Lets say your clients write HTTP://myserver.lab to get to your site, but you want to redirect them automatically to an SSL secured site: HTTPS://myserver.lab. Unfortunately, performing this redirection in IIS 6 not a regular feature, but there’s a nice trick to do it.
Instructions for making your site accept HTTPS only:
I assume you already have a website set up on port 80.
1. Open IIS and right click on your website. Click Properties and go to the Web Site tab.
You can see that it uses port 80.
2. Now change the port to 81, or any other port you’d like your firewall to block.
That’s right, we’re blocking it since we don’t clients to ever reach our website on unsecured communications.
3. Now type in 443 for the SSL port. That’s the standard. Click OK.
4. Create a new website in IIS. Call it “mydomain.lab Redirect” (for example) and map it to port 80. If you’re using a host header, use the same host header as your original site.
This site is intended to be empty. We will use an IIS technique to redirect our clients.
5. This is how our IIS server looks like:
The real site is on port 81 with SSL on, and the Redirect site is on port 80.
6. Right click on the “mydomain.lab Redirect” website and click Properties. Go to the Home Directory tab.
7. Choose A redirection to a URL. Type in the address of your website, with an HTTPS protocol.
Now here are your choices:
- If you want to redirect to the same exact address, only on HTTPS – that’s all you need to do.
- If you want to redirect to a certain page, like a login page – check the “The exact URL entered above” box.
- If this redirection is permanent – and I guess it is: Check the 3rd box. It will send a different HTTP Redirect response which will tell browsers to update their cookies accordingly.
Finally, click OK and test the new configuration.
So what did we do?
We changed the listening port of the website from 80 to something else, and created a different “redirector” website that listens to it. The redirector tells the browser to switch to SSL, and now the new HTTP request goes to the original website.
Now just don’t forget to block the new port you chose for the website!