Redirect HTTP to HTTPS with IIS

I’ve got an internal website that runs in IIS 6, for which I have enabled SSL. Due to the nature of this website, and the login credentials used, I want to make sure any access is always encrypted, but still allow my users to access it at http:// for ease of use.


Fortunately I found a pretty simple way of doing this with IIS 6 (I don’t know whether it’s still supported in IIS 7, but I imagine it would).

First, create a file called sslredirect.htm, with the contents as:

<SCRIPT type=text/javascript>
if (location.protocol != 'https:')
window.location = 'https://'+ + location.pathname +;
//alert( + location.pathname +; Just for sanity check
// -->


Then, go into the properties of your IIS site, and on the Custom Errors tab, change error 403:4 to point to your sslredirect.htm file.

IIS custom error configuration

Now, if someone opens up, it will automatically redirect them to

One thought to “Redirect HTTP to HTTPS with IIS”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.