Windows: Force website to HTTPS using web.config

Latest web browser will show your website as "insecure" when a visitor visit your site via the HTTP protocol.

Some visitors may visit your website URL without specifying HTTPS in the web browser address bar.
To always force your website to HTTPS in Windows IIS, enter the REWRITE rule below in your web.config file located inside the web folder wwwroot.>
The tag <REWRITE> must reside within the tag <SYSTEM.WEBSERVER>.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <clear />
                <rule name="Redirect to https" stopProcessing="true">
                    <match url=".*" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

cPanel: Check SSL certificate status

SSL certificate is essential nowadays to boost users confidence when visiting a site.On your...

Windows: Generate CSR code in IIS

CSR (Certificate Signing Request) code is a set of encoded text that contains information about...

Windows: Export and import PFX file on IIS

PFX is one of the formats that Microsoft allows for SSL installation and contains both the SSL...

DirectAdmin: Install SSL certificate from Let's Encrypt

Please follow the steps below to install SSL certificate from Let's Encrypt in DirectAdmin...

Windows: Installing SSL certificate in IIS

SSL certificate need to be installed on the server where the CSR was generated, this is crucial...