Posts Tagged ‘Debugging’

HowTo: URL rewrite to redirect HTTP to HTTPS for non-local address

Below is an answer on how to redirect from HTTP to HTTPS using the URL Rewrite module for IIS, but ignoring local addresses used when debugging one’s app. Just contributed at

Needed it for an MVC app I’m maintaining, since due to updated policy that the authenticating organisation had decided for the SSO (Apereo CAS) configuration, we couldn’t redirect anymore back to a non-HTTPs URL (had the user used plain HTTP to access our app that is), after signing in succesfully via the SSO.

Combined URL Rewrite based answers from How to redirect HTTP to HTTPS in MVC application (IIS7.5) and from the question’s page on StackOverflow, and added "" apart from “localhost” for the ignored sites.

Note that the URL Rewrite approach is by far the simplest one to add and should kick in at the web server level before the web app has any chance to process the request.

I also see {REQUEST_URI} being used instead of {R:1} and pattern="^OFF$" instead of pattern="off".

At pattern added the ignoreCase="true" too, though it might be the default (same goes for enabled="true" for the rule, handy to have there if you want to turn some rule off when debugging some rule chain)

However, wondering based on if one needs to use SERVER_NAME instead of HTTP_HOST in the pattern if non-default ports are used and specify the port in the Redirect url too


  <!-- … -->


            <rule name="HTTP to HTTPS redirect (excluding localhost)" enabled="true" 
stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="off" ignoreCase="true" /> <add input="{HTTP_HOST}" pattern="localhost" negate="true" /> <add input="{HTTP_HOST}" pattern="" negate="true" /> </conditions> <action type="Redirect" redirectType="Permanent"
url="https://{HTTP_HOST}/{R:1}" /> </rule> </rules> </rewrite> <!-- … --> </system.webServer>
Categories: Posts Tags: , , , , , , , , ,
%d bloggers like this: