How to force HTTPS using a Web.Config file

To force HTTPS (HTTP over SSL/TLS) for your website using a web.config file in IIS, you can add the appropriate configuration directives. Here’s how you can do it:

  1. Open your website’s root directory on the server where your website is hosted.
  2. Locate the web.config file in the root directory. If you don’t have one, you can create a new text file and name it “web.config”.
  3. Open the web.config file using a text editor.
  4. Add the following code within the <configuration> section:
<system.webServer>
  <rewrite>
    <rules>
      <rule name="Force HTTPS" enabled="true">
        <match url="(.*)" ignoreCase="false" />
        <conditions>
          <add input="{HTTPS}" pattern="off" />
        </conditions>
        <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
      </rule>
    </rules>
  </rewrite>
</system.webServer>
  1. Save the web.config file.

The above code uses the URL Rewrite module in IIS to perform a redirect from HTTP to HTTPS. It checks if the HTTPS server variable is “off” (indicating an HTTP request), and if so, it redirects the request to the corresponding HTTPS URL.

Make sure to test your website after making this change to ensure it is working as expected. Any HTTP requests should now be automatically redirected to the equivalent HTTPS URL.

Note: Ensure that the URL Rewrite module is installed and enabled on your IIS server for this configuration to work.

https://stackoverflow.com/questions/9823010/how-to-force-https-using-a-web-config-file

Leave a Reply

Your email address will not be published. Required fields are marked *