Once you have installed an SSL certificate installed on IIS website, you will need to configure a rule to automatically redirect all incoming unsecure HTTP requests to HTTPS URLs.
To create redirection rules in IIS, you must download and install the URL Rewrite Module 2.1 IIS module (https://www.iis.net/downloads/microsoft/url-rewrite).
Then open the Internet Information Services Manager console (InetMgr.exe
) and select your site.
Go to the SSL Settings section and make sure that the Require SSL option is not enabled. If not, this will cause a conflict with the Rewrite URL redirect rule resulting in 403.4 forbidden errors.
Then go to the URL Rewrite section.
Select Add Rule -> Blank rule.
Specify the rule name and configure the following parameter values:
- Requested URL ->
Matches the Pattern
- Using ->
Wildcards
- Pattern ->
*
In Conditions, change Logical Grouping to Match All and click Add. Configure the options:
- Condition input ->
{HTTPS}
- Check if input string ->
Matches the Pattern
- Pattern ->
OFF
- Ignore case:
enabled
Now move on to the Action section and set:
- Action Type ->
Redirect
- Redirect URL ->
https://{HTTP_HOST}{REQUEST_URI}
- Redirect type ->
Permanent (301)
Once the redirect rule is created, you will need to reset IIS with the following command:
iisreset
Open your browser and try to access your website using the HTTP address. You should be automatically redirected to the HTTPS URL.
You can also manually enable the HTTP-to-HTTPS redirection IIS rule in the web.config file:
<configuration> <system.webServer> <rewrite> <rules> <rule name="rewrite_rule_Redirect_HTTP_to_HTTPS" patternSyntax="Wildcard" stopProcessing="true"> <match url="*" /> <conditions> <add input="{HTTPS}" pattern="OFF" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" /> </rule> </rules> </rewrite> </system.webServer> </configuration>
This HTTP to HTTPS redirect rule in IIS will work on the current versions of Windows Server 2022, 2019, 2016, and Windows 10/11.