 |
| Picture by Ondrej Supitar / unsplash.com |
In part 1 I showed you how to secure a Host Named Site Collection with TLS. But a user can still open the site collection without encryption. To force a secure connection we’ll have to create an automated redirect from http to https.
Leave the unsecure binding
You might think it’s a good idea to remove the http binding from the web application in IIS. But this would break your configuration, so don’t do that. Instead the binding is necessary for IIS to know which web application handles the request. From here the URL Rewrite module we are about to configure will take over.
First things first
To create a redirect we need an IIS extention called URL Rewrite which isn’t part of the regular IIS installation and cannot be found in the Windows installation either. Instead you must open a browser and download it from the official IIS support site http://www.iis.net/downloads/microsoft/url-rewrite
This post is
The download is free of charge. Instead of downloading it directly, you can use WebPI for installation. Install URL Rewrite on to every frond-end server in your farm. As soon as the setup finishes the installation, you should see a new module in the IIS Manager. If you don’t see the icon right away, close the IIS Manager and reopen it.
Detour
Now open the URL Rewrite module. Select Add Rule(s)… from the Actions menu and choose Blank inbound rule from the list. The new rule needs some configuration now. The first thing to do is to give it a name. I call my rule Redirect to HTTPS.
Next we need to define the matching condition, when the rule will be triggered. For the Requested URL we leave the setting to Matches the Pattern and for the Using drop-down it stays with Regular Expressions. The Pattern field is filled with (.*)
With this regular expression for the Match URL section, we tell the URL Rewrite module to inspect every site request. Next we’ll define a condition that has to be true.
Expand the settings for the Conditions. Use the Add… button to create a new condition. In the Condition input field enter {HTTPS}. Leave Check if input string set to Matches the Pattern and use the Pattern ^OFF$ in the Pattern field. Leave the Ignore case checkbox marked.
Skip the Server Variables section, we don’t need them here. Instead expand the Action section and use Redirect for the Action type drop-down. In the Action Properties enter https://{HTTP_HOST}/{R:1} in the Redirect URL field. This is the URL that IIS will be generating when the conditions we configured earlier are true. Keep the Append query string checkbox marked and for the Redirect type use Permanent (301).
If everything is configured the way as described, select Apply from the Actions menu to save your work.
Open a browser a navigate to your site using the unsecure http protocol. If everything goes right, your browser should redirect you to the secure page using https now.
Related Learning
If you are interested in learning about the URL Rewrite module you’ll find a load full of articles on the iis.net pages.
Using the URL Rewrite Module
Creating Rewrite Rules for the URL Rewrite Module
Setting HTTP request headers and IIS server variables
Last words of advice
Configuring the site collections to use TLS should always be done as early as possible. Not only to keep your sites secured from day one, but also because your users might use static unsecure URL to link pages and documents over time. If this happens, it can become cumbersome to find these links and replace them with the new URL.
So that's it. I hope you enjoyed the articles. Please leave a message in the comments section below how you liked it and don't forget to share the links with your Twitter and facebooks followers.
