Pulkit Gulati

Redirect website traffic to https with IIS hosting

Securing the traffic coming to your website is of utmost importance. Websites today running without an SSL certificate or without https cannot be trusted. If your application is hosted on IIS, one trick to redirect (not re-write URL) all traffic via https is to create a new Website in IIS and add httpRedirect in your web.config. HTTP Redirection is not available on the default installation of IIS 7 and later.

If your website domain is e.g. https://www.abc.com, this means the IIS binding on port 443 for your website is using host name “www.abc.com”.
The dns requires to be created pointing to the Hosting Application Server. The new Website that you create for redirection should have a port 80 binding with the same domain name.

Also, add the below configuration in your web.config file:

<configuration>
	<system.webServer>
		<httpRedirect enabled="true" destination="https://www.abc.com$Q" exactDestination="true" httpResponseStatus="Permanent" />
	</system.webServer>
</configuration>

The $Q in the destination URL will preserve the Query strings if any. The httpResponseStatus with value Permanent will redirect the traffic to the destination URL with status code 301. Set exactDestination to false if you want to preserve the relative paths during redirects.

Advertisement
Posted in DotNet, IISTagged , , , 1 Comment

One thought on “Redirect website traffic to https with IIS hosting

  1. Pingback: Add Strict-Transport-Security (HSTS) response header to IIS hosted site – InTheTechPit

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.