This tutorial will show you how to configure your website in IIS 10 so that all incoming http:// links to the site will be redirected to their secure https:// versions.
SSL.com provides a wide variety of SSL/TLS server certificates for HTTPS websites.
COMPARE SSL/TLS CERTIFICATES
SSL. com Support Team
View All How Tos
Subscribe to SSL. com’s Newsletter

Don’t miss new articles and updates from SSL.com
Because IT-Security IS important
It is assumed that a server has already been set up with Microsoft Windows Server 2016 and the current IIS 10, so that the web page in question can be accessed on both http and https.
– How to install IIS 10 on Windows Server 2016 (German only)– How to get a free SSL-certificate from Let’s Encrypt for IIS Websites (German only)
Preparing your server
Before we can start configuring you server, another tool needs to be installed: URL Rewrite. It is an official extension to IIS and has been installed together with Server Manager up to version 9. From version 10 onwards, URL rewrite must be installed manually. Microsoft’s free EXE should be downloaded, which can be found here: LINK
Building a server configuration

However, the rule is still deactivated. To activate it, find the menu item Enable Rule and click on it.

Finished! Http requests are now forwarded automatically to https. Best practice is to test it immediately by opening the website in any browser.
Summary
With little effort, the entire websites traffic is encrypted. Other services, such as WebDAV, can be encrypted with the same certificate too. Have a look at this tutorial to see how it is done: Encrypt WebDAV with Let’s Encrypt (German only).
Setting up an HTTP/HTTPS redirect in IIS
Once the SSL certificate is installed, your site still remains accessible via a regular insecure HTTP connection. To connect securely, visitors must specify the https:// prefix manually when entering your site address in their browsers.
In order to force a secure connection on your website, it is necessary to set up a certain HTTP/HTTPS redirection rule. This way, anyone who enters your site using a link like «yourdomain.com» will be redirected to «https://yourdomain.com» or «https://www.yourdomain.com» (depending on your choice) making the traffic encrypted between the server and the client side.
Below are steps to setup a IIS HTTPS redirect:
- Download and install the URL Rewrite module.
- Open the IIS Manager console and select the website you would like to apply the redirection to in the left-side menu:
- Double-click on the URL Rewrite icon.
- Click Add Rule(s) in the right-side menu.
- Select Blank Rule in the Inbound section, then press OK.
- Enter any rule name you wish.
- In the Match URL section:
- In the Conditions section, select Match all under the Logical Grouping drop-down menu and press Add.
- In the prompted window:
- Un-check the Append query string box.
- Select the Redirection Type of your choice. The whole Action section should look like this:
- Click on Apply on the right side of the Actions menu.
The IIS redirect can be checked by accessing your site via http:// specified in the URL. To make sure that your browser displays not the cached version of your site, you can use anonymous mode of the browser.
The rule is created in IIS, but the site is still not redirected to https://
Normally, the redirection rule gets written into the web.config file located in the document root directory of your website. If the redirection does not work for some reason, make sure that web.config exists and check if it contains the appropriate rule.
- In the sites list of IIS, right-click on your site. Choose the Explore option:
- Explore will open the document root directory of the site. Check if the web.config file is there.
- If the web.config file is missing, you can create a new .txt file, put the aforementioned code there, save and then rename the file to web.config.
Дано: сайт на IIS 8.5 (SSL сертификат уже установлен и сайт настроен на работу по HTTPS). На IIS установлен модуль URL Rewrite.
Задача: необходимо настроить перенаправление всех запросов сайта (редирект) с HTTP на HTTPS.

Пример добавление правила через визуальный интерфейс IIS:

Либо вставляем правило в файл web.config в ветку configuration — system.webServer:
My rule in my web.config file looks like this:
11 gold badges52 silver badges72 bronze badges
asked Apr 2, 2013 at 5:27
- Remove the HTTP binding from your site (leave HTTPS in place)
- Add another site
- Make sure that the new site has HTTP binding
- Configure HTTP Redirect as shown:

Now all HTTP request will redirect to your HTTPS site and will preserve the rest of the URL.
13 gold badges107 silver badges130 bronze badges
answered Sep 26, 2014 at 17:12
2 silver badges5 bronze badges
Change it to:
answered Aug 2, 2013 at 9:08

1 silver badge11 bronze badges
I had the same problem where the R:1 was dropping my folders.
I fixed it like this.
answered Sep 30, 2015 at 17:35
David Silva SmithDavid Silva Smith
11 gold badges67 silver badges90 bronze badges
Once set up, the redirect would always end at this url:
Real site (HTTPS binding only, actually contains code and virtual directories)
Application pool’s Advanced Settings: Enable 32-Bit Applications : False
Http_Redirect site (HTTP binding only, is a blank shell of a folder with no directories)
Application pool’s Advanced Settings: Enable 32-Bit Applications : True
EDIT: Another detail, tied to query string preservation:
Per suggestion in this post (http://www.developerfusion.com/code/4678/permanent-301-redirect-with-querystring-in-iis/)
Add $S$Q at the end of the domain and make sure the box for Redirect all requests to exact destination is checked. Then it will save the query string as well.
answered Apr 3, 2015 at 19:10

answered Feb 9, 2015 at 20:58
I found a workaround:
Consider what in IIS is consired a website: simply a set of rules, the path in which get files and its bindings.
Furthermore, there’s available a function called «HTTP Redirect» (included standardly in IIS), that redirect an host to another, keeping all subdirectory (it makes a relative path). The workaround is to leave just the binding for HTTPS (port 443) in your website, and create another with the binding on HTTP (port 80) and set for this an HTTP redirect to your URL with https://.
answered Sep 1, 2017 at 23:01

