none
Redirect HTTP to HTTPS for SharePoint 2013 RRS feed

  • Question

  • Hello,

    I have been asked to ensure that all user communication with SharePoint happens with HTTPS and HTTPS only.

    I configured HTTPS successfully on my sharepoint web application in IIS. I made sure that "Require SSL" is set to true. and I also removed bindings for HTTP in inetmgr for my SharePoint Web Application.

    Good. the only problem is that lot of users call up helpdesk and say "SharePoint is down" when in reality they are typing "http://mysharepoint". 

    So I am trying to make sure that if they type in http://mysharepoint... it is automatically upgraded to https://mysharepoint.

    But I get an error that there is a infinite redirect loop in my IIS.

    Has anyone done this redirect of HTTP to HTTPS? for SharePoint? Can you please let me know how you did it?


    val it: unit=()

    Friday, June 14, 2013 4:13 PM

Answers

  • Hi, I believe there is a better solution than making a http redirect. Please try the following:

    1. Go to you Central Administration

    2. Click Application Management on the left

    3. Click Select Alternate access mappings

    4. Select Edit Public Urls

    5. Change Default Zone from http to https (Select the Alternate Access Mapping Collection if needed on the top right)

    6. Click OK, try an iisreset /noforce  and try again.

    Cheers,

    Carlos

    • Proposed as answer by Brandon Atkinson Sunday, June 16, 2013 10:58 PM
    • Unproposed as answer by MSDN Student Monday, June 17, 2013 5:39 PM
    • Marked as answer by MSDN Student Tuesday, June 18, 2013 7:12 PM
    Saturday, June 15, 2013 4:52 AM
  • If there is no HTTP binding, the IIS Site is not listening on tcp/80, which means the site cannot accept requests regardless of what you do with redirection.

    You either need to place a binding on tcp/80 or use an off-box solution (e.g. reverse proxy) to handle all incoming HTTP/HTTPS requests.


    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by MSDN Student Tuesday, June 18, 2013 7:12 PM
    Monday, June 17, 2013 9:30 PM
    Moderator

All replies

  • Hi, I believe there is a better solution than making a http redirect. Please try the following:

    1. Go to you Central Administration

    2. Click Application Management on the left

    3. Click Select Alternate access mappings

    4. Select Edit Public Urls

    5. Change Default Zone from http to https (Select the Alternate Access Mapping Collection if needed on the top right)

    6. Click OK, try an iisreset /noforce  and try again.

    Cheers,

    Carlos

    • Proposed as answer by Brandon Atkinson Sunday, June 16, 2013 10:58 PM
    • Unproposed as answer by MSDN Student Monday, June 17, 2013 5:39 PM
    • Marked as answer by MSDN Student Tuesday, June 18, 2013 7:12 PM
    Saturday, June 15, 2013 4:52 AM
  • Hi,

      AS carlos suggested, please try it. If you need more details, please find the below link for your reference,

    http://smithmicrotechinc.blogspot.in/2012/06/how-to-force-sharepoint-2010iis7-to.html


    Balaji -Please click mark as answer if my reply solves your problem.

    Monday, June 17, 2013 9:14 AM
  • Does not work!

    As I said, there is no http binding on my IIS. I removed it so that there is no way anyone can use HTTP. I did the following settings in my CA and did a IISRESET on each box. but when I do http://sp2013-poc the browser says "The web page is not available"


    val it: unit=()

    Monday, June 17, 2013 5:47 PM
  • Although this will work. Its a highly painful solution. 

    Simply because now you have a redirect site for each Web application and mysite.


    val it: unit=()

    Monday, June 17, 2013 5:48 PM
  • If there is no HTTP binding, the IIS Site is not listening on tcp/80, which means the site cannot accept requests regardless of what you do with redirection.

    You either need to place a binding on tcp/80 or use an off-box solution (e.g. reverse proxy) to handle all incoming HTTP/HTTPS requests.


    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by MSDN Student Tuesday, June 18, 2013 7:12 PM
    Monday, June 17, 2013 9:30 PM
    Moderator
  • If I do have HTTP binding on IIS and I do have an AAM for HTTP. then I am using HTTP.

    That is not my requirement. I must use HTTPS and HTTPS alone.

    I will look into the option which you specified about reverse proxy or the approach given by balaji.


    val it: unit=()

    Monday, June 17, 2013 9:58 PM
  • You have to be listening on tcp/80 somewhere for redirection to function.

    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Monday, June 17, 2013 10:03 PM
    Moderator
  • Agreed!

    But I want to listen to HTTP only in 1 place. Not in multiple places.

    This one place should then redirect to multiple web applications ... all of them only listen on HTTPS.

    right now it looks like if I have N web applications, then I need to listen to HTTP N times.


    val it: unit=()


    Monday, June 17, 2013 11:04 PM
  • You'll only need a single site on a reverse proxy to listen for the FQDN of all Web Applications, and do the proper redirection.  This can be done with the IIS Application Request Module, TMG, UAG, Squid, and others.

    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Monday, June 17, 2013 11:27 PM
    Moderator
  • I got an http to https redirect using this method by Todd Klindt.

    http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?List=56f96349-3bb6-4087-94f4-7f95ff4ca81f&ID=48&Web=48e6fdd1-17db-4543-b2f9-6fc7185484fc

    With this approach you need to create a separate site in IIS that responds to http, and have that site forward it to the https site. Although this is working fine, I don't like the idea of a redirect site in IIS, it seems sloppy. I was looking for an alternative.

    Tuesday, August 27, 2013 6:54 PM
  • Do you have an appliance in front of the SharePoint WFE(s) that can do the redirect for you?

    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Tuesday, August 27, 2013 7:10 PM
    Moderator
  • We use TMG, but I've been told using it for internal site redirection is not an option. I'm wondering if there is a Microsoft best practice for this.
    Tuesday, August 27, 2013 7:18 PM
  • Who told you this? In the absence of a hardware device, TMG is not a bad proxy device for ssl redirects

    http://www.isaserver.org/blogs/shinder/news/http-to-https-redirection-options-in-forefront-tmg-and-uag-1252.html


    Please mark my response as an answer if appropriate.
    Learn.SharePoint.com

    Tuesday, August 27, 2013 7:37 PM
  • Who told you this? In the absence of a hardware device, TMG is not a bad proxy device for ssl redirects

    http://www.isaserver.org/blogs/shinder/news/http-to-https-redirection-options-in-forefront-tmg-and-uag-1252.html


    Please mark my response as an answer if appropriate.
    Learn.SharePoint.com


    I think the concern with internal site use and TMG is that TMG becomes an extra piece in the communication loop. I will more than likely just use the redirection Todd Klindt suggested and just get over the extra IIS sites. 
    Wednesday, August 28, 2013 12:10 PM
  • There is a slight correct to the http to https redirection through alternate access mapping in sharepoint. It will not work by simply entering the https URL in the default zone.

    You need to

    1. put the https URL in the default zone 

    2. remove http URL from all the public zone URLs

    2. in AAM, click to Add an internal URL and enter the http URL there and select default zone.

    4. In IIS make an entry for both the http and HTTPS urls in the same website and install configure cert.

    Any requests to http should now be rediredted to HTTPS :)

    Faisal

     

    Faisal

    Thursday, March 20, 2014 7:37 PM
  • This process breaks Office Web Apps, when removing the HTTP URL's as you would have to do. I believe because Office Web Apps must have access to port 80 on the root of the web application.
    Thursday, October 29, 2015 6:18 PM