Coding / Servers & Services / Tools & Utilities

IIS URL Redirect HTTP to HTTPS excluding one or more folders How to configure IIS to rewrite or redirect all HTTP requests to HTTPS except the files in a specific subfolder (or more) with a web.config rewrite rule

- by Ryan - 4 Comments. 12.6K
IIS URL Rewrite: redirect di più nomi di dominio su un singolo hostname

If you've stumbled upon this post, it most likely means that you're trying to use the rewrite/redirect features of IIS to redirect all the HTTP requests coming to your website to HTTPS/SSL. Since you are here we'll also took for granted that you're working with the IIS URL Rewrite module (in case you don't know what it is or if you need help installing it, check out this other post).

To get straight to the point, here's the rewrite rule you're probably looking for:

Now, what if we want to keep one or more folders (and all their contents) accessible through HTTP?

Here's a nice way to create an exception to the above rule adding a single additional line:

As we can see, we took advantage of the negate="true" attribute to create an excluding input pattern, which - if matched - will prevent that rule from triggering: therefore, all the pages included in that folder will be accessible without SSL. Needless to say, you can add multiple input patterns to exclude additional folders from the HTTP-to-HTTPS mandatory redirect as well.

Pretty neat, right?

For additional info, check out the following IIS URL Rewrite Module resources by Microsoft:

That's it for now: I hope that this could help other IIS administrators that are struggling against this issue!

Print Friendly, PDF & EmailPrint Friendly & PDF Download

Related Posts

Zeus Malware (and modern variants) what it is and how to prevent it

Are your HTTPS configuration settings good enough for 2024? A brief review of all the HTTPS protocols (from SSL v1 to TLS v1.3), a list of their known vulnerabilities, and how to secure your web server

How to Use Proxies for Competitive Analysis and Market Research

Webhooks: what they are and how to secure them A brief overview of what webhooks are and how to secure them (along with their data) using encryption, authentication, HTTPS, and more

Types of Proxy Servers: SOCKS, HTTP(S), FTP, SSL

Types of Proxy Servers: SOCKS, HTTP(S), FTP, SSL A high-level overview of the various proxy server protocols available nowadays and the main benefits they provide

About Ryan

IT Project Manager, Web Interface Architect and Lead Developer for many high-traffic web sites & services hosted in Italy and Europe. Since 2010 it's also a lead designer for many App and games for Android, iOS and Windows Phone mobile devices for a number of italian companies. Microsoft MVP for Development Technologies since 2018.

View all posts by Ryan

4 Comments on “IIS URL Redirect HTTP to HTTPS excluding one or more folders How to configure IIS to rewrite or redirect all HTTP requests to HTTPS except the files in a specific subfolder (or more) with a web.config rewrite rule

  1. This doesn’t work. Internal Server error with in the applicationHost file, works fine when it’s not.

    Reply

    1. Hi there, we tested the code on IIS 7, 8, 8.5 and 10 and it works without issues.

      Be sure to write the “excluding” line just like it’s shown:
      Reply

  2. Should be pattern not url for the add input. Had the same issue with 500 errors when written the other way, i.e.:

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.

This site uses Akismet to reduce spam. Learn how your comment data is processed.