100% Australian Windows Web Hosting
  • Knowledge Base

Redirect Website to https (Force SSL) 

Was this helpful? (7) (0)

 If your website has an active SSL Certificate, it will work under the secure address of https:// (for example, https://www.studiocoast.com.au). You may want to redirect all incoming requests to your website to always go to https (secure) rather than http (unsecure). This is also known as "Force SSL".

Some CMS's such as Wordpress already have an option to Force SSL in the backend section so the below only applies for other websites.

In order to redirect (force) the website to https, a rewrite rule needs to be added into the web.config file in the root of the website.


IMPORTANT:
These steps are for advanced users only. If you are unsure, please submit a support request and we can apply the https redirect for you.

Step 1

Login to your account via hostControl. Then select the "File Manager" menu item from the Files section.

 

Step 2

Select the button for the domain you wish to force SSL on (in this example, we are selecting the example.com domain button).

.

 

Step 3

Look for a file called "web.config" which should be located in the root of your website. Then select the "Text Editor" link to the far right.

If you do not see a web.config file, you can create one by clicking the "Create Web.Config" button underneath.

 

Step 4

Once you have opened up the web.config's Text Editor, we can place a Rewrite Rule to redirect all requests to https instead of http. It is important that tags that make up the rule are placed in the correct location of your web.config file. If not, it may break your website. If you already have an existing web.config, you may have other rewrite rules. If so, please refer to your developer or StudioCoast support for further assistance.

If you are confident in placing rewrite rules, the following is an example of text to make up a full web.config file that will redirect all requests to https. If you have a blank or new web.config, copy and paste the following into the web.config file. Replace the "www.example.com" with your domain name,

<configuration>
  <system.webServer>
    <rewrite>
      <rules>
         
<rule name="Force HTTPS" stopProcessing="true">
           <match url="(.*)" ignoreCase="false" />
            <conditions>
             <add input="{HTTPS}" pattern="off" />
            </conditions>
              <action type="Redirect" url="https://
www.example.com/{R:1}" appendQueryString="true" redirectType="Permanent" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>

If you have an existing web.config file, then you may already have existing tags for <rewrite> and <rules>. If you do, locate the starting <rules> tag and paste the below text just below it (ensuring you eplace the "www.example.com" with your domain name):

         <rule name="Force HTTPS" stopProcessing="true">
           <match url="(.*)" ignoreCase="false" />
            <conditions>
             <add input="{HTTPS}" pattern="off" />
            </conditions>
              <action type="Redirect" url="https://
www.example.com/{R:1}" appendQueryString="true" redirectType="Permanent" />
          </rule>

A rewrite rule tag must always be placed inside <rules> tags, then the <rewrite> tags and finally inside the <system.webServer> tags.

Step 5

Once you have correctly placed your rewrite rule, click "Save".

 

Step 6

Once saved, changes will take effect straight away. Test it in your browser to ensure the redirect to http is working. In the above example, if we browsed to http://www.example.com, it will automatically redirect to https://www.example.com

 

Last Updated:  23/11/2016 8:02 AM