In this guide, I’ll walk you through the process of redirecting every site hosted on your server to HTTPS. Please note each site will need to have the HTTPS bindings properly configured else the sites won’t load at all.


Please note that URL Rewrite needs to be installed on the server, you can download and install it via the Web Platform Installer on

Make sure you don’t have ‘Require SSL’ ticked in the SSL Settings panel. This will completely block all unencrypted requests to the site in question, we want to allow HTTP but redirect them to HTTPS automatically. Having ‘Require SSL’ won’t allow us to do this.

Note: If you wish to redirect individual sites on a site-by-site basis, please follow this guide:

Windows Server How To: Force Redirect to HTTPS in IIS

Redirect all sites to HTTPS:

Sensitive data has been blocked out on the screenshots.

Open up the Internet Information Services (IIS) Manager and double click on your server.

Then double click on URL Rewrite.

Next up, click on Add Rule(s)… and then double click on Blank Rule under the Inbound Rules section.

Set the name of the rule (I’ve used Force HTTPS), put (.*) into the text-box labelled Pattern:, and untick Ignore case. Then, expand Conditions by clicking the arrow on the right of the Conditions segment and click Add….

Type {HTTPS} into the text-box labelled Condition input and type off into the text-box labelled Pattern: and click OK.

Then, scroll down to the Action section at the bottom and set the Action type:  to Redirect and type the following string into the text-box labelled Redirect URL:.


Ensure the Redirect type: is set to Permanent (301) and then click Apply in the top right of the IIS Manager window.

Now test loading some of the websites you host on your server in a web browser by browsing to it with http:// at the beginning of the URL, and IIS will automatically redirect the site to the HTTPS version.