Windows: Force website to HTTPS using web.config

Latest web browser will show your website as "insecure" when a visitor visit your site via the HTTP protocol.

Some visitors may visit your website URL without specifying HTTPS in the web browser address bar.
To always force your website to HTTPS in Windows IIS, enter the REWRITE rule below in your web.config file located inside the web folder wwwroot.>
The tag <REWRITE> must reside within the tag <SYSTEM.WEBSERVER>.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <clear />
                <rule name="Redirect to https" stopProcessing="true">
                    <match url=".*" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Can I transfer my SSL certificate to you?

If you already have the SSL certificate, you can send the backup file (.pfx format) of the...

Linux: Force Website from HTTP to HTTPS using htaccess

Recently web browsers will show a warning sign if your website is not secure with HTTPS...

Website Shows Mixed Contents Warning (http & https)

Nowadays, it is recommended for users to enable SSL on their websites.However, on some cases, the...

Windows: Generate CSR code in IIS

CSR (Certificate Signing Request) code is a set of encoded text that contains information about...

What is SSL?

SSL stands for Secure Socket Layer is the standard security technology developed by Netscape...