So you have been using SSL on your IIS 7.5 or greater server\u00a0for some time now; to get here you had to do a few things:<\/p>\n
Are you done? Not yet there are a few things left for you to do, the most obvious being redirecting all traffic to the SSL version of your site!<\/p>\n
This is easy enough to\u00a0accomplish\u00a0but before you do so you should probably monitor your CPU usage during your peak so to ensure you have some headroom. This\u00a0isn’t\u00a0likely to be a problem as most web-servers are not CPU<\/a> bound but it\u2019s always good to check.<\/p>\n Once you know you are OK then it\u2019s just a matter of deciding which approach to use, you have two choices:<\/p>\n If you are familiar with the IIS configuration you\u2019re probably asking yourself what about the \u201cRequire secure channel (SSL)<\/em>\u201d option in the IIS MMC? Unfortunately this doesn\u2019t do redirecting it only requires the use of SSL on a given site\/folder\/file.<\/p>\n So how do you decide which approach to use? The answer to that question is dependent on both your environment and personal preference.<\/p>\n For example if 100% of your site is ASPX based (no static HTML), you have your code structured so that there is a common include and you are not already using the URL Rewrite<\/a> module I would use method one based on KB239875<\/a>.<\/p>\n I suspect that these conditions will not be met for most people so let\u2019s focus on method two, using the URL Rewrite<\/a> \u00a0module.<\/p>\n This approach has a number of benefits, for one having this module allows you to leverage remapping for other purposes also for example maintaining old links that have SEO value. From a security standpoint it\u2019s also a good approach as it keeps this decision one of policy that is enforced in a central place.<\/p>\n To use the URL rewrite approach you will need to do the following:<\/p>\n <\/p>\n 1. Install the URL Rewrite module (x86<\/a>, x64<\/a>).<\/p>\n 2. Add a rule to rewrite all HTTP URLs to HTTPS.<\/p>\n a. Open your \u201cweb.config\u201d with your favorite editor.<\/p>\n b. Find the \u201cconfiguration\\system.webserver\\rewrite\\rules\u201d section.<\/p>\n c. Add the following text block:<\/p>\n <rule name=”Redirect to HTTPS” stopProcessing=”true”><\/p>\n <match url=”(.*)” \/><\/p>\n <conditions><\/p>\n <add input=”{HTTPS}” pattern=”^OFF$” \/><\/p>\n <\/conditions><\/p>\n <action type=”Redirect” url=”https:\/\/{HTTP_HOST}\/{R:1}” redirectType=”Permanent” \/><\/p>\n <\/rule><\/p>\n<\/blockquote>\n 3. Restart IIS.<\/p>\n \n Now just go to your website over HTTP and you will see you are redirected to the HTTPS instance of the site.<\/p>\n <\/p>\n Ryan<\/p>\n IIS Rewrite Module Configuration Reference<\/a><\/p>\n\n
\n
Additional Resources<\/h6>\n