February 2015 - Posts

15 February 2015
Configuring HTTP to SSL Redirects in IIS/Windows
Configuring websites to only allow SSL traffic is pretty much the norm these days (and if it isn’t, it should be). The problem with taking this route to secure your web traffic is that there really isn’t an intuitive way to then make sure all http (port 80) traffic then gets properly redirected over to https (SSL port 443) within IIS. Microsoft’s industrial strength firewall solutions had built in rules to enable this behavior, but they’ve all been discontinued or EOL’d. If redirects are not set up properly, users will get an error page when attempting to navigate to a site in IIS that is configured as SSL only, but accessed via standard http (port 80). The desired behavior is to properly redirect (either 301 or 302 response codes) all http traffic to https, and to be able to do this from within IIS itself. It’s not intuitive, but is fairly straightforward once the limitations of IIS itself are figured out. The first thought might be to simply set up the redirect on the website itself within... Read More...