I was recently asked to configure a site to redirect automatically from HTTP to HTTPS. By this I mean when the user types in http://www.yourdomain.com/* the browser will automatically redirect to https://www.yourdomain.com/*. This is commonly done via server sides coding such as asp or php. But this isnt the most efficient or robust way to deal with the issue.
The following is details how you can achieve the desired result directly on a Windows Server machine with IIS. You may also be interested in our previous post on Redirecting (301) to no-www Class B specification in IIS as it involves a similar process.
Select or create your website as normal. Now open the properties window and select the TCP port input box. Change this from the default port '80' to another externally accessible port such as '88'. The SSL port should be set to the default '443'.
Once youve done this open the 'Directory Security' tab > 'Secure Communications' > Edit. Select the 'Require secure channel' and 'Require 128-bit encryption' check boxes. Now restart the website from the 'Application server' window.
Try browsing to your site using http and the port you changed earlier http://www.yourdomain.com:88, and you should be presented with a "The page must be viewed over a secure channel" system page. However access the site via the secure socket and it should work fine eg https://www.yourdomain.com.
If this is not the case then you need to check your settings. Is the port you selected accessible via the web?
The next step essentially takes care of the redirection from http to https. Create a new IIS website by right-clicking on New > Web site > Click Next and give the website a name such as "Redirect to SSL".
Click Next... For TCP port, choose port 80, the default HTTP port.
For path, point it to c:\inetpub\wwwroot. (It doesn't really matter as we'll be changing this in a minute.) Click Next... Give it Read permissions.
Click Next... Finish... to create the website.
Right-click, properties on the new website. Select the 'Home Directory' tab.
Select "The content for this resource should come from:" to "A redirection to a URL". In the "Redirect to:" input box, enter https://www.yourdomain.com.
You can also optionally select "A permanent redirection for this resource", which will cause bookmarks to update to the new URL. DO NOT select "The exact URL entered above" or "A directory below URL entered", as this will stop the redirection from working properly.
Restart the website.
Now browse to http://www.yourdomain.com and you'll be redirected to the site via the Secure SSL. Note that the path portion of the URL is preserved and only the protocol and server are modified. So http://www.yourdomain.com/* will redirect to https://www.yourdomain.com/* .
*TIP* You can combine this method with Redirecting (301) to no-www Class B specification in IIS to create a fully featured redirect. For example http://www.yourdomain.com/* will be redirected to https://yourdomain.com or any combination of the four (http, https, www, no-www)
Tags: http://, https://, IIS, Windows Server, redirect, redirection, SSL, TCP
Subscribe