Redirect HTTP to HTTPS SSL

0
0
0

Redirect HTTP to HTTPS SSL

This page describes the process for forcing webserver requests for HTTP content to instead get HTTPS Content. There are different steps for IIS and Tomcat. Note: BOTH these approaches assume you’ve ALREADY installed your SSL Certificate.

Setting up IIS

Setting up IIS is easy. Put a web.config file containing the following XML at the root of the webserver:

<?xml version=”1.0″ encoding=”UTF-8″?>

<configuration>

<system.webServer>

<rewrite>

<rules>

<rule name=”Redirect to HTTPS” stopProcessing=”true”>

<match url=”(.*)” />

<conditions>

<add input=”{HTTPS}” pattern=”^OFF$” />

</conditions>

<action type=”Redirect” url=”https://{HTTP_HOST}/{R:1}” redirectType=”SeeOther” />

</rule>

</rules>

</rewrite>

</system.webServer>

</configuration>

Setting up Tomcat

You need to edit the 2 Tomcat configuration files; server.xml and web.xml and then when edited restart the tomcat service.

Open server.xml typically found in tomcat/conf and change:

Connector port=”80?

enableLookups=”false”

redirectPort=”8443?

to

Connector port=”80?

enableLookups=”false”

redirectPort=”443?

Then open web.xml (same directory) and add this snippet before the closing tag of /web-app:

<security-constraint>

<web-resource-collection>

<web-resource-name>Protected Context</web-resource-name>

<url-pattern>/*</url-pattern>

</web-resource-collection>

<!– auth-constraint goes here if you requre authentication –>

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>

Restart Tomcat and all pages should redirect to https.

Redirect-HTTP-to-HTTPS-SSLDownload

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *