Redirect from HTTP to HTTPS using the IIS URL Rewrite module

A production deployment of SharePoint 2013 or 2016 should ensure that all HTTP traffic is encrypted in transit, however many users will still type https:// in their browser or have links that point to https:// instead of  https://. In these cases it can beneficial to automatically redirect users to the proper URL. One way of accomplishing this is the URL Rewrite module for IIS.

Key Terms

Rewrite - Modifies the incoming URL, the outgoing URL, or both.

Redirection - Uses HTTP status codes such as 301 or 302 to redirect the client to a different location. This involves an additional client round trip.

Supportability for SharePoint

The support for redirects and rewrites with SharePoint is documented in KB2818415. Since a HTTP 301/302 redirect to inform the browser of the updated URL is the preferred option for SharePoint, that will be the focus of this post. Please note that 301/302 redirects may not work with Office client applications.

Uses for redirect

In most cases a redirect is used for one of two reasons:

  1. Redirecting the user from http to https to enforce SSL communication. When a SharePoint farm is load balanced this is typically done using the load balancer but it some cases can be done on the SharePoint server or another server running IIS by using the IIS URL Rewrite module
  2. Redirecting a user who has a stale URL, typically when the name is changed during a farm migration or upgrade. This can also be done using a load balancer or any IIS server by implementing the URL Rewrite module.

Step by Step Instructions for HTTP to HTTPS redirect

#1 Download the URL Rewrite tool by following the instructions here

#2 Ensure that the IIS site you are using is configured for the proper port 80 binding. In this case we are listening for all traffic on port 80. But you could restrict this based on host header as needed

image

#3 Create a new URL rewrite rule

clip_image001 clip_image002 clip_image003

#4 Configure Rule Settings Exactly as follows

clip_image001[5] clip_image002[5] clip_image003[5] clip_image004

Note: In this example {HTTPS}, {HTTP_HOST}, and {REQUEST_URI} are all URL parts that can be accessed using the URL Rewrite module. More information on URL parts can be found here.

 

#5 Apply the rule

image

#6 From the top node disable and enable the rule (alternatively perform IISReset)

clip_image001[9] clip_image002[9]

 

Note: web.config file modifications

The URL rewrite rules get written to the web.config file for the site you are working in. For example, the above configuration should result in this addition to the web.config file:

  1 2 3 4 5 6 7 8 91011
 <rewrite> <rules>       <rule name="Redirect to http" enabled="true" patternSyntax="Wildcard" stopProcessing="true">          <match url="*" negate="false" />            <conditions logicalGrouping="MatchAny">                <add input="{HTTPS}" pattern="off" />           </conditions>         <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Found" />       </rule>   </rules></rewrite>

Additional Resources

Creating Rewrite Rules for the URL Rewrite Module
https://www.iis.net/learn/extensions/url-rewrite-module/creating-rewrite-rules-for-the-url-rewrite-module

Supportability of Rewrite and Redirects with SharePoint 2007/2010/2013
https://support.microsoft.com/kb/2818415

Mixed Http and Https Content with SharePoint 2010
https://blogs.visigo.com/chriscoulson/mixed-http-and-https-content-with-sharepoint-2010/

URL Rewrite for IIS7 http to https redirection
https://tech.mikeal.com/blog1.php/url-rewrite-for-iis7-http-to-https-redirection

URL Component Reference
https://www.iis.net/learn/extensions/url-rewrite-module/url-rewrite-module-configuration-reference#Accessing_URL_Parts_from_a_Rewrite_Rule

Comments

  • Anonymous
    December 07, 2016
    Hi,thanks for this post. It was helpfull. But there is an error. The regular expression must be "." instead "".This is from my failed request trace with "" only:The expression "" contains a repeat expression (one of '*', '?', '+', '{' in most contexts) that is not preceded by an expression.Regards,Torsten
  • Anonymous
    March 03, 2017
    Great article Damian!Would there be any performance implication due to this rule? Considering this as I'm looking to implement this to a site where we've 20K+ users. Any suggestion anyone? Appreciate any feedback!
    • Anonymous
      March 15, 2017
      I do not have any specific performance metrics for implementing the Rewrite module. In this case where we are doing a redirect only on the first request I wouldn't expect it have a heavy impact.
  • Anonymous
    March 17, 2017
    Matches Wildcard did not work for me when there are Parameters like ?ID012345 i got a redirection to https://....?id=12345&ID=12345I chose to make a regular Expression instead of Wildcard and changed the pattern to (.*).The Redirect URL was changed to https://{HTTP_HOST}/{R:1} and now it works fine,
  • Anonymous
    March 17, 2017
    THis is close for me but my original url has port included http://xyz:8787 that is being appended to the final which of course makes ssl fail
  • Anonymous
    May 01, 2017
    You can also config the redirect domain with or without www using URL rewrite. The SSL cert only include: www FQDN.web.config example: Extracted from: http://www.sysadmit.com/2017/05/windows-iis-redirigir-http-https.html
  • Anonymous
    May 25, 2017
    Thanks for the example!!
  • Anonymous
    June 18, 2017
    Thanks for this post. great article!
  • Anonymous
    September 08, 2017
    If you use the redirect URL https://{HTTP_HOST}{REQUEST_URI} as is used in this article, make sure you uncheck the "Append query string" checkbox, otherwise your query string will be duplicated after the redirect. This is because REQUEST_URI already contains the query string.
  • Anonymous
    October 22, 2017
    The comment has been removed
  • Anonymous
    November 01, 2017
    Hi,thanks for this post. It id helpfull.
  • Anonymous
    November 02, 2017
    Thanks for this post!