قالب وردپرس درنا توس
Home / Tips and Tricks / Configure HTTPS redirects in IIS and secure your URLs – CloudSavvy IT

Configure HTTPS redirects in IIS and secure your URLs – CloudSavvy IT



Microsoft IIS.

To force your site to load over SSL, you will probably need to integrate redirects to send all insecure URLs to their secure counterpart. This is necessary to ensure that all users and sites support and use your SSL certificate to encrypt communications between your web server and visitors.

Why would I need to redirect from HTTP to HTTPS?

To secure your site properly with SSL certificates, you can decide to insert redirects on your site, forcing everyone to http URLs to redirect to secure https URLs (i.e. http://mydomain.com redirects to https://mydomain.com). This way, no matter what URL a user visits to your site, it is automatically redirected to the secure version of that page.

Without on-site redirects, some users or pages may access insecure URLs and will not benefit from having an SSL certificate in place. Let̵

7;s take a look at how to incorporate these changes into IIS with the URL Rewrite Redirection Module!

Navigate to the redirection module

The first thing we need to do is navigate to our redirection module. To do this, open IIS Manager (inetmgr.exe), expand your server, and select the site on which you want to integrate redirects.

In the main window, scroll down until you find “URL rewrite” under the IIS subcategory and double-click this icon.

Find

If you do not see this module, you need to install it from the official IIS website, here.

Note that the URL rewrite module is only available for IIS 7 or higher.

Create your first redirection rule

Now that you have opened the URL rewrite module, select “Add Rule (s)” from the action menu at the top right. We will create an empty rule.

    Create an empty rule,

To create a redirect rule that forces all HTTP URLs to HTTPS, you must create a rule with the following settings:

Requested URL: Matches the pattern
Using: Common expressions
Patten: (. *)

… with the “Ignore” checkbox.

Create a rule with

By setting the pattern to (. *) And matching to regular expressions, the redirection rule will match and process all the URLs it receives. The Regex pattern (. *) Matches all possible combinations of characters in the URL.

Once these settings are in place, scroll down to the “Terms” section and expand the drop-down menu.

Select “Add” and enter the following settings:

Input for permission: {HTTPS}
Check if input string: Matches the pattern
Pattern: ^ AV $

Select

Click “OK”.

Now, on the “Edit Inbound Rule” page for our new rule, scroll down to the “Action” section.

You will set the action type as “redirect” and enter the following URL in the redirect address section:

https: // {HTTP_HOST} {REQUEST_URI}

Be sure to deselect “Add Query String” and make sure the redirection type is “Permanent (301).”

Note: If you have any redirect issues at the end of this article, another option to try for your redirect URL would be:

https: // {HTTP_HOST} / {R: 1}

Set the action type as

We use permanent (301) redirects for our website because we want all insecure URLs to be redirected automatically and permanently to the secure https version of the URL. There are several other types of redirects available, but 301 redirects will make our site appear the way we want it for HTTPS.

Once you have confirmed that all of the above settings are correct, select “Apply” in the action window at the top right.

Test redirects to confirm all the site’s URLs redirect to HTTPS

Once you have applied the new redirect rule to your site, you can now test the redirect in your browser.

To make sure your browser does not use cached data when you open it, open a “Private” or “Incognito” window and navigate to any http URL on your site.

When you open these URLs, it should be automatically redirected to the HTTPS version of your page. Assuming you have already tested your SSL certificate before redirecting, when your insecure URL is redirected, it should now display https and a secure lock icon at the URL field.

If you have problems with your redirect or see that it is not redirecting properly, it is in our interest to check the web.config file on the associated website to make sure that our redirection rule has been added properly.

You can check this by navigating to your website in IIS, right-clicking on its name and selecting “Explore”.

Check the web.config file on the corresponding website.

This will take you to the root directory of your site where you will find a file named web.config. Open this file in Notepad to see its contents.

Your web.config should contain the following information somewhere in the content:











If you do not have a section that says this in your web.config file, add the above code block just before closing tag and save the file.

You should now be able to access all the http URLs on your site and see that they redirect to the secured https URL! Congratulations, all pages of your site and URLs are redirected to their secure counterpart!


Source link