IIS HTTP to HTTPS relative redirect

Question

I recently got a SSL certificate for my website and want to redirect all traffic to HTTPS. I got everything to go to https://mydomain.com but if someone enters http://mydomain.com/anotherpage it drops the other page and just takes the user to the home page.

My rule in my web.config file looks like this:

<rule name="HTTP to HTTPS redirect" stopProcessing="true">
  <match url="(.*)" />
  <conditions>
    <add input="{HTTPS}" pattern="off" ignoreCase="true" />
  </conditions>
  <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>

I also tried https://{HTTP_HOST}{REQUEST_URI} without any success. Can anyone tell me what I need to do to make the website redirect to the proper HTTPS version of the page? I have a feeling it has something to do with the pattern, but I can't seem to figure out the syntax.

Answer 1

I have found that the

<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />

syntax will only work for the website's ROOT web.config file.

If the rewrite rule is applied to a virtual web.config file, then use..

<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{URL}" />

The {URL} syntax will include the initial forward slash, the virtual path, and any URL parameters.

Answer 2

You can add the URL Rewrite module to IIS (IIS 7 or higher) which allows you to add create the redirect in a visual way. The module can be downloaded here.

This step-by-step tutorial worked wonders for me and explains that when using this module, all it actually does is add some code to your web.config file as such:

<rewrite>
    <rules>
        <rule name="Redirect to HTTPS" stopProcessing="true">
            <match url="(.*)" />
            <conditions>
                <add input="{HTTPS}" pattern="^OFF$" />
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
        </rule>
    </rules>
</rewrite>

Answer 3

I had the same problem where the R:1 was dropping my folders. I fixed it like this.

<rule name="http to https" stopProcessing="true">
    <match url="(.*)" />
    <conditions>
       <add input="{HTTPS}" pattern="^OFF$" />
    </conditions>
    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"
            appendQueryString="false" redirectType="SeeOther" />
</rule>

Answer 4

I found a way to do this, and you don't need the Rewrite module for it.
The following worked for me on Windows 8 (IIS 8.5):

1. Remove the HTTP binding from your site (leave HTTPS in place)
2. Add another site
3. Make sure that the new site has HTTP binding
4. Configure HTTP Redirect as shown:

Now all HTTP request will redirect to your HTTPS site and will preserve the rest of the URL.

Answer 5

I found a workaround:

Consider what in IIS is consired a website: simply a set of rules, the path in which get files and its bindings.

Furthermore, there's available a function called "HTTP Redirect" (included standardly in IIS), that redirect an host to another, keeping all subdirectory (it makes a relative path). The workaround is to leave just the binding for HTTPS (port 443) in your website, and create another with the binding on HTTP (port 80) and set for this an HTTP redirect to your URL with https://.

For example, consider a website called mytest and its urls http://www.mytest.com/ and https://www.mytest.com/. Set for it instead only binding on https://www.mytest.com/, and delete the http binding. Then create a new website with the same local path, called mytest http with just a binding over port 80 (http://www.mytest.com/) and set for this one an HTTP Redirect to https://www.mytest.com/.
Simple and clean, and that should be as fast as directly the https url for the user, because it's just an internal redirect. I hope that can work for you!

Answer 6

I can't comment yet or I'd leave this as a comment under AndyH's answer. The solution was correct, though I hit a single further snag (likely tied to the use of Adobe's Coldfusion server). I wanted to share some further research I had to do for any other unfortunate soul who may run into it.

Once set up, the redirect would always end at this url:

https://xxx.xxx.com/jakarta/isapi_redirect.dll

The fix for this was found in an Adobe thread (https://forums.adobe.com/thread/1034854): I had to change an application pool's settings as follows:

Real site (HTTPS binding only, actually contains code and virtual directories) Application pool's Advanced Settings: Enable 32-Bit Applications : False

Http_Redirect site (HTTP binding only, is a blank shell of a folder with no directories) Application pool's Advanced Settings: Enable 32-Bit Applications : True

---

EDIT: Another detail, tied to query string preservation:

Per suggestion in this post (http://www.developerfusion.com/code/4678/permanent-301-redirect-with-querystring-in-iis/)

Add $S$Q at the end of the domain and make sure the box for Redirect all requests to exact destination is checked. Then it will save the query string as well.

Answer 7

I believe AndyH's answer to be the easiest and best way. I have found using the URL rewrite can also conflict with code that may redirect the user to another page. IT commonly broke in our environment. But Andy's solution worked flawlessly. I also think Andy's solution will put less overhead on the server as it doesn't need to examine every url hitting it for possible re-write conditions.

Answer 8

Change it to:

<rewrite>
   <rules>
      <rule name="Redirect to HTTPS" stopProcessing="true">
         <match url="(.*)" />
         <conditions>
            <add input="{HTTPS}" pattern="^OFF$" />
         </conditions>
         <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
      </rule>
   </rules>
</rewrite>