Enforcing HTTPS is essential for securing your website and improving SEO rankings. In Internet Information Services (IIS), you can configure an automatic HTTP to HTTPS redirect using built-in tools or the web.config file.
This guide works for IIS 7, IIS 8, IIS 10, and later versions.
A valid SSL certificate installed and bound to your site in IIS.
Administrator access to the server and IIS Manager.
Works well for simple sites or when you prefer a graphical interface.
Open IIS Manager
Press the Windows key, type inetmgr, and press Enter.
Select Your Site
In the Connections panel (left side), expand Sites and click your site name.
Install HTTP Redirect Feature (if not already installed)
Open Server Manager → go to Add Roles and Features.
Under Web Server (IIS) > Web Server > Common HTTP Features, make sure HTTP Redirect is selected.
Open HTTP Redirect
In Features View, double-click HTTP Redirect.
Enable Redirect to HTTPS
Check “Only redirect requests to content in this directory (not subdirectories)”.
Enter your HTTPS URL (e.g., https://www.example.com).
Check both:
“Only respond to requests to this site”
“Status code: 302 Found” (or change to 301 for permanent redirect).
Apply the Settings
Click Apply in the Actions pane.
web.config File (Recommended for Developers)Ideal for permanent redirects and version control.
Open your site’s web.config file (located in the website’s root directory).
Add the following inside <system.webServer>:
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
Save the file and reload the site in your browser to test.
🧠 Note: Requires URL Rewrite Module installed. You can download it from the Microsoft IIS site.
Download from: https://www.iis.net/downloads/microsoft/url-rewrite
Run the installer and restart IIS Manager.