After an SSL certificate is installed, a secure connection (https://) is not forced by default, and a website remains accessible via regular insecure http:// bypassing SSL/TLS protocols. It means that a website visitor may send sensitive data over an unencrypted channel unless he/she explicitly specifies https:// as a protocol he/she would like to use for connection.
Thanks to HTTP to HTTPS redirection, a visitor requesting to initiate an unencrypted (http://) session will be automatically redirected to an encrypted one (https://) secured by SSL/TLS protocol.
- Install the “URL Rewrite” module
- Re-open (if opened) “IIS Manager” and select the website you would like to apply the redirection to in the left-side menu.
- Double-click on the “URL Rewrite” icon
- Click “Add Rule” on the right-side menu
- Select “Blank Rule” > “OK”
- Enter the rule name of your choice
- In the “Match URL” section:
- select “Matches the Pattern” in the “Requested URL” drop-down menu;
- select “Regular Expressions” in the “Using” drop-down menu;
- enter the following pattern in the “Match URL” section: “(.*)” ;
- check the box “Ignore case”
- In the “Conditions” section select “Match all” in the “Logical Grouping” drop-down menu and click “Add”
- In the prompted window:
- enter “{HTTPS}” as a condition input
- select “Matches the Pattern” from the drop-down menu
- enter “^OFF$” as a pattern
- Click “OK”
- In the “Action” section select “Redirect” as an action type and specify the following for “Redirect URL”:
https://{HTTP_HOST}/{R:1}
- Check the box “Append query string”.
- Select a Redirection Type of your choice
- Click on “Apply” on the right side of the “Actions” Menu.