1 gold badge29 silver badges31 bronze badges
You can add the URL Rewrite module to IIS (IIS 7 or higher) which allows you to add create the redirect in a visual way. The module can be downloaded here.
This step-by-step tutorial worked wonders for me and explains that when using this module, all it actually does is add some code to your web.config file as such:
answered Jun 7, 2018 at 12:36
3 gold badges26 silver badges41 bronze badges
I have found that the
syntax will only work for the website’s ROOT web.config file.
If the rewrite rule is applied to a virtual web.config file, then use..
answered Jan 19, 2019 at 1:49
I need to redirect my HTTP site to HTTPS, have added below rule but I am getting 403 Error when tried using http://www.example.com, it works fine when I type https://www.example.com in browser.

asked Feb 9, 2011 at 14:04
You can do it in code:
Or You could add the same code to an action filter:

24 gold badges112 silver badges197 bronze badges
answered Feb 9, 2011 at 14:09
15 gold badges85 silver badges118 bronze badges
In the Global.asax.cs:
301 redirect: SEO best practice (Search Engine Optimization)
So if Google or Bing robots will be redirected too, consider this:
answered Dec 21, 2016 at 10:24

answered Jul 1, 2013 at 14:43
You can try this code with web.config file. If your URL is http://www.example.com then it will be redirect to this URL https://www.example.com.
answered Feb 7, 2019 at 12:58

You could use the RequireHttpsAttribute for simple cases.
«Represents an attribute that forces an unsecured HTTP request to be
re-sent over HTTPS.»
I’m not sure you’d want to use this to enforce HTTPS across a large site though. Lots of decorating to do, and opportunity to miss controllers.
answered Aug 4, 2016 at 16:19
15 silver badges26 bronze badges
It’s very simple. Just add one line in «Global.asax» file as below:
Hope it will help you 🙂 Thank you!
answered Jan 15, 2020 at 8:49

1 gold badge4 silver badges20 bronze badges
Use this code in web.config file for redirect http:// to https://
answered Apr 1, 2019 at 13:01
2 silver badges10 bronze badges
I did it thusly, since a local debug session uses custom port numbers:
answered Nov 29, 2015 at 7:54
To force https only when the website is lunched on the server and ignore it while running the website on your machine for development :
In Global.asax :
You’ll need the Application_BeginRequest() method
answered Nov 6, 2018 at 19:33
16 silver badges13 bronze badges
This answer is not exactly for OP but for those who could not make it work like me and have come across this (and although I know there is 403 not 404 error in OP), please refer to this answer if you are getting 404 instead: https://stackoverflow.com/a/6962829/5416602
Please check that you have binding for HTTP port (80) and not only HTTPS port (443) in your IIS
answered May 23, 2019 at 11:59

1 gold badge4 silver badges16 bronze badges
I’m unable to add comments, but thought this supplementary info would maybe help somebody.
I implemented the Global.asax idea with the 301 Permanent Redirect, and added http binding to the site in IIS. It still gave me 403 Forbidden until I remembered to untick «Require SSL» in SSL Settings.
answered May 23, 2019 at 16:08
6 silver badges11 bronze badges
I have changed and tried some of the IIS options but with no luck.
How can i do this?
I’m using IIS 7.5 and ASP.NET 2.0
asked Jun 16, 2011 at 9:33
The approach described in this blog article works well.
Summary:
1) Turn on «Require SSL» setting for the site.

2) In the Error settings configuration for 403 errors set it to «respond with 302 redirect» with the new URL set to the full URL with the https:// prefix.


18 gold badges104 silver badges162 bronze badges
answered Feb 22, 2012 at 0:39
1 silver badge3 bronze badges
answered Jun 16, 2011 at 9:38
2 gold badges43 silver badges50 bronze badges
you can make a simple check on the global.asax, on beginRequest, something like this code:
ps. I did not have check this code, I just type it now.
answered Jun 16, 2011 at 10:09

16 gold badges117 silver badges150 bronze badges
Just in case someone else runs into a http:// site that will not redirect. You also have to have the port 80 binding added to the site.

answered Jan 12, 2016 at 23:50
2 gold badges27 silver badges41 bronze badges
URL Rewrite is tightly integrated with IIS Manager for better management(Download from https://go.microsoft.com/?linkid=9722532)
enter image description here
Configure Rule Settings
Match URL tab:
name= Redirect 2 HTTPS
url= (.*)
answered Jan 29, 2018 at 19:39
![]()

Правим файл web.config для настройки редиректа.
Редирект с HTTP на HTTPS
Для всех доменов.
Убираем с домена WWW
Для всех доменов. Работает и для HTTP и для HTTPS.
Редирект с HTTP на HTTPS плюс убираем WWW
Для всех доменов, включая мультисайт.

