How to automatically redirect http to https in IIS

IIS doesn’t have a feature to redirect http to https. There are a number of ways to achieve this, but in this post I will show you to do it by modifying IIS custom error page (403.4).

  1. Create a file called SSLRedirect.asp in your webroot with the following content:

    <%
    Data = request.servervariables(“QUERY_STRING”)
    URL = replace(Data, “403;”, “”)
    URL = replace(URL, “http://&#8221;, “https://&#8221;)
    response.Status = “200 OK”
    response.redirect URL
    %>

    Or if you want to redirect it to a single URL, you can change those lines above with this instead

    <% Response.Redirect(“https://www.YourDomain.com/&#8221;) %>

  2. Open the IIS MMC tool, select properties for your site, go to the directory security tab, click the edit button at the bottom in secure communications, and then check “Require secure channel (SSL)” option.
  3. In the IIS MMC tool under your site’s properties, go to the custom errors tab, select the 403;4 error type, edit its properties to be a URL in your site and change it to

    /SSLRedirect.asp

  4. Still in the IIS MMC tool, select the properties for the custom error file you have createdpreviously (SSLRedirect.asp), go to the file security tab, click the edit button at the bottom in secure communications, and then UN-check “Require secure channel (SSL)” option.

That’s it! Now the visitor will be automatically redirected to https whenever they access the http. Thank you goes to Paul Wilson and IISFAQ.

For more information:
Paul Wilson’s .NET Blog
IISFAQ

Advertisements

71 thoughts on “How to automatically redirect http to https in IIS

  1. Hi,
    This is really nice articel for those you are beginner like me. I thanks lot for this articel. It help me very very much. Thank you again!!!!!!!!!!!!!

  2. Hi,
    We have two web server and LoadBalncer.
    we enable SSL on WebServers.
    puted location.href = “https://mysite.com” in 404-4.html;
    Things are working well if i goes using IPAddress of server.
    but a soon as “http://mysite.com” thinhgs goes wrong.
    It showes us error page.
    Can you guide us.

  3. Yeah, we tried it on our DMZ web server and this did not work. It would not run any asp page or any asp scripts, only straight html.

    Im assuming this is a security setting, but i havnt been able to figure out how to get it to run this script in the DMZ.

  4. You have no idea how many articles I read before I found this one. All of them explained 90% of what I needed to do but they all left out the part about removing the require secure communications option on the custom redirect page. I removed it and it worked like a charm. Thanks!

  5. You can use this as an alternate solution. But this will work. Instead of ASP we can use html also.

    Copy and paste it one html file “ssl_redirect.htm” and do the above steps he mentioned.

  6. sorry post is not allowing script content . Include this function with in script tag. So html file has only this script

  7. if (location.protocol != ‘https:’) { window.location = ‘https://’+ location.host + location.pathname + location.search; //alert(location.host + location.pathname + location.search); Just for sanity check }

  8. This is a great tip. I’ve put my login / password reset / ets / pages in one directory. Set the directory to require SSL. Any links to these pages I just use the normal way to go to them with the Http and it works like a champ changing to https..

    Thanks for this post.

    Now I am working on the easiest way to set the https to http when leaving these pages.

  9. mayby for the best:
    response.Status = “200 OK”
    response.redirect URL

    Response.Status="301 Moved Permanently"
    Response.AddHeader "Location", URL

    ?

  10. For some reason – this does not work for me. I’ve got required SSL checked and I stopped and restarted the website.

    I put in the url test.ssltite.com
    I get an under construction message ant http gets added to the front of my url.
    I hit enter
    The following text shows up : (looks familiar? I took the first and last lines off because I didn’t want this web page to take it as HTML.)

    Data = request.servervariables(”QUERY_STRING”)
    URL = replace(Data, “403;”, “”)
    URL = replace(URL, “http://”, “https://”)
    response.Status = “200 OK”
    response.redirect URL

    Any clue what I did wrong?
    Thanx!
    Angelo

    Note: I’m new not only to SSL, but also to IIS. I’m not a web developer. I’m the manager.

