How to force your website to redirect from HTTP to HTTPS using a web.config file


In this guide I will be showing you what you can do if you don’t want your website to route to HTTP rather you want it to redirect from HTTP to HTTPS. HTTP stand for Hypertext Transfer Protocol. It is an application-layer protocol for transmitting data in the form of HTML or can be a set of rules for transferring files like text, sound, video, images and many more. It was originally designed for communication between different browsers but same can be used for other purposes. HTTPS which stands for Hypertext Transfer Protocol Secure is an extension of HTTP and used for secure communication between one end of a browser to another end of a browser. It is a combination of HTTP with Secure Socket Layer (SSL) or Transport Layer Security. Both SSL and TLS are authentication and security protocols Implemented on browsers for secured communication. You can read more related guides here: URL Rewrite: How to perform redirection from HTTP to HTTPS, Disable HTTP access: How to disable web console in Cisco switches, IP Address UNREACHABLE: HTTP connection pool Max retries exceeded with url/wsman caused by NewConnectionError

Nobody wants to supply or keep their confidential data like financial details on any website that is not properly secured. Like the below website that accepts credit card details and is not secure. What needs to be done is to purchase an SSL Certificate and configure it. Then making sure that the website strictly redirects from unsecured to secure page, for example, if a user enters in the browser it will redirect to

Unsecure Website

Below is the web.config file that allows your website to direct to HTTP even if you have SSL Certificate installed.

HTTP web.config file

The above web.config file should be updated with the below web.config file in the httpdoc inside the file manager of your cPanel.

<?xml version=”1.0″ encoding=”UTF-8″?>
                <clear />
                <rule name=”Redirect to https” stopProcessing=”true”>
                    <match url=”.*” />
                        <add input=”{HTTPS}” pattern=”off” ignoreCase=”true” />
                    <action type=”Redirect” url=”https://{HTTP_HOST}{REQUEST_URI}”    redirectType=”Permanent” appendQueryString=”false” />
HTTPS web.config file

The below image shows the web.config file updated after you click on save.

web.config file updated

After the web.config file is updated it will start redirecting from HTTP to HTTPS (Secure) showing the padlock icon like the below image.

Unsecure website redirect to Secure website

I hope you found this blog post on How to force your website to redirect from HTTP to HTTPS using a web.config file very interesting and helpful.

In case you have any questions do not hesitate to ask in the comment section.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x