To continue with this content, please log in with your Data Access ID or create a new account.
Cancel Data Access ID
You may not be authorized to see this content. Please contact Data Access Europe for more information.
Cancel Data Access Europe
You are not authorized to see this content.
Cancel Data Access Europe
Next lesson:

Secure your web applications with HTTPS

Lesson 4: Setup HTTPS Redirection Using URL Rewriter

This lesson shows how to setup the IIS URL rewriter, so un-encrypted web applications automatically redirect to HTTPS.


  • Proceeding from where <link>Lesson 3: Deploying HTTPS with a Free Certificate</link> left off… Currently, visiting the web application in a browser shows a “Not secure” warning in the address bar.
  • To automatically redirect the web application to HTTPS, a redirection rule needs to be created in the IIS URL rewriter.
  • From the IIS Manager…
  • Expand the server node and then ‘Sites’ and select the web application that needs to be redirected
  • Double click ‘URL Rewrite’ from the center pane
  • From ‘Actions’ panel on the right, click on ‘Add Rule(s)’
  • From the window that appears, select ‘Blank rule’
  • Add all of the pertinent information to the fields in the ‘Edit Inbound Rule’ window
    • Name (Ex: http to https)
    • Match URL pattern: (.*)
  • Add a condition: {HTTPS} with Pattern: ^OFF$
  • Set the ‘Action type’ to ‘Redirect’  
  •  Enter the ‘Redirect URL’ shown on the screen: https://{HTTP_HOST}{REQUEST_URI}
  • Click ‘Apply’ and then ‘Back to Rules’ in the ‘Actions’ pane
  • A rule with the name “http to https” has been created, and now shows in the ‘URL Rewrite’ pane
  • Revisiting the web application in the browser now shows that it is redirected to the secure web application.   
  • Clicking the padlock in the address bar will now the connection as secure.