9

I have a problem. On IIS I got a web-site with two ports 80 and 443(https). I want to redirect all the http requests from user to https. I also added Rewrite rule to https, but when I enter in browser http://localhost/site it gives me the same page. I need to redirect user to httpS://localhost/site.

Maybe this is because of my local configurations?

And I disable Require SSL on IIS.

The rule is:
<rewrite>
  <rules>
    <rule name="HTTPS Redirect">
      <match url="(.*)" ignoreCase="false" />
      <conditions>
        <add input="{HTTPS}" pattern="off" ignoreCase="false" />
      </conditions>
      <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{REQUEST_URI}" />
    </rule>
  </rules>
</rewrite>

Thank you.

Nickita Fabregas
  • 319
  • 1
  • 3
  • 13

5 Answers5

16

Below is the exact rule we use on a production IIS 7 site to redirect all request from HTTP to HTTPS

<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="Redirect to HTTPS" stopProcessing="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTPS}" pattern="^OFF$" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Found" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>

There are some minor differences between what you have posted and what we use. Also, since you are running on local host, you wouldn't be using the built-in web server with visual studio would you? I don't think it will process IIS rewrite rules.

Tommy
  • 39,592
  • 10
  • 90
  • 121
  • Yeah, you're right. I've already resolved this issue. The problem was with incorrect url in action. Thank you. – Nickita Fabregas Oct 23 '12 at 15:00
  • @NickitaFabregas Awesome- glad you got it figured out. You should post and mark an answer yourself or mark one of the above solutions as the answer so that it doesn't remain an open/unanswered question for those that may stumble upon this in the future! – Tommy Oct 23 '12 at 15:52
  • In which file is this config supposed to go? – Pablo Jomer Apr 18 '16 at 15:25
  • @PabloKarlsson This would be in your root level web.config file. I have updated the example to include all parent web.config nodes. – Tommy Apr 18 '16 at 16:49
8

I realize this may not be your issue, however I had a similar debacle that was cause by a different problem.

I had enabled Require SSL and that caused the site to continually return a 403. So to use this method it appears you must disable SSL Settings -> Require SSL.

Hope this helps someone.

virtualadrian
  • 4,688
  • 4
  • 30
  • 22
0

Also, if you have more than one rule, order could matter. Be sure to add the redirect rule before other rules or redirect may not fire.

Here is an example that is using SPA that required the rule order.

 <rules>

         // Adding this as last rule will cause it to not redirect
        <rule name="HTTP/S to HTTPS Redirect" enabled="true" stopProcessing="true">
        <match url="(.*)" />
        <conditions logicalGrouping="MatchAny">
          <add input="{SERVER_PORT_SECURE}" pattern="^0$" />
        </conditions>
        <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
        </rule>


      <rule name="static dist files" stopProcessing="true">
        <match url="^(.+)" />
        <conditions>
          <add input="{APPL_PHYSICAL_PATH}app\{R:1}" matchType="IsFile" />
        </conditions>
        <action type="Rewrite" url="/app/{R:1}" />
      </rule>
      <rule name="index.html as document root" stopProcessing="true">
        <match url="^$" />
        <action type="Rewrite" url="/app/" />
      </rule>
      <rule name="SPA Routes" stopProcessing="true">
        <match url=".*|.*/.*$" />
        <conditions logicalGrouping="MatchAll">
          <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
          <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
          <add input="{REQUEST_URI}" pattern="^/(api)" negate="true" />
        </conditions>
        <action type="Rewrite" url="/app/" />
      </rule>
    </rules>
schmoopy
  • 6,419
  • 11
  • 54
  • 89
0

It works for me in IIS 8.5 redirect

Three points:

  1. Use single word OFF rather than ^OFF$
  2. Use url="https://{HTTP_HOST}/{REQUEST_URI}"
  3. Use redirectType=Permanent rather than Found although both are working but preferable Permanent type in this case

The webconfig code

<rewrite>
  <rules>
    <rule name="Redirect to HTTPS" stopProcessing="true">
      <match url="(.*)" />
      <conditions>
        <add input="{HTTPS}" pattern="OFF" />
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}/{REQUEST_URI}" redirectType="Permanent" />
    </rule>
  </rules>
</rewrite>
Hello
  • 796
  • 8
  • 30
-1

you can add this to your pages. to force redirection.

if (!Request.IsSecureConnection)
{
Uri uri = new Uri(Request.Url, Request.RawUrl);
Response.Redirect(string.Format("https://{0}{1}{2}", uri.Host.StartsWith("www.x.com") ? uri.Host : "www.x.com", uri.AbsolutePath, uri.Query));
 }

I just seen your tag of mvc

add this attribute to your actions. or controllers.

[RequireHttps]
Serdar
  • 1,416
  • 2
  • 17
  • 43
  • The question specifically asks for IIS configuration, the provided answer is out of scope. – BOWS Jul 21 '20 at 12:31