How to force redirect HTTP to HTTPS

Forcing or redirecting your visitors to https automatically is the best way to make sure that your website can only accessed through SSL and that all traffic to and from your website is secured. We recommend that all customers who use SSL make sure that their sites contain one of the below rules.

IIS – web.config or Helicon Ape

For URL Rewrite, add the following rewrite rule to your web.config file’s <system.webServer> section.

      <rewrite>
        <rules>
          <rule name="HTTP to HTTPS Redirect" stopProcessing="true">
            <match url="(.*)" />
            <conditions>
              <add input="{HTTPS}" pattern="off" ignoreCase="true" />
            </conditions>
            <action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
          </rule>
        </rules>
      </rewrite>

For Helicon Ape, add these lines to the .htaccess file in your wwwroot under the RewriteEngine On directive

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Apache – .htaccess

Add these lines to your site’s root .htaccess file directly under the RewriteEngine On directive

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

2 thoughts on “How to force redirect HTTP to HTTPS”

  1. Hi,
    how can we set the https redirect on an aspnet core web application?
    I tried this in the Configure method during application startup:
    app.UseHsts();
    app.UseHttpsRedirection();

    But it does not work always. For example no redirect happens if I navigate in a private windows.

    Best,

    Antonio Valentini

Comments are closed.