How to configure your web.config to Redirect http to https - secure your for Asp.Net web pages on a windows servers
A while back Google updated it's Chrome browser to display a warning if you visit a web page that isn't secure (loads using http). Since then, it's now become a basic requirement, to have an SSL Certificate for your domain that didn't previously need one.
One problem that has come up, after you install your SSL how do you get the web browser to automatically load the https page when your site is visited. If you are running a windows server or have your website hosted on one, you may have realized there isn't a quick setting to force the pages to load over SSL. There is that "Require SSL" option in IIS (Internet Information Services), but when that is enabled "http" traffic is rejected, not ideal at all. But there is a different way if you have Asp.Net installed on your web server.
There is a quick solution, modify your web.config file to include a rewrite rule. Below is an example rule you can add that will automatically redirect all traffic from http to https, and it's search engine safe (SEO-safe).
Here is an example of a web.config that has nothing but this rule:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Temporary" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
If you already have a web.config, with other stuff in it, simply add this to your system.webServer section:
<rewrite>
<rules>
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Temporary" />
</rule>
</rules>
</rewrite>
It should be noted that you must have the URL rewrite module installed on your server, it is an extension to IIS which is available as a download for your stand-alone IIS Server. In many cases it's already installed.
One problem that has come up, after you install your SSL how do you get the web browser to automatically load the https page when your site is visited. If you are running a windows server or have your website hosted on one, you may have realized there isn't a quick setting to force the pages to load over SSL. There is that "Require SSL" option in IIS (Internet Information Services), but when that is enabled "http" traffic is rejected, not ideal at all. But there is a different way if you have Asp.Net installed on your web server.
There is a quick solution, modify your web.config file to include a rewrite rule. Below is an example rule you can add that will automatically redirect all traffic from http to https, and it's search engine safe (SEO-safe).
Here is an example of a web.config that has nothing but this rule:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Temporary" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
If you already have a web.config, with other stuff in it, simply add this to your system.webServer section:
<rewrite>
<rules>
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Temporary" />
</rule>
</rules>
</rewrite>
It should be noted that you must have the URL rewrite module installed on your server, it is an extension to IIS which is available as a download for your stand-alone IIS Server. In many cases it's already installed.
Related Topics
Search for help...