HTTP to HTTPS Redirect - IIS 8.5 not working properly

M

4

17

I've read a number of posts here on SO as well as on the 'net (IIS blogs, etc.). I'm trying to force all connections going from domain.com to www.domain.com and at the same time forcing the request from HTTP to HTTPS.

I'm using this set of rules and rewrites but the only thing happening is that it's redirecting fine but not redirecting to SSL.

<!-- Redirect to HTTPS -->
<rewrite>
    <rules>
        <rule name="Redirect to www" stopProcessing="true">
            <match url="(.*)" />
            <conditions trackAllCaptures="false">
                <add input="{HTTP_HOST}" matchType="Pattern" pattern="^mydomain.com$" ignoreCase="true" negate="false" />
            </conditions>
            <action type="Redirect" url="{MapProtocol:{HTTPS}}://www.mydomain.com/{R:1}" />
        </rule>
    </rules>
    <rewriteMaps>
        <rewriteMap name="MapProtocol" defaultValue="http">
          <add key="on" value="https" />
          <add key="off" value="http" />
        </rewriteMap>
    </rewriteMaps>
</rewrite>

What am I doing wrong?

Main blog reference: http://weblogs.asp.net/owscott/url-rewrite-protocol-http-https-in-the-action and this SO post - web.config redirect non-www to www

Merrifield answered 29/5, 2015 at 15:35 Comment(1)

apart from mistakes in the config, don't forget to do your experiments in an Incognito window in Chrome or your 301 redirects will be cached. You will need to close and start a new incognito window every time yo utry a new one. – Try 11/10, 2016 at 9:4

M

13

Edit: So I found this blog post: http://www.meltedbutter.net/wp/?p=231 and gave it a try and voila! Worked like a charm. Not sure why this worked over the rules posted above but in my case the below is working and successfully taking all non-www traffic and redirecting it to both www and https.

<!-- Redirect to HTTPS -->
        <rewrite>
            <rules>
                <rule name="http to https" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://www.domain.com/{R:1}" redirectType="SeeOther" />
                </rule>
            </rules>
        </rewrite>

Merrifield answered 29/5, 2015 at 16:25 Comment(2)

redirectType="seeOther" is the solution. Its ruined my day. – Whatnot 10/7, 2017 at 11:24

This does not work at all on either of my 3 servers. – Jari 25/5, 2021 at 13:49

L

17

This is a long shot for some cases but I had deleted my port 80 bindings for the website as I only wanted SSL / port 443. So from what I can tell is Port 80 binding is also needed for the the rewrite to work correctly.

Lavatory answered 12/6, 2018 at 23:54 Comment(3)

this worked for me. I published my site using another http port 2021 and deleted default 80 port binding for http. adding it back worked for me. – Suboxide 30/12, 2020 at 5:7

This also worked for me because i was just using 443 ports for my www.domain.com and domain.com.I did not know where the problem was , i tried to bind port 80 to the domain.com it worked !! You saved my day , man!! – Actinal 26/1, 2023 at 11:31

This worked for me. I deleted port 80 earlier as I wanted only https. – Moulder 14/3, 2023 at 21:28

H

16

We faced same issue while redirecting from http to https using URL Rewrite module, But after switching off the require ssl module within IIS did the trick.

Go to SSL Settings of website
Uncheck require SSL checkbox.
Apply settings and Restart iis

Hexameter answered 3/3, 2017 at 21:12 Comment(2)

This was the issue for me – Kedah 27/6, 2020 at 15:49

This solved it. Thanks! – Diacetylmorphine 26/4, 2022 at 15:40

M

13

Edit: So I found this blog post: http://www.meltedbutter.net/wp/?p=231 and gave it a try and voila! Worked like a charm. Not sure why this worked over the rules posted above but in my case the below is working and successfully taking all non-www traffic and redirecting it to both www and https.

<!-- Redirect to HTTPS -->
        <rewrite>
            <rules>
                <rule name="http to https" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://www.domain.com/{R:1}" redirectType="SeeOther" />
                </rule>
            </rules>
        </rewrite>

Merrifield answered 29/5, 2015 at 16:25 Comment(2)

redirectType="seeOther" is the solution. Its ruined my day. – Whatnot 10/7, 2017 at 11:24

This does not work at all on either of my 3 servers. – Jari 25/5, 2021 at 13:49

H

3

In my case, I did everything @Valien said and lots of other tries but it did not work. finally I found the problem. It was because I was using 2 rules. First rule was rewriting to NodeJs server and the second to redirect http to https. I changed the order and now it is working correctly.

The config with the correct order in case more than 1 rule is applied:

<rewrite>
     <rules>
           <rule name="http to https" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://mywebsite.com/{R:1}" redirectType="SeeOther" />
           </rule>
           <rule name="ReverseProxyToLocalhost:3000" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://localhost:3000/{R:1}" />
           </rule>
      </rules>
 </rewrite>

Hewie answered 12/6, 2022 at 6:6 Comment(2)

i am pulling may hair for days, who would thought the order of rules matters. thank you very much!!! [+1] – Reinert 17/1, 2023 at 12:20

See Other worked for me – Concertino 27/3, 2023 at 4:48

Recommended topics

Hot tags