How Redirect http to https in IIS

 Thank to: https://www.itinfs.com/

In many environments with web servers, we may be interested in redirecting all HTTP requests to HTTPS. 

A recent case is with the Firefox browser, from an HTTP form where a password is sent, we will find a warning:

"This connection is not secure. The credentials entered here may be compromised"

Due to the new features incorporated in the recent versions of the most used browsers such as: Chrome, Firefox, Internet Explorer, Edge, among others.

As a solution to the problem, some sysadmins are opting to move the entire site from HTTP (80) to HTTPs (443).

The idea of the redirection would be that all the URLs would be converted to HTTPs.

For example:

http://www.itinfs.com -> https://www.itinfs.com

http://www.itinfs.com/about -> https://www.itinfs.com/about

http://itinfs.com -> https://www.itinfs.com

To make this change, we will need to rewrite all the URLs.

Special mention with the indicated change of yellow color.

We are not only changing http to https but we are also changing the FQDN (fully qualified domain name), in this way, according to the previous example, we can use a digital certificate with the FQDN: * .itinfs.com or www.itinfs.com and we will not have to add: itinfs.com as an alternative name in the certificate.

In this post, we will see the detail of how to configure a redirection from HTTP to HTTPS using the web server that integrates Windows Server: IIS (Internet Information Services).

Let's see how to redirect http to https with IIS:

First of all, we will need to download and install the URL Rewrite tool:

http://www.iis.net/downloads/microsoft/url-rewrite

The current version of URL Rewrite supports the following versions of IIS (Internet Information Services): IIS 7, IIS 7.5, IIS 8, IIS 8.5, IIS 10.

In other words, the minimum version of Windows Server where the current version (May 2017) of URL Rewrite will work is: Windows Server 2008.

Once the component is installed, let's see how the configuration of the previous example would be via GUI.

Redirect http to https with IIS from GUI

If we go to the site and click on the section: "URL Rewrite", we will configure the following:

1 - Rule name

2 -  "Match URL":

Requested URL: We select "Matches the pattern".

Using: We select: "Regular Expressions".

Pattern: We indicate: "(. *)" And mark the option "Ignore case".

3 -  Add Conditions:

First rule:

Input: {HTTP_HOST}

Type: "Matches the Pattern"

Pattern: ^ [^ www]

Second rule:

Input: {HTTPS}

Type: "Matches the Pattern"

Pattern: off

4 - Action

Action type: "Redirect"

Action properties:

Redirect URL: https://www.itinfs.com/[R:1}

We mark the option: "Append query string"

Redirect http to https with IIS with the web.config file

As of Windows Server 2008, the configuration of an IIS site is saved in a file with the name web.config in the directory where the site is located.

The configurations that we make from the GUI are saved in the web.config file, therefore, if we edit the file, we can carry out the previous configuration by adding the following code:

<rewrite>

    <rules>

    <clear />

       <rule name="Redirect www and ssl" enabled="true" stopProcessing="true">

    <match url="(.*)" />

    <conditions logicalGrouping="MatchAny">

        <add input="{HTTP_HOST}" pattern="^[^www]" />

        <add input="{HTTPS}" pattern="off" />

    </conditions>

    <action type="Redirect" url="https://www.itinfs.com/{R:1}" appendQueryString="true" redirectType="Permanent" />

</rule>

</rules>

</rewrite>