Share via

Redirect from HTTP to HTTPS using the IIS URL Rewrite module

A production deployment of SharePoint 2013 or 2016 should ensure that all HTTP traffic is encrypted in transit, however many users will still type https:// in their browser or have links that point to https:// instead of  https://. In these cases it can beneficial to automatically redirect users to the proper URL. One way of accomplishing this is the URL Rewrite module for IIS.

Key Terms

Rewrite - Modifies the incoming URL, the outgoing URL, or both.

Redirection - Uses HTTP status codes such as 301 or 302 to redirect the client to a different location. This involves an additional client round trip.

Supportability for SharePoint

The support for redirects and rewrites with SharePoint is documented in KB2818415. Since a HTTP 301/302 redirect to inform the browser of the updated URL is the preferred option for SharePoint, that will be the focus of this post. Please note that 301/302 redirects may not work with Office client applications.

Uses for redirect

In most cases a redirect is used for one of two reasons:

  1. Redirecting the user from http to https to enforce SSL communication. When a SharePoint farm is load balanced this is typically done using the load balancer but it some cases can be done on the SharePoint server or another server running IIS by using the IIS URL Rewrite module
  2. Redirecting a user who has a stale URL, typically when the name is changed during a farm migration or upgrade. This can also be done using a load balancer or any IIS server by implementing the URL Rewrite module.

Step by Step Instructions for HTTP to HTTPS redirect

#1 Download the URL Rewrite tool by following the instructions here

#2 Ensure that the IIS site you are using is configured for the proper port 80 binding. In this case we are listening for all traffic on port 80. But you could restrict this based on host header as needed


#3 Create a new URL rewrite rule

clip_image001 clip_image002 clip_image003

#4 Configure Rule Settings Exactly as follows

clip_image001[5] clip_image002[5] clip_image003[5] clip_image004

Note: In this example {HTTPS}, {HTTP_HOST}, and {REQUEST_URI} are all URL parts that can be accessed using the URL Rewrite module. More information on URL parts can be found here.


#5 Apply the rule


#6 From the top node disable and enable the rule (alternatively perform IISReset)

clip_image001[9] clip_image002[9]


Note: web.config file modifications

The URL rewrite rules get written to the web.config file for the site you are working in. For example, the above configuration should result in this addition to the web.config file:

  1 2 3 4 5 6 7 8 91011
 <rewrite> <rules>       <rule name="Redirect to http" enabled="true" patternSyntax="Wildcard" stopProcessing="true">          <match url="*" negate="false" />            <conditions logicalGrouping="MatchAny">                <add input="{HTTPS}" pattern="off" />           </conditions>         <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Found" />       </rule>   </rules></rewrite>

Additional Resources

Creating Rewrite Rules for the URL Rewrite Module

Supportability of Rewrite and Redirects with SharePoint 2007/2010/2013

Mixed Http and Https Content with SharePoint 2010

URL Rewrite for IIS7 http to https redirection

URL Component Reference