How to Force Redirection From HTTP to HTTPS on IIS 6.0

13 בינואר 2009

תגיות: , , ,
31 תגובות

Lets say your clients write HTTP://myserver.lab to get to your site, but you want to redirect them automatically to an SSL secured site: HTTPS://myserver.lab. Unfortunately, performing this redirection in IIS 6 not a regular feature, but there’s a nice trick to do it.

Note:

  • This process will cause some downtime and disconnect all active user sessions on the website.
  • If you have a server farm, make sure you perform this procedure on all servers.

Instructions for making your site accept HTTPS only:

I assume you already have a website set up on port 80.

1. Open IIS and right click on your website. Click Properties and go to the Web Site tab.
You can see that it uses port 80.

Properties Dialog

2. Now change the port to 81, or any other port you’d like your firewall to block.
That’s right, we’re blocking it since we don’t clients to ever reach our website on unsecured communications.

3. Now type in 443 for the SSL port. That’s the standard. Click OK.

4. Create a new website in IIS. Call it “mydomain.lab Redirect” (for example) and map it to port 80. If you’re using a host header, use the same host header as your original site.

Wizard

This site is intended to be empty. We will use an IIS technique to redirect our clients.

5. This is how our IIS server looks like:


The real site is on port 81 with SSL on, and the Redirect site is on port 80.

 

6. Right click on the “mydomain.lab Redirect” website and click Properties. Go to the Home Directory tab.

7. Choose A redirection to a URL. Type in the address of your website, with an HTTPS protocol.

Now here are your choices:

  • If you want to redirect to the same exact address, only on HTTPS – that’s all you need to do.
  • If you want to redirect to a certain page, like a login page – check the “The exact URL entered above” box.
  • If this redirection is permanent – and I guess it is: Check the 3rd box. It will send a different HTTP Redirect response which will tell browsers to update their cookies accordingly.

Finally, click OK and test the new configuration.

So what did we do?

We changed the listening port of the website from 80 to something else, and created a different “redirector” website that listens to it. The redirector tells the browser to switch to SSL, and now the new HTTP request goes to the original website.

Now just don’t forget to block the new port you chose for the website!

Enjoy. 🙂

Dor Rotman.

הוסף תגובה
facebook linkedin twitter email

כתיבת תגובה

האימייל לא יוצג באתר. שדות החובה מסומנים *

31 תגובות

  1. Salim Dallal26 בפברואר 2009 ב 14:52

    what if I need to do this for certain parts or folders of the website only?

    הגב
  2. Matt Van ***7 במאי 2009 ב 4:44

    Brilliant. Freakin' brilliant. Thanks a million

    הגב
  3. panoone26 ביוני 2009 ב 6:07

    Salim Dallal: you'd use a rewrite module like Ionics Isapi Redirect Filter for IIS. Us Apache peeps have been doing this with ease since forever… 😉

    הגב
  4. Aristides Rapozo6 באוקטובר 2009 ב 17:06

    This is a great article, but instead of using the port 81, why don't you just create the redirect site with port 80 and the real site only with the SSL port (since it only cares about the ip address and not the header, and the site that is going to have the header is going to redirect it to the SSL one site)?

    הגב
  5. Bernard L16 בדצמבר 2009 ב 18:33

    Excellent!! I needed a solution and this was the fix.

    הגב
  6. PhilC20 בינואר 2010 ב 0:57

    I did this on my prod system and worked perfectly. I did the exact same steps on my UAT environment and I get an error screen display when I try to browse to http.

    The following error was encountered:

    Unable to determine IP address from host name for assesstool-uat.tec.govt.nz
    The dnsserver returned:

    Name Error: The domain name does not exist.

    הגב
  7. BraamM24 במאי 2010 ב 21:38

    Excellent work around!! Thanks.

    הגב
  8. naser7 ביוני 2010 ב 23:09

    thanks a lot.
    you solve my problem in the best way.

    הגב
  9. Levi C Rogers18 ביוני 2010 ב 20:03

    This was a great article, helped me out a bunch.

