How to force HTTPS using a web.config file

by

You need URL Rewrite module, preferably v2 (I have no v1 installed, so cannot guarantee that it will work there, but it should).

Here is an example of such web.config — it will force HTTPS for ALL resources (using 301 Permanent Redirect):

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <clear />
                <rule name="Redirect to https" stopProcessing="true">
                    <match url=".*" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

P.S.
This particular solution has nothing to do with ASP.NET/PHP or any other technology as it’s done using URL rewriting module only — it is processed at one of the initial/lower levels — before request gets to the point where your code gets executed.

More Related Contents:

  1. How can I secure passwords stored inside web.config?
  2. Login failed for user ‘IIS APPPOOL\ASP.NET v4.0’
  3. Cannot open database “test” requested by the login. The login failed. Login failed for user ‘xyz\ASPNET’
  4. Best way in asp.net to force https for an entire site?
  5. An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode
  6. Read connection string from web.config
  7. Specified argument was out of the range of valid values. Parameter name: site
  8. The breakpoint will not currently be hit. No symbols have been loaded for this document in a Silverlight application
  9. Why is HttpContext.Current null?
  10. Web.Config Debug/Release
  11. IIS Server & ASP.Net Core – 500.19 with error code 0x8007000d on httpplatformhandler tag
  12. Changing project port number in Visual Studio 2013
  13. How to implement “Access-Control-Allow-Origin” header in asp.net
  14. Can you prevent your ASP.NET application from shutting down?
  15. How to set web.config file to show full error message
  16. Check ssl protocol, cipher & other properties in an asp.net mvc 4 application
  17. Is current request being made over SSL with Azure deployment
  18. Encrypting Web.Config
  19. How can I add an ampersand for a value in a ASP.net/C# app config file value
  20. ConfigurationManager.AppSettings getting null?
  21. Share Session between two web sites using asp.net and state server
  22. IIS app pool recycle + quartz scheduling
  23. I’ve been hacked. Evil aspx file uploaded called AspxSpy. They’re still trying. Help me trap them‼
  24. Leverage browser caching in IIS (google pagespeed issue)
  25. Handler “ExtensionlessUrlHandler-Integrated-4.0” has a bad module “ManagedPipelineHandler” in its module list
  26. How to read appSettings section in the web.config file?
  27. Error 500.19 with 0x8007000d when running ASP.NET Core app in IIS despite AspNetCoreModule being installed
  28. Could not load file or assembly ‘System.Web.Helpers, error on IIS 8
  29. Can I reuse HttpWebRequest without disconnecting from the server?
  30. The ‘Microsoft.ACE.OLEDB.12.0’ provider is not registered on the local machine.

Leave a Comment