1

I am trying to have all HTTP requests redirect to HTTPS. Here is my web.config:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <handlers accessPolicy="Read, Execute, Script" />
    </system.webServer>


    <system.webServer>
       <rewrite>
            <rules>
                <clear />
                <rule name="Redirect to https" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>

</configuration>

I found this sample in another post on Stackoverflow: How to force HTTPS using a web.config file

When I save that file and try to access my site using http it does not redirect to https.

I thought that maybe the file was being ignored so I typed some incorrect syntax into the web.config then I got a 500 error- meaning that it is indeed looking at the web.config file.

Am I misunderstanding what the above configuration is supposed to do? I want to redirect all HTTP request to HTTPS.

The site that is being redirected to is a virtual directory for Tomcat if it makes a difference.

Community
  • 1
  • 1
OrangeGrover
  • 457
  • 2
  • 8
  • 21

2 Answers2

4

Assuming you have URL Rewrite Installed. Click here for info/installation.

Make sure you have the following configured within the URL Redirect in the IIS Manager.

Match URL Section

Requested URL: Matches the Pattern
Using: Regular Expressions
Pattern: (.*)

Make sure Ignore Case is checked

Conditions Section

Logical Grouping: Match All
Input: {HTTPS}
Type: Matches the Pattern
Pattern: ^OFF$

Action Section

Action type: Redirect

Action Properties

Redirect URL: https://{HTTP_HOST}/{R:1}
Make Sure 'Append Query String' is checked

Redirect Type: See other (303)

Techie Joe
  • 847
  • 2
  • 14
  • 32
  • As far as I know the software that I'm doing this for cannot have URL rewrites. Apache-Tomcat did not serve the ActiveX files for installation with the URL rewrite. – OrangeGrover Jun 30 '13 at 22:21
  • 3
    If there's third party software involved that must be mentioned in the first post in this thread along with any other important information. The instructions above will redirect HTTP to HTTPS. – Techie Joe Jul 01 '13 at 15:16
1

Just Try this:

<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
  <conditions>
    <add input="{HTTPS}" pattern="^OFF$" />
  </conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
zman
  • 189
  • 2
  • 9