    הגב
  10. Phil11 באוקטובר 2010 ב 21:54

    Brilliant. Thanks. This is clean, quick and easy to do.

    הגב
  11. Steve Lorbach15 באוקטובר 2010 ב 16:08

    A Brilliant Stroke of Genius.
    I've been working with scripts to do the redirect successfully for several years, but this beats that approach hands down!!

    הגב
  12. james rincon22 בדצמבר 2010 ב 23:03

    awesome solution. tried like 5 other methods and none worked. this did, like a charm. thanks!

    הגב
  13. Mike18 בינואר 2011 ב 22:16

    Thanks.. This worked great!

    הגב
  14. Francis31 בינואר 2011 ב 22:19

    thank you, great. it worked

    הגב
  15. Max13 בספטמבר 2011 ב 21:48

    Coming from a networking background this solution really appeals. I spent an hour trying to get an ASP web.config solution to work with no success, but this solution worked first time. Also the application developer can do whatever they like to their code & ASPH and the redirect will still work: with the web.config approach a code update could have overwritten my changes.

    הגב
  16. Jellydog19 באוקטובר 2011 ב 4:45

    Thanks so much for this Elegant solution. This was something that has bothered me for over a year. I have a wildcard certificate on my server and now can force ssl on all connections on all sites without using some solution that requires java script to be enabled on my clients' systems.

    הגב
  17. Adreas10 בנובמבר 2011 ב 5:52

    Pwlhsh xruswn lirwn kai kosmhmatwn. Dwrean ektimhseis . http://www.enexyra-athina.gr/

    הגב
  18. Steve M12 בנובמבר 2011 ב 19:23

    Wow. I saw all kinds of methods to do this using scripts, landing pages, custom errors, etc. This was so simple and effective. Awesome info!!!

    הגב
  19. Shilpesh Shah9 במרץ 2012 ב 22:46

    Awesome! Thank you so much for this example.

    הגב
  20. Jonas26 במאי 2012 ב 9:50

    Thanks so much, it works!!!!

    הגב
  21. Aaron6 ביוני 2012 ב 19:40

    Occasionally someone strikes genius… this is an example of just that. Thank you!

    הגב
  22. Yogesh25 ביוני 2012 ב 18:20

    Thanks Sir 🙂

    הגב
  23. Thanos15 ביולי 2012 ב 23:26

    Apokleistikos katalogos enexyrodaneistirion kai katastimaton agoras xrysou…

    הגב
  24. Knox26 באוגוסט 2012 ב 9:47

    Hi there, this weekend is good for me, since this moment i am reading
    this great educational article here at my house.

    הגב
  25. Nick Reilingh8 באוקטובר 2012 ב 22:52

    @Aristides – because the web site properties require a TCP port to be set — it won't let you configure one blank.

    הגב
  26. Peralta13 בדצמבר 2012 ב 22:29

    It's truly very complex in this active life to listen news on Television, so I only use web for that reason, and get the newest information.

    הגב
  27. Greg14 במרץ 2013 ב 22:19

    Thanks for posting this. It was really easy to follow and very helpful. Great resource for those of us still running some older hardware.

    הגב
  28. Liam30 במאי 2013 ב 2:28

    The only problem is that it does not pass the query string across :-/

    Thanks for the tip.

    הגב
  29. Liam30 במאי 2013 ב 2:33

    Great tip, I then also enable 'a permanent redirection for this resource' and also enable 'the exact url entered above'.

    Then simply place the following at the end of my redirected url:
    $S$Q

    This allows it the query string and sub folders to be passed.

    Thanks for the pointer in the right direction much better than javascript.

    הגב
  30. Greg6 ביוני 2013 ב 14:02

    I think this is missing a little detail on step 4. First, what do you do if you have an IP address on the main web site? Do you reuse it on the redirect web site, or just leave it blank?

    Second, once you hit Next, you're asked to specify a folder where the redirect website resides. Should we use the same folder as the main site, knowing that it will be ignored once we configure the redir site to point to the main site?

    This isn't working for me, and I suspect the reason has something to do with these questions…

    Thanks for the good idea. It sounds like it works for a lot of people, but not me.

    הגב