Skip to main content

IIS URL rewrite – force non-WWW and SSL and other redirects

Almost every client I work for I have to force some redirecting on the IIS for either security or SEO reasons, and I always forget how to do it. So to help myself I’ll post it here so I can focus on more fun stuff. Remember that you need to install the URL rewrite extension on the IIS before it will work. Otherwise you will get an invalid web.config error.

Force SSL – HTTP to HTTPS

<rule name="Force SSL" stopProcessing="true">
 <match url="(.*)" />
 <conditions>
 <add input="{HTTPS}" pattern="off" />
 </conditions>
 <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
 </rule>

What does pattern=”off” do? OFF is for NO-HTTPS requests and ON is for HTTPS requests.

Force non-WWW & SSL – HTTP to non www HTTPS (Updated April 30, 2018)

<rule name="Force non-WWW" enabled="true" stopProcessing="true">
 <match url="(.*)" />
 <conditions logicalGrouping="MatchAny">
 <add input="{HTTP_HOST}" pattern="^(www\.)(.*)$" />
 </conditions>
 <action type="Redirect" url="https://{C:2}/{R:1}" appendQueryString="true" />
</rule>
<rule name="Force HTTPS" enabled="true" stopProcessing="true">
 <match url="(.*)" />
 <conditions logicalGrouping="MatchAny">
 <add input="{HTTPS}" pattern="off" />
 </conditions>
 <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" />
</rule>

Redirect domain 1 to domain 2

<rule name="Redirect domain 1 to domain 2" stopProcessing="true">
 <match url=".*" />
 <conditions>
 <add input="{HTTP_HOST}" pattern="^(www.)?domain1.com$" />
 </conditions>
 <action type="Redirect" url="https://domain2.com" />
</rule>

Redirect everything under “/path” to root

<rule name="Redirect /path and subpages" stopProcessing="true">
 <match url=".*" />
 <conditions logicalGrouping="MatchAny">
 <add input="{REQUEST_URI}" pattern="path/(.*)" />
 <add input="{REQUEST_URI}" pattern="^/path()$" />
 </conditions>
 <action type="Redirect" url="https://{HTTP_HOST}/{C:1}" />
 </rule>

For example you have a blog, “dinbror.dk/blog” and now you want the blog to live at your root domain instead of under “/blog”, so the above redirect with redirect “dinbror.dk/blog/iis-url-rewrite-force-non-www-and-ssl/” to “dinbror.dk/iis-url-rewrite-force-non-www-and-ssl/”.

Redirect root to “/path”

<rule name="Root redirect" stopProcessing="true">
  <match url="^$" />
  <action type="Redirect" url="/path" /> 
</rule>

Above rule will redirect “dinbror.dk” to “dinbror.dk/path”

Redirect subdomain to domain

<rule name="Subdomain Redirect" stopProcessing="true">
 <match url=".*" />
 <conditions>
 <add input="{HTTP_HOST}" pattern="^(www\.)?blog\.dinbror\.dk$" />
 </conditions>
 <action type="Redirect" url="http://dinbror.dk/blog" />
 </rule>

Above rule will redirect “www.blog.dinbror.dk” and “blog.dinbror.dk” to “dinbror.dk/blog”.
If you want to redirect to the same domain as the subdomain has you can make it dynamic with the following rule:

<rule name="Subdomain Redirect" stopProcessing="true">
 <match url=".*" />
 <conditions>
 <add input="{HTTP_HOST}" pattern="^(www\.)?blog\.(dinbror\.dk)$" />
 </conditions>
 <action type="Redirect" url="https://{C:2}/blog" />
 </rule>

8 thoughts to “IIS URL rewrite – force non-WWW and SSL and other redirects”

  1. Hi!
    Are you sure that your “Force non-WWW & SSL – HTTP to non www HTTPS” rule will work correctly?
    From my experience – it will give you an infinite redirect loop irrelatively to the schema (HTTPS or HTTP) if the HTTP_HOST contains “www” subdomain.

    Thanks,
    Eli

    1. Yes you’re absolutely right. I guess you can’t do it in one rule then 🙁
      Will update the example when I’m on my computer again. Thanks for reporting

  2. What is the point of stopProcessing=”true” being included for redirects? From what I understand, it only works for rewrites?

    1. A rule may have the StopProcessing flag turned on. When this flag is turned on, it means that no more subsequent rules will be processed and the URL produced by this rule will be passed to the IIS request pipeline (if the rule matched). By default, this flag is turned off.

  3. Great post. Funny thing is I do the same thing on my Blog. Writing how-to for processes that that are hard to remember not only makes sense but it also is great for your audience. 😉

Leave a Reply to dinbror Cancel reply

Your email address will not be published.