HTTP to HTTPS redirection

After an SSL certificate is installed, a secure connection (https://) is not forced by default, and a website remains accessible via regular insecure http:// bypassing SSL/TLS protocols. It means that a website visitor may send sensitive data over an unencrypted channel unless he/she explicitly specifies https:// as a protocol he/she would like to use for connection.

Thanks to HTTP to HTTPS redirection, a visitor requesting to initiate an unencrypted (http://) session will be automatically redirected to an encrypted one (https://) secured by SSL/TLS protocol.

  1. Install the “URL Rewrite” module
  2. Re-open (if opened) “IIS Manager” and select the website you would like to apply the redirection to in the left-side menu.
  3. Double-click on the “URL Rewrite” icon

    Hardening_1.jpg

  4. Click “Add Rule” on the right-side menu
  5. Select “Blank Rule” > “OK”
  6. Enter the rule name of your choice
  7. In the “Match URL” section:
    • select “Matches the Pattern” in the “Requested URL” drop-down menu;
    • select “Regular Expressions” in the “Using” drop-down menu;
    • enter the following pattern in the “Match URL” section: “(.*)” ;
    • check the box “Ignore case”

      Hardening_2.jpg

  8. In the “Conditions” section select “Match all” in the “Logical Grouping” drop-down menu and click “Add”
  9. In the prompted window:
    • enter “{HTTPS}” as a condition input
    • select “Matches the Pattern” from the drop-down menu
    • enter “^OFF$” as a pattern
    • Click “OK”

      Hardening_3.jpg

  10. In the “Action” section select “Redirect” as an action type and specify the following for “Redirect URL”:

    https://{HTTP_HOST}/{R:1}

    Hardening_4.jpg

  11. Check the box “Append query string”.
  12. Select a Redirection Type of your choice
  13. Click on “Apply” on the right side of the “Actions” Menu.

Comments

We welcome your comments, questions, corrections and additional information relating to this article. Your comments may take some time to appear. Please be aware that off-topic comments will be deleted.

If you need specific help with your account, feel free to contact our Support Team. Thank you.

Need help? We're always here for you.

× Close