How to force SSL (HTTPS) on your website

You can force all visitors to your site to be using HTTPS by adding the below code to the web.config file in your wwwroot:

<system.webServer>
    <rewrite>
        <rules>
            <clear />
            <rule name="Redirect to https" stopProcessing="true">
                <match url=".*" />
                <conditions>
                    <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                </conditions>
                <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
            </rule>
        </rules>
    </rewrite>
</system.webServer>

Important Notes:

  • You will need an SSL certificate installed on your website for this to work.
  • If you are unsure how to complete the above please open a support ticket and one of our technicians will happily do it for you.
  • ssl, https, force ssl, redirect https
  • 2375 Users Found This Useful
Was this answer helpful?

Related Articles

No padlock or insecure message or mixed content warnings after installing SSL Certificate

If you receive a "website is insecure" type message or the browser padlock is missing after...

How to enable a free SSL certificate (Lets Encrypt)

All accounts come with a free SSL Certificate if you want to use it. To setup your free...

How to restore your own PFX file

To restore your own PFX certificate file to your website please do the following: Login to...

Lets Encrypt not installing or renewing - Umbraco Specific

Our control panel uses HTTP authorisation to get your certificate issued by LetsEncrypts remote...

Worldpay Callback not working with SNI

Worldpay do not support SNI which causes issues for clients that use SSL without a dedicated IP...