How can I redirect HTTP IIS7 response "403 forbidden" to HTTPS?
I asked our web host to setup SSL on our web site, such that HTTP requests will automatically redirect to HTTPS.
They say this is done, however when accessing the site via HTTP I now get:
Response HTTP/1.1 403 Forbidden
HTTPS works fine.
I asked for this to be corrected and I've been told this is not a server setting (which they manage) and needs to be fixed via web.config (which I have access to).
I've tried unsuccessfully to use the following changes to catch this 403 and redirect it:
<system.web>
<customErrors defaultRedirect="/test.html" mode="On"></customErrors>
</system.web>
<httpErrors errorMode="Custom">
<remove statusCode="403" subStatusCode="-1" />
<error statusCode="403" prefixLanguageFilePath="" path="/test.html" responseMode="ExecuteURL" />
</httpErrors>
How can I resolve this such that HTTP will redirect to - effectively requiring - HTTPS?
Solution 1:
Turns out the host had to first uncheck "Require SSL", then I was able to redirect traffic in web.config via:
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>