Redirect HTTP to HTTPS with Windows IIS 10

How to redirect incoming HTTP links to secure HTTPS in Windows IIS 10.

This tutorial will show you how to configure your website in IIS 10 so that all incoming http:// links to the site will be redirected to their secure https:// versions.

These instructions assume that you’ve already taken the following steps with the site:

  1. Download and install the IIS URL Rewrite module, then launch IIS Manager.
  2. Select the website you want to apply redirection to, then double-click URL Rewrite.
    Select site and open URL rewrite
  3. Click Add Rule(s)…
  4. Select Blank rule in the Inbound rules section, then click the OK button.
    Blank rule
  5. Give your redirect an easy-to-remember name.
  6. In the Matched URL section:
    • Set Requested URL: to Matches the Pattern.
    • Set Using to Regular Expressions.
    • Enter (.*) as the Pattern.
    • Check Ignore case.
    Match URL settings

  7. Scroll down to Conditions and expand the section if necessary. Select Match All for Logical grouping, then click the Add… button.
    select Match All and click Add
  8. A dialog box will open:
    • Type {HTTPS} in the Condition input field.
    • Set Check if input string to Matches the Pattern.
    • Type ^OFF$ in the Pattern field.
    • Check Ignore case.
    • Click the OK button.
    Add Condition

  9. You should now see your condition in the list.
    Condition in list
  10. Scroll down to the Action section and enter these settings:
    • Select Redirect as the Action type.
    • Type https://{HTTP_HOST}/{REQUEST_URI} in the Rewrite URL field.
    • Uncheck Append query string.
    • Set Redirect type to Permanent (301).
    Edit Action
  11. Click Apply in the right-hand Actions menu.
    Click Apply
  12. You can now check your redirect in a web browser. If there are any problems, you can check the site’s web.config file to make sure it contains the correct information. In IIS Manager, right-click your site and choose Explore from the menu.
    Explore
  13. Confirm that the file web.config exists, then open it in a text editor.
    web.config
  14. Verify that web.config contains the following text. If necessary you can create and/or modify this file:
    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
        <system.webServer>
            <rewrite>
                <rules>
                    <rule name="HTTPS Redirect" stopProcessing="true">
                        <match url="(.*)" />
                        <conditions>
                            <add input="{HTTPS}" pattern="^OFF$" />
                        </conditions>
                        <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" />
                    </rule>
                </rules>
            </rewrite>
        </system.webServer>
    </configuration>

SSL.com provides a wide variety of SSL/TLS server certificates for HTTPS websites.

COMPARE SSL/TLS CERTIFICATES

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.