How do I make a website to work only with https? Is there any method to make my website work only if the protocol is https?
For example let me say http://www.mywebsite.com, this should work only with https://www.mywebsite.com, if it's http the website should not be accessible .
Is it possible to make a website work only with https? Is it possible to restrict a website /make a website inaccessible if the website was http?
Sure, assuming you are using IIS to host your site, open IIS Manager and select your web site and then binding on the right:
make sure you only have a binding for https not for http.
This way IIS will only send https traffic to that web site.
Edit: What is the difference between Andre's answer Require SSL and mine?
using Require SSL, when users requesting http:// they will get a:
403 - Forbidden: Access is denied.
When using only an https binding, no connection is made at all and the user eventually gets:
ERR_CONNECTION_TIMED_OUT
It's up to you which option you prefer.
I usually have a catch-all site on all servers that respond to any requests not picked up by real sites and just displays a basic 404 page.
The third option is to actually allow http:// but then redirect to https:// as mentioned in the comments. For that solution you have to install the URL rewrite module and add a redirect rule.
My single binding option is the leanest, but it all depends on how you want you site to handle http:// requests.
Create Rule in your web.config which will force to open in https only as shown below
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
For IIS? Start the IIS Manager, click on your site and double click "SSL Settings" and check "Require SSL".
What I have done using Apache: add redirect from http to https
