be required.
After installation is complete, you should see the new module added to the sites in IIS
Objective
Our goal is going to take a standard HTTP request for http://sp2010.contoso.com and redirect it to https://sp2010.contoso.com.
Let's Get Started
Please remember that this is a GUI for writing information into your web.config file. It is always best to make a copy of your web.config file before making any changes (GUI based or manually).

To get started, double click on the URL Rewrite module, and select Add Rule(s)... 
which will open a window to select the type of rule template to use.
Start by naming your rule...  Be descriptive as you never know what else you might add at a later date... Then update the Match URL section to match the image below.
If you press the Test pattern... button, and enter a URL such as http://sp2010.contoso.com/sites/sales, take notice of the Capture groups, as you will see the Back Reference used in an upcoming setting. The important take away is that the values of the Back References are for the exact URL that you entered, meaning that the entire URL is ready for the next step in the Redirect.

After closing out the Test Pattern window, in the Conditions section, click the Add... button to create a condition for the redirect rule and set the parameters as seen in the image below.
The Test Pattern for this condition will always fail as it does not test the URI scheme (HTTP or HTTPS).
There are not any changes or additions required for the Server Variables section.
In the Action section, set the parameters based off the image below.
When you are done entering the parameters, click the Apply link and then click the Back to Rules link.
If you have more questions about URL Rewrite and how it works, the Online Help link is very useful.
After pressing Apply, and Back, your URL Rewrite rule should look something like this:
Let's Clean Things Up
You now have the ability to redirect, but have you set your bindings in IIS? And if you are using SharePoint, have you set your Alternate Access Mappings? Don't forget that you will also need an SSL Certificate (preferably a SAN certificate) so that you can create your port 443 binding. Remember that out of the box, IIS 7 will only allow one (1) port 443 binding per server. Please read my other post on how to host more than one URL with port 443 bindings on the same IP address (coming soon).
Troubleshooting
There are a couple of things that you need to keep in mind when using a redirect. 

  • You will still need to have the port 80 binding enabled.
  • Under the site's SSL Settings, the Require SSL check box should NOT be selected.

Behind the Scenes
The URL Rewrite module is a nice tool that keeps you physically out of your web.config file. As a second reminder, URL Rewrite is a GUI for writing information into your web.config file. It is always best to make a copy of your web.config file before making any changes (GUI based or manually). 
After you hit the Apply link, this is what has been added to the IIS site's web.config file:
If you wish to add the redirect manually, copy/paste below to your web.config file (after backing it up first).
</handlers>
  <rewrite>
    <rules>
      <rule name="HTTP to HTTPS Redirect" stopProcessing="true">
        <match url="(.*)" />
        <conditions>
          <add input="{HTTPS}" pattern="off" />
        </conditions>
        <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Found" />
      </rule>
    </rules>
  </rewrite>
</system.webServer>

Update 10/20/2013: Added the web.config information for copy/paste
Update 01/05/2015: Added the link to reference information to download via Web Platform Installer

38 comments:

  1. Thanks for the concise and simple directions.

    ReplyDelete
    Replies
    1. Thanks Ben, I appreciate you taking the time to leave a comment.

      Delete
  2. Your are the best! Thanks a lot bro...

    ReplyDelete
  3. I think i spoke too soon... there is so many inconsistency with this solution. Doesn't seem to work in some browsers and sometime generate SharePoint error. It doesn't load at all on mobile. I've had to turn if off.

    ReplyDelete
    Replies
    1. This solution is IIS web.config based. It updates your web.config for rerouting. If you are having issues, I would check the order of how things are being prioritized within IIS, as you would want the routing to happen first.

      Delete
  4. When running the Test Pattern, both R:0 and R:1 show the url at http.

    ReplyDelete
    Replies
    1. That's correct Bill, and they should be the same.

      Delete
  5. I was looking for a good way to do this. Your article was the only one that explained what was happening and not just giving me a bunch of steps/code that I couldn't tweak for my needs. Thank you for taking the time!

    ReplyDelete
    Replies
    1. fuzzy, thank you for taking the time to leave a comment (especially a positive one). Hope this solution worked out for you and your needs.
      -Patrick

      Delete
  6. Patrick, thanks very much for your detailed description. The solution worked great for me, and have a question. Thanks to your description, I have http://aaa.com and http://www.aaa.com both redirecting to https://www.aaa.com. Now I'd like to redirect a second domain (bbb.com and www.bbb.com) also to https://www.aaa.com. Do you know how to do that using URL Rewrite? Thanks for any help.

