Saturday, 29 September 2012

Error 403 Forbidden when using SSL Url Rewrite

Sadly, there is no neat way in IIS to redirect at http traffic to https. Nowadays, you can achieve this kind of functionality by writing a url rewrite rule into either web.config (for that site only) or applicationhost.config for the whole server. This rule lives under system.webserver and might look something like this:

Once you upload this, the redirect will occur but if you get a 403 error, the reason is that you must set the site to NOT require ssl in IIS. This is under SSL Settings for the web site you are using. If you require this then although you should be rewriting the url, the original request for http will not be allowed to be processed. Simply disable "require ssl" and then the rewrite rule will ensure all requests stay on ssl.
Post a Comment