|Picture by Ondrej Supitar / unsplash.com|
In part 1 I showed you how to secure a Host Named Site Collection with TLS. But a user can still open the site collection without encryption. To force a secure connection we’ll have to create an automated redirect from http to https.
Leave the unsecure binding
You might think it’s a good idea to remove the http binding from the web application in IIS. But this would break your configuration, so don’t do that. Instead the binding is necessary for IIS to know which web application handles the request. From here the URL Rewrite module we are about to configure will take over.
First things first
To create a redirect we need an IIS extention called URL Rewrite which isn’t part of the regular IIS installation and cannot be found in the Windows installation either. Instead you must open a browser and download it from the official IIS support site http://www.iis.net/downloads/microsoft/url-rewrite