Change the bindings in your main site to only support HTTPS. (Remove HTTP.) Add rule #2 to that site. Remove rule #1.
Add a second web site, Set the bindings to only use HTTP with the host name of your main site. In the HTTP Redirect section, set it to redirect all requests to the HTTPS://www.whatever.com main site.