Force HTTPS with IIS URLRewrite and X-Is-SSL Header

16 Nov 2016

Recently we had reason to force all page connections to use SSL for one of our clients. We have done this in the past with code, but I wanted to see if this was possible to do with the URL Rewrite module. We utilize an SSL load balancer so all the examples online did not work for us. I was able to tinker with the rule until I found one that worked. Below is the code from the web.config file that causes all non-HTTPS traffic on a site to be routed to HTTPS.

    <rewrite>
        <rules>
          <rule name="Force Https" stopProcessing="true">
            <conditions>
                <add input="{HTTP_X_IS_SSL}" pattern="Yes" negate="true" />
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
          </rule>
        </rules>
    </rewrite>

We check the X-Is-SSL header that is added by the F5 load balancer and redirect as needed. So far, so good.

When In Doubt, Return Nothing

Force HTTPS with IIS URLRewrite and X-Is-SSL Header

Related Posts

Thunderbird 78 and Office 365 Calendar Sync 26 Apr 2021

Piazza and Open edX Integration 27 Sep 2020

Creating Disk Images With Ubuntu 27 Jun 2020