Force HTTPS for entire site using IIS URL Rewrite module

Posted by Community Admin on 05-Aug-2018 00:04

Force HTTPS for entire site using IIS URL Rewrite module

Sitefinity - On Premise – Configurations & Setup

All Replies

Posted by Community Admin on 06-Nov-2013 00:00

I have already done this and while so far everything seems to be working okay, as far as I can tell with a totally empty site anyhow, I was wondering if there were any known issues between Sitefinity and using the IIS URL rewrite module to force https:
automatically-redirect-http-requests-to-https-on-iis7-using-url-rewrite-2-0

I have already looked at the following threads but they don't really go into forcing HTTPS this way and I am curious if there is a reason for the above method never really being discussed as an option:
2008/12/18/secure_socket_layer_ssl_and_sitefinity
how-do-i-secure-the-sitefinity-back-end-pages
securing-a-sitefinity-backend-with-ssl
securing-sf-admin-area

edit - I am using Sitefinity 6.2 running on Windows 2012r2/IIS 8

Posted by Community Admin on 06-Dec-2013 00:00

Turns out the Sitefinity backend wasn't too happy with this, I started running into problems when attempting to publish (or delete) pages the following error came up:

The content type text/html; charset=UTF-8 of the response message does not match the content type of the binding (text/xml; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '<HTML><HEAD><link rel="alternate" type="text/xml" href="http://localhost/sf-five/DefaultWorkflows/PagesApprovalWorkflow.xamlx?disco"/><STYLE type="text/css">#content FONT-SIZE: 0.7em; PADDING-BOTTOM: 2em; MARGIN-LEFT: 30pxBODYMARGIN-TOP: 0px; MARGIN-LEFT: 0px; COLOR: #000000; FONT-FAMILY: Verdana; BACKGROUND-COLOR: whitePMARGIN-TOP:

Similar problems to:
www.sitefinity.com/.../external-security-token-service-issues

I guess maybe i'll attempt to force ssl for the site and exclude the backend.

Posted by Community Admin on 14-Jan-2014 00:00

I've been having the same issue when trying to force HTTPS for a Sitefinity site. Here's the rewrite rule that eventually worked for me:

<rewrite xdt:Transform="Insert">
    <rules>
        <rule name="Redirect to HTTPS" stopProcessing="true">
            <match url="(.*)" />
            <conditions>
                <add input="HTTPS" pattern="^OFF$" />
                <add input="URL" pattern="/DefaultWorkflows/.+\.xamlx.*" negate="true" />
            </conditions>
            <action type="Redirect" url="https://HTTP_HOST/R:1" />
        </rule>
    </rules>
</rewrite>

Cheers,
Chris

Posted by Community Admin on 17-Jan-2014 00:00

Hi guys,

Thank you for bringing this interesting topic to our attention. We've had plans for releasing a KB about this and its finally out. You can check it in the ling below:

http://www.sitefinity.com/developer-network/knowledge-base/forcing-all-site%27s-traffic-under-ssl-prevents-publishing-content-and-pages

Regards,
Pavel Benov
Telerik

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

This thread is closed