Redirect HTTP to HTTPS with IIS

I’ve got an internal website that runs in IIS 6, for which I have enabled SSL. Due to the nature of this website, and the login credentials used, I want to make sure any access is always encrypted, but still allow my users to access it at http:// for ease of use.

 

Fortunately I found a pretty simple way of doing this with IIS 6 (I don’t know whether it’s still supported in IIS 7, but I imagine it would).

First, create a file called sslredirect.htm, with the contents as:

<SCRIPT type=text/javascript>
<!--
if (location.protocol != 'https:')
{
window.location = 'https://'+ location.host + location.pathname + location.search;
//alert(location.host + location.pathname + location.search); Just for sanity check
 
}
// -->
</SCRIPT>

 

Then, go into the properties of your IIS site, and on the Custom Errors tab, change error 403:4 to point to your sslredirect.htm file.

IIS custom error configuration
 

Now, if someone opens up http://www.website.com, it will automatically redirect them to https://www.website.com.

One thought to “Redirect HTTP to HTTPS with IIS”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.