    ReplyDelete
    Replies
    1. Bill, you would open up the bbb.com site in IIS and create the a rule that would redirect to aaa.com. You would have to hardcode the https://www.aaa.com URL into the rule unfortunately.

      Delete
  7. Great post !!!

    we had a site with 443 binding only https://something.domain.com

    we wanted it to work without typing https. I applied this solution as mentioned.

    obviously I created port 80 (http) binding as well.

    But if I type http://something.domain.com its not redirecting to https automatically...Am I missing something?

    Would appreciate if you assist me on this...

    ReplyDelete
  8. Also the Required SSL is unchecked in SSL settings

    ReplyDelete
    Replies
    1. Thank you, this is very relevant.

      Delete
  9. Very helpful article ! I was always curious about all these complex algorithms that are being used in these ssl encryptions.

    ReplyDelete
  10. Hi! The use of URL Rewrite "may work" but it is "not supported" by Microsoft: https://support.microsoft.com/en-us/kb/2818415

    ReplyDelete
    Replies
    1. Stefano, it is the tools (URL Rewrite and ARG) that would not be supported when used in conjunction with SharePoint. From a SharePoint perspective, this method is still supported as we are just changing the URL scheme, and not affecting the URL's host, path, or query.

      Delete
  11. Hi!
    URL rewrite installed on a Sharepoint 2013 server and configured. All went well. But when i want to open Central Administration Console (http) i got an error. Can i exclude the Console of URL rewrite or set the Console on HTTPS? Anyone?

    ReplyDelete
    Replies
    1. You can filter out the CA port number by adding another condition where {SERVER_PORT} "Does Not Match the Pattern" 2013 (replace 2013 for your CA's port number)

      Delete
    2. Hi Patrick,

      Could you please let me know where i can add the above condition for CA. Also will this module redirects even when we access the page like http://xxx.com.default.aspx?

      Thanks in Advance.

      Delete
    3. Sorry typo error eg: http://xxx.com/default.aspx

      Delete
  12. Thanks Patrick, helped me catch a typo.

    ReplyDelete
  13. just curious, I am just using alternative access mapping in sharepoint to redirect http to https. Is the rewrite module doing something extra that sharepoint isn't?

    ReplyDelete
  14. Amazing read. I would definitely try this. What are your thoughts on Black Friday VPN Deals.Do you think the price they are offering is same as they offer on normal days or they have actually slashed down the prices.

    ReplyDelete
  15. “Sometimes I feel like if you just watch things, just sit still and let the world exist in front of you - sometimes I swear that just for a second time freezes and the world pauses in its tilt. Just for a second. And if you somehow found a way to live in that second, then you would live forever.” vpn France

    ReplyDelete
  16. I admit, I have not been on this web page in a long time... however it was another joy to see It is such an important topic and ignored by so many, even professionals. I thank you to help making people more aware of possible issues diebestenvpn.at

    ReplyDelete
  17. This comment has been removed by the author.

    ReplyDelete
  18. It turns out that even the hottest port has a few places where you can get off the beaten path. Here are some recommendations that will make you feel like you're in the know vpnveteran

    ReplyDelete
  19. Thanks for the solution it very important factor when your site have some multiple urls or your developer has done some changes in your url structure. i also had face the same issue on my Australian open on Kodi blog.

    ReplyDelete
  20. Really your blog is very interesting.... it contains great and unique information. I enjoyed to visiting your blog. Its just amazing.... Thanks very much. lemigliorivpn.com

    ReplyDelete
  21. Quite good enough but this post is old & I think there are lots of option available to redirect Http to Https. Well guyz you all know why we use HTTPS because of secure protocol to prevent our web page same as we have to look for our privacy & security especially when we use public wifi. So in the coming days shopping extravaganza. , Fastest VPN brings you the best VPN Cyber Monday & black Friday deals. Save much with Fastest VPN mammoth discounts

    ReplyDelete
  22. I reallpy appriciate it thanks to share with us, Instahard Pills and Trim Fast Keto

    ReplyDelete
  23. Exceptional piece of substance in the wake of scrutinizing this I'm feeling overwhelming so much that I've increment a sort of information from this page. Continue doing great!! Thankful to YOU!
    barx buddy reviews

    ReplyDelete
  24. The Research you have did on this topic, is really appreciable, thanks for posting this article, if you also want to read review about electronics gadget than visit to my site also.
    What is PureAir Max
    What is ZoomShot Pro
    How Bit Watch Works

    ReplyDelete