Jasinski Technical Wiki

Navigation

Home Page
Index
All Pages

Quick Search
»
Advanced Search »

Contributor Links

Create a new Page
Administration
File Management
Login/Logout
Your Profile

Other Wiki Sections

Software

PoweredBy

Forcing SSL with a URL Rewrite Rule - IIS7

RSS
Modified on Mon, Jan 30, 2017, 9:28 AM by Administrator Categorized as Windows (OS, IE, IIS, and MSMQ)

Overview

Frequently when you have a site that uses SSL, you want to force the use of SSL on all pages. Thus, when a user navigates to an http:// . . . address on the site, you would like them redirected to the equivalent https:// . . . address. This article describes how to do this within Internet Information Services 7

Procedure

Single Web Server

This procedure will work with a single web server (i.e., no load balancer), but you MUST HAVE THE URL REDIRECT MODULE for IIS installed!

<system.webServer>
  <rewrite xdt:Transform="Insert">
    <rules>
        <rule name="HTTP to HTTPS redirect" stopProcessing="true">
          <match url="(.*)" />
            <conditions>
              <add input="{HTTPS}" pattern="off" ignoreCase="true" />
            </conditions>
            <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
        </rule>
    </rules>
  </rewrite>
</system.webServer>

Multiple Web Servers Behind a Load Balancer - Site Does NOT Use SignalR

NOTE: This will break SignalR. See below for how to force SSL for a site that uses SignalR.

Add the following to your web.Release.config file

<system.webServer>
  <rewrite xdt:Transform="Insert">
    <rules>
      <rule name="HTTPS rewrite behind ELB rule" enabled="false" stopProcessing="true">
        <match url="^(.*)$" ignoreCase="false" />
        <conditions>
          <add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" />
        </conditions>
        <action type="Redirect" redirectType="Found" url="https://{SERVER_NAME}{URL}" />
      </rule>
    </rules>
  </rewrite>
</system.webServer>

Multiple Web Servers Behind a Load Balancer - Site Uses SignalR

1. Setup a dummy site with a binding for http://yoursite.com

2. Root folder should have an index.html file

3. The web.config file should contain the following.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <httpRedirect enabled="true" destination="https://yoursite.com" httpResponseStatus="Permanent" />
    </system.webServer>
</configuration>

4. Within Amazon Web Services, edit the listeners on the load balancer, to (a) remove all HTTP and HTTPS listeners, and (b) add two listeners as follows.

Load Balancer Protocol/PortInstance Protocol/Port
TCP:80TCP:80
SSL (Secure TCP):443SSL (Secure TCP):443

Image
  Name Size
- IIS7 - SSL Redirect.png 20.87 KB
- TcpListeners.png 15.81 KB

ScrewTurn Wiki version 3.0.1.400. Some of the icons created by FamFamFam. Except where noted, all contents Copyright © 1999-2018, Patrick Jasinski.