It is a no brainer that for SharePoint, an HTTPS connection is almost always the preferred connection type. I can’t think of a single scenario where it would be preferred to set up a SharePoint Web Application to default to a non-SSL HTTP URL than a secure one. One problem you may find as an administrator though, is that user’s aren’t aware of the difference between this small change in the URL. Your SharePoint site may be bound to an HTTP connection on port 80, but your front end may only respond to the 443 connection that you have set up.

The easiest way to address this problem is to set up an IIS HTTPs URL redirect for SharePoint. The redirect will be used to take any request to the SharePoint front end for an http site, and rewrite the URL to HTTPS. This configuration outlined below will work for both the top level SharePoint site, as well as any sub-locations.

Requirements:
IIS 7.0+
Microsoft URL Rewrite Module
http://www.microsoft.com/en-us/download/details.aspx?id=7435

Set up HTTP and HTTPS bindings for all Web Applications on ALL SharePoint Front End Servers

Before you can make any configuration changes in IIS, you must first make sure that the front end servers know how to respond to the requests that they will now receive on 443.

  1. Open IIS Manager
  2. Expand the navigation tree to show the list of sites hosted on the server
  3. Select the site that you would like to set up a redirect for, and click bindings on the right under Actions
  4. In this window, ensure that you have a FQDN Host name entry for your web application for both 443 and 80. Note that you will need to have a certificate to use for the 443 binding.
  5. Repeat these steps for all Front End servers in the farm

Set up the IIS Rewrite module extension

Before we can set up the rewrite, the IIS extension must be installed on all IIS instances on all front end servers. See the link above under requirements for the download link from Microsoft. No restart is required after installation (always important to know as a SharePoint Administrator)

  1. Navigate to your site and in the middle pane, select the “URL Rewrite” button under the IIS section
  2. Under Actions on the right side, select Add Rule(s)…
  3. Inbound Rule > Blank Rule
  4. Name: “HTTP to HTTPS Redirect for WebApplication”
  5. Requested URL: Matches the Pattern
  6. Using: Regular Expressions
  7. Pattern: (.*)
  8. Ignore Case: checked
  9. Conditions -> Add…
  10. Condition Input: {HTTPS}
  11. Check if input string: Matches the pattern
  12. Pattern: off
  13. Action type: Redirect
  14. Redirect URL: https://{HTTP_HOST}/{R:1}
  15. Append query string: checked
  16. Redirect type: Found (302)

11 Comments

sharepoint online training · July 10, 2015 at 5:15 am

It was very useful information and keep updating with new topics

m · September 15, 2015 at 7:37 am

Point 14.
Where is written “Redirect URL: https://{HTTP_POST}/{R:1}” should put “Redirect URL: https://{HTTP_HOST}/{R:1}”

Note the difference between {HTTP_POST} and {HTTP_HOST}

    jhladish · April 1, 2016 at 2:45 pm

    This has been updated, thanks!

Jannie · October 23, 2015 at 6:58 am

It should be https://{HTTP_HOST}/{R:1} NOT https://{HTTP_POST}/{R:1}

    jhladish · August 23, 2017 at 1:39 pm

    Late response, but thank you for pointing this out. I typed this walkthrough out all in one-sitting, so typos galore!

correction · January 26, 2016 at 9:06 pm

{HTTP_HOST} not {HTTP_POST}

    jhladish · August 23, 2017 at 1:39 pm

    As Jannie said above, I am updating this now. Thank you for pointing this typo out!

Craig · September 28, 2016 at 3:41 am

{R:1} should be {R:0}

Or at least I had to change that to make it work.

andy · November 24, 2016 at 5:43 pm

Thanks Bud. Good stuff. Should we do the above in all front end servers?

    jhladish · August 23, 2017 at 1:41 pm

    Andy –
    If you have load-balanced web servers, a user could end up on either server. IIS runs independently on each of these servers. If a user is routed to one with this configuration, and another without, you will get inconsistent results. Unless you are making changes from one centralized location, it is best to keep modifications like this as consistent as possible between servers in your farm.

Damavand Iran · August 30, 2017 at 2:07 am

I all the tiome emailed this website post pagee
to all my associates, because if like to read
it next myy links will too.

Leave a Reply

Your email address will not be published. Required fields are marked *