  11. Thanks for the nice article. I want to implement the same solution for single sharepoint web site. but I am not able to find SSLRedirect.asp according to step 4. I would appreciate the reply.

  12. This is great solution, been looking for something like this for awhile. But having trouble getting it to work. This is on a intranet server using Integrated Windows Authentication. I get a repeated request for credentials, eventually followed by “Error: Access is Denied.” Even when using my admin id for the box. Any ideas what is happening?

  13. Thanks for the solution. It took me about 15 minutes to sort out.
    A few pointers:
    1. if you cut and paste the code from this page, replace all the speech marks (66 & 99s) with plain double quotes
    2. be careful about which error code you redirect (I got the wrong one to start with
    3. Use Firefox / Firebug. The net feature allows you to see the return code from the first hit
    4. use webcraber’s permanent move line to allow search engines to deprecate old non-ssl links
    5. use Jusa’s replacement of port 80
    6. I also modified the script to direct non www pages to http://www.mydomain.com since this is what the certificate is for.

  14. Agree with the post from Mark Snape above, also check that you have “Active Server Pages” enabled in your WebServers Web Service Extensions section.

    Also used this as my redirection script :

  15. Data = request.servervariables(“QUERY_STRING”)
    URL = replace(Data, “403;”, “”)
    URL = replace(URL, “:80″,””)
    URL = replace(URL, “http://”, “https://”)
    response.Status = “200 OK”
    response.redirect URL

  16. Greg G – thanks for your addition, that worked perfectly for me. This might be a lamer note here, but I found when I copied the code from Greg above into a text document to make the sslredirect.asp, it changed all the quotation marks. Going through and just deleting the quotation marks and re-adding them in text fixed the issue for me, and all works perfectly now.

    One thing I tried whilst orginally trying to trouble-shoot was an IISreset – I don’t think you need to do that though.

  17. I have a question on redirecting SSL; however, not from “http” to “https”.

    Here is the situation:

    I have a Web Server where I run the domain with SSL Certificate; everything is working just fine on that server. I have a separate server running a Web Application, but there is no Website running on that Server.

    This is a two (2) part question:

    1) Ideally, I would like to have users click on a tab on the Server running the Website and redirect the user to the Web Application server. However, I would like to continue to use the SSL certificate after the user is redirected to the Web Application Server and continue to see “https” as oppose to “http”. Is this possible? OR

    2) If I were to purchase another certificate for the Web Application Server, since I am not hosting a Domain on that Server, how would I install the certificate since all SSL Certificates are attached to a unique domain?

    Thanks,

    Claudel

  18. It depends on what type of certificate you have, but most are specific to a server. For instance a certificate could be tied to http://www.yourdomain.com. You want to redirect your users to your application server ie myapp.mydomain.com – you just need to get a certificate for that server name as well.

    Alternatively, you can have what is called a wildcard certificate this allows the same certificate to be installed on multiple machines. This normally costs more than two individual certificates though.

    1. Thanks for the feedback Mark; however, the Server to which I am redirecting does not have a Domain; it’s a regular Server running a Web Application. The question then, can I purchase an SSL Certificate without it being connected to a Domain?

      Thanks,

  19. For 18. Patrick Re Integrated Windows Authentication
    I had the same problem where the site could not access the ASP page because of authentication issues: ‘Access is Denied’

    I fixed this by creating 2 websites. The http website was a simple anonymous access to homepage SSLRedirect.asp (using the same domain) which redirected to the windows auth SSL site (port 81 & 443)

  20. I think everything posted made a ton of sense. But, what about
    this? what if you typed a catchier title? I am not saying
    your information isn’t good., however what if you added a post title to possibly grab folk’s attention?

    I mean How to automatically redirect http to https in IIS | Kojiroh’s technical blogs is a little boring. You might glance at Yahoo’s
    home page and see how they create article headlines to grab people interested.
    You might add a video or a related picture or two to get
    people interested about everything’ve got to say. In my opinion, it might bring your website a little livelier.

