It can be beneficial for security and SEO reasons to secure an entire website, rather than pages were there are login forms and other private data. The myths around performance hits have been debunked, and the main potential downside is around third-party ad networks (and many sites don't display ads like this anyway).
To achieve redirection from non-secure to secure URLs on an IIS website, the URL Rewrite Module will need to be installed on the server. Then the following XML will need to be added into the web.config (site root) inside the system.web server section.
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
No comments:
Post a Comment