Setup HSTS and rewrite for IIS 8 and .NET

For your .NET Website, this is the simple way below, just update your web.config with the following:


<system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="Strict-Transport-Security" value="max-age=31536000" />
      </customHeaders>
    </httpProtocol>
    <rewrite>
      <rules>
        <rule name="HTTPS force" enabled="true" stopProcessing="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTPS}" pattern="^OFF$" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</system.webServer>


If you want to do it with IIS 8

  • Open IIS 8
  • Click “Add Rule(s)”
  • Blank rule
  • Name: HSTS Redirect
  • Requested URL: Matches the Pattern
  • Using: Regular Expressions
  • Pattern: (.*)
  • Ignore case: Checked

Conditions

  • Logical grouping: Match all
  • Click “Add”
  • Condition input: {HTTPS}
  • Check if input string: Matches the Pattern
  • Pattern: ^OFF$
  • Ignore case: Checked

Action

  • Action type: Redirect
  • Redirect URL: https://{HTTP_HOST}/{R:1}
  • Append query string: Checked
  • Redirect type: Permanent (301)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.