  21. Write more, thats all I have to say. Literally, it seems as though you
    relied on the video to make your point. You definitely know what youre talking about,
    why throw away your intelligence on just posting videos to your weblog when
    you could be giving us something enlightening to read?

  22. We are a gaggle of volunteers and starting a brand new scheme
    in our community. Your site offered us with helpful info to work on.

    You’ve performed a formidable process and our entire community can be thankful to you.

  23. This design is spectacular! You definitely know how to keep a reader amused.
    Between your wit and your videos, I was almost moved to start my own blog (well,
    almost…HaHa!) Fantastic job. I really loved what you had to
    say, and more than that, how you presented it. Too cool!

  24. This design is wicked! You moost certainly know how to keep a reader entertained.
    Between your wit annd your videos, I was almost
    moved to start my own blog (well, almost…HaHa!) Wonderdul job.
    I really enjoyed what you had to say, and more than that, how you presented it.
    Too cool!

  25. I do accept as true with all of the ideas you have offered in your post. They are very convincing and can definitely work. Still, the posts are very brief for starters. Could you please extend them a bit from subsequent time? Thanks for the post.

  26. Das hilft Ihnen anfangs über die Runden, später ist es meist gar nicht
    mehr notwendig, denn da wird Bewegung einfach ein Teil Ihres Lebens!

  27. I appreciate, lead to I discovered just what I used to be looking for.
    You have ended my 4 day long hunt! God Bless you man. Have a nice day.
    Bye

  28. 普通に着火させて使う普通のタバコと違って、燃焼により発生するタール、ホルムアルデヒド、CO、アンモニア化合物といった人間にとって毒となる成分が発生が少なく(約90%カットといわれている)、通常の場合発がん物質の吸い込むことや、依存性、歯に着色ことや壁の着色などが相当量減らすことを出来ている。

  29. If you happen to be some of those collector-type people who features
    a large and varied number of DVDs and Blu-Ray disks, you need the DVD covers and Blu-Ray covers that will express
    your pride from the collection you’ve amassed.
    An electric tuner will assist you to normalize and accurately
    tune every one of your strings in order that a crystal
    clear sound can be produced. It will force them to adopt an attitude of thinking outside of the box.

  30. Coming up in this New Knowledge Set training class Jeremy Whaley are going to
    take an in-depth take a look at the option strategy known as
    a strangle or straddle.

  31. Công nghệ và khoa học ngày càng tăng trưởng và sản phẩm
    in ấn dù quảng cáo chất lượng cũng không
    nằm ngoài quy luật phát triển đó. Với việc ứng dụng các thành tựu khoa học
    trong ngành chế tác. Với việc sử dụng công nghệ in kỹ thuật số hiện đại sẽ cho chất
    lượng in ấn đẹp, rõ ràng, bỏ ra tiết in được sắc
    nét, không gây ra hiện tượng nhòe mực hay bị phai mờ chi tiết,
    họa tiết in. Từ đó khẳng định cách làm
    việc chuyên nghiệp, hiện đại của những đơn vị, doanh nghiệp trong quan niệm đánh giá của người
    dùng.
    Hãy thử tưởng tượng xem logo, hình ảnh doanh nghiệp của bạn đươc khách hàng và các đối tác cầm đi chơi,đi bộ, đi chợ, che mưa che nắng từ những miếng
    ô tốt. Hay những quán café, những tụ điểm ăn uống ngoài trời,
    hồ bơi,… bỏ ra chít những mẫu logo, những câu
    slogan của doanh nghiệp Quý khách hàng in trực tiếp trên tán dù quảng cáo giá
    rẻ. Vô hình chung logo thương hiệu của các Quý công ty
    đã được phát triển thương hiệu trên khắp những nẻo
    đường.

  32. Hmm it looks like your website ate my first comment
    (it was extremely long) so I guess I’ll just
    sum it up what I wrote and say, I’m thoroughly enjoying
    your blog. I too am an aspiring blog blogger but I’m still new to the whole thing.
    Do you have any points for beginner blog writers? I’d definitely appreciate it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s