Need to get a site redirecting both to www and https

Question

Parts of other answers on Stack Overflow worked, other parts didn't, so I thought I would ask for the full solution including IIS settings re bindings.

I have a site (old ASP classic) that is being moved to IIS 8 (2012).

The site works when testing it from my hosts file.

At the moment I can only get it to redirect http to https not non www requests to www.example.com as well.

So I have 2 bindings in IIS (80/433) for www.example.com, I also tried it with another set without the www. e.g example.com but then I got errors such as the system is trying to process your request in such a way it won't return e.g following redirects around in a circle etc.

I am not so sure if that was about the 2 lots of bindings or the rules it was getting a bit messy then. So I need the whole approach from IIS binding setup and web.config rules (or is there a better way in IIS 8 to force all 80 traffic to port 443?)

I already have a number of ISAPI rules in my web.config file such as

<rule name="Order" stopProcessing="false">
    <match url="^applications/order/?$" />
    <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
    <action type="Rewrite" url="plugins/order.asp" />
</rule>
<rule name="Robots 1" stopProcessing="false">
    <match url="^robotstxt\.asp$" />
    <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
    <action type="Rewrite" url="robottxt.asp" />
</rule>
<rule name="Robots 2" stopProcessing="false">
    <match url="^robotstxt$" />
    <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
    <action type="Rewrite" url="robottxt.asp" />
</rule> 

So when I read up I saw about people trying to to do both rules at once or in two sets but it just never managed to work foe me.

I need non http requests to go to https and for non www requests to go to www.example.com e.g https://www.example.com

At the moment it's partially working but only because I am not trying the non www. redirects.

I have 2 bindings for the www.example.com hostnames and this one rule at the top.

<rule name="Redirect to HTTPS" stopProcessing="true">
  <match url="(.*)" />
  <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
    <add input="{HTTPS}" pattern="^OFF$" />
  </conditions>
  <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>

So all the rules are working including the http to https. However I need non www rules to work as well.

To get it to keep the rest of my rules AND to get it to ALSO redirect non www. traffic to www.example.com e.g https://www.example.com. What is the best way to do this.

1. Do I need another pair of bindings set up without www. e.s example.com for 80/443?
2. Then, what rules do I add in and what order do they need to be as int .htacces they are processed top to bottom in loops an I just wonder with IIS way there is also a logical path that could trip it over causing infinite loops.

Answer 1

I think adding the include is what I would do if you needed to get on top of this very quickly. Use a search and replace program to add the include tag into all of your pages:

<!--#include file="redirect.asp"-->

Then create the "redirect.asp" with something similar to below:

<%
webDomain=LCase(Request.ServerVariables("HTTP_HOST"))
scriptname=Request.ServerVariables("SCRIPT_NAME")
If InStr(webDomain,"https://www.example.com")=0 Then

    Response.Status="301 Moved Permanently"
    Response.AddHeader "Location", "https://www.example.com" & scriptname

End If
%>

You may need to tweak that a bit but its the basics of a coded redirect anyway.