SharePoint / IIS HTTP to HTTPS URL Redirect or Rewrite

It is a no brainer that for SharePoint, an HTTPS connection is almost always the preferred connection type. I can’t think of a single scenario where it would be preferred to set up a SharePoint Web Application to default to a non-SSL HTTP URL than a secure one. One problem you may find as an administrator though, is that user’s aren’t aware of the difference between this small change in the URL. Your SharePoint site may be bound to an HTTP connection on port 80, but your front end may only respond to the 443 connection that you have set up.

The easiest way to address this problem is to set up an IIS HTTPs URL redirect for SharePoint. The redirect will be used to take any request to the SharePoint front end for an http site, and rewrite the URL to HTTPS. This configuration outlined below will work for both the top level SharePoint site, as well as any sub-locations.

IIS 7.0+
Microsoft URL Rewrite Module

Set up HTTP and HTTPS bindings for all Web Applications on ALL SharePoint Front End Servers

Before you can make any configuration changes in IIS, you must first make sure that the front end servers know how to respond to the requests that they will now receive on 443.

  1. Open IIS Manager
  2. Expand the navigation tree to show the list of sites hosted on the server
  3. Select the site that you would like to set up a redirect for, and click bindings on the right under Actions
  4. In this window, ensure that you have a FQDN Host name entry for your web application for both 443 and 80. Note that you will need to have a certificate to use for the 443 binding.
  5. Repeat these steps for all Front End servers in the farm

Set up the IIS Rewrite module extension

Before we can set up the rewrite, the IIS extension must be installed on all IIS instances on all front end servers. See the link above under requirements for the download link from Microsoft. No restart is required after installation (always important to know as a SharePoint Administrator)

  1. Navigate to your site and in the middle pane, select the “URL Rewrite” button under the IIS section
  2. Under Actions on the right side, select Add Rule(s)…
  3. Inbound Rule > Blank Rule
  4. Name: “HTTP to HTTPS Redirect for WebApplication”
  5. Requested URL: Matches the Pattern
  6. Using: Regular Expressions
  7. Pattern: (.*)
  8. Ignore Case: checked
  9. Conditions -> Add…
  10. Condition Input: {HTTPS}
  11. Check if input string: Matches the pattern
  12. Pattern: off
  13. Action type: Redirect
  14. Redirect URL: https://{HTTP_HOST}/{R:1}
  15. Append query string: checked
  16. Redirect type: Found (302)