Redirecting all traffic from HTTP to HTTPS except one nonSSL folder / file in IIS7 will make sure your users always access the site securely. There are many different ways to set up an IIS7 Redirect from HTTP to HTTPS and some are better than others. The ideal HTTP to HTTPS redirect would do the following:
- Gently redirect users to HTTPS so users don’t have to type in “https” in the URL
- Redirect users to the specific page that they were going to go to on HTTP (page.htm)
- Save any variables passed in the query string (?page=2)
- Work in all browsers
- Transfer PageRank to the redirected page by using a 301 redirect, maintaining SEO
- Allow specific parts of a site to force SSL but allow HTTP on other parts of the site
- Redirect users from mydomain.com to www.mydomain.com
<rule name="NoSSL - folder" enabled="true" stopProcessing="true">
<match url="^nossl/.*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
</conditions>
<action type="None" />
</rule>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
</rule>
