To enforce all client connections to use HTTPS, you need to redirect the HTTP connection to HTTPS. This can be done easily in IIS.
1) Install URL Rewrite for IIS which can be downloaded from the following URL:
https://www.iis.net/downloads/microsoft/url-rewrite
2) Add the following settings that to the web.config file (withing WebServer section):
<rewrite>
<rules>
<rule name="HTTP to HTTPS" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
To learn more about the rewrite component,
https://docs.microsoft.com/en-us/iis/extensions/url-rewrite-module/url-rewrite-module-configuration-reference
No comments:
Post a Comment