How to force your website to redirect from HTTP to HTTPS using a web.config file

HTTP redirect to HTTPS

In this guide I will be showing you what you can do if you don’t want your website to route to HTTP rather you want it to redirect from HTTP to HTTPS, put simply I will show yo how to force redirect your website visitor from HTTP to HTTPS. HTTP stand for Hypertext Transfer Protocol. It is an application-layer protocol for transmitting data in the form of HTML or can be a set of rules for transferring files like text, sound, video, images and many more. It was originally designed for communication between different browsers but same can be used for other purposes.

HTTPS which stands for Hypertext Transfer Protocol Secure is an extension of HTTP. It is used for secure communication between one end of a browser to another end of a browser. It is a combination of HTTP with Secure Socket Layer (SSL) or Transport Layer Security. Both SSL and TLS are authentication and security protocols Implemented on browsers for secured communication. You can read more related guides here: URL Rewrite: How to perform redirection from HTTP to HTTPS, Disable HTTP access: How to disable web console in Cisco switches, IP Address UNREACHABLE: HTTP connection pool Max retries exceeded with url/wsman caused by NewConnectionError and How to Disable HTTP TRACE Method for Apache, IIS, sunOne, and Lotus Domino

Why you should protect your website

No one wants to provide or keep their confidential financial data on any improperly secured website. Like the below website that accepts credit card details and is not secure. So, what you need to do is buy an SSL Certificate and set it up. Then make sure to force your website to redirect from HTTP to HTTPS. This ensures that the user is not on an unsecured page. For example, if a user enters in the browser it will redirect to

image 1
Unsecure Website

How to redirect form HTTP to HTTPS

Below is the web.config file that allows your website to direct to HTTP even if you have SSL Certificate installed.

web.config file - website to redirect from HTTP to HTTPS
HTTP web.config file

The above web.config file should be updated with the below web.config file in the http doc inside the file manager of your cPanel.

<?xml version=”1.0″ encoding=”UTF-8″?>
                <clear />
                <rule name=”Redirect to https” stopProcessing=”true”>
                    <match url=”.*” />
                        <add input=”{HTTPS}” pattern=”off” ignoreCase=”true” />
                    <action type=”Redirect” url=”https://{HTTP_HOST}{REQUEST_URI}”    redirectType=”Permanent” appendQueryString=”false” />
HTTPS web.config file

The below image shows the web.config file updated after you click on save.

web.config file - website to redirect from HTTP to HTTPS
web.config file updated

After the web.config file is updated it will start redirecting from HTTP to HTTPS (Secure) showing the padlock icon like the below image.

image 5
Unsecure website redirect to Secure website

I hope you found this blog post on How to force your website to redirect from HTTP to HTTPS using a web.config file very interesting and helpful.

In case you have any questions do not hesitate to ask in the comment section.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x