Problems redirecting HTTP to HTTPS with a 301 redirect


I am attempting to move my site to HTTPS.
I am experiencing two issues:

1. My HTTP to HTTPS redirect is working properly, but I've noticed it's displaying a 302 redirect header status.
I understand it needs to be a 301 redirect - how do I fix that?

2. My post forms are no longer taking the user to their thank you pages. Instead, they're giving a 404 error upon submitting.
I'm guessing this is because of difference in protocol. Any ideas on how to approach this?

Here are the necessary details:
- Server: Windows 2008 R2/IIS 7.5
- SSL certificate properly installed and functional
- IIS settings:
- HTTP redirect module: not used (no redirect set up)
- SSL settings module: "Require SSL" is not checked. Under client certificates, "Ignore" is chosen.
- Two key details from my web.config file:
<add key="UriScheme" value="https" />

<rule name="HTTP to HTTPS redirect" stopProcessing="true">
  <match url="(.*)" />
      <add input="{HTTPS}" pattern="off" ignoreCase="true" />
  <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
1. I am thinking of using to handle in case where there is subfolder appended in the URI etc
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />

2. For 404 case, may have to ascertain even if the Redirect is affecting the POST as typically we should be seeing something like 307 status code, which prevents the client from losing data when the browser issues an HTTP POST request. Not sure if this is the case, but since it cannot find the URL to POST - may have to check the actual redirected path if it hits the rule. Regardless, may be still good to do error handling based on status of 404 (in this case) ...something of this below (Pardon I am not code savvy)..also need to make the error page is of existence.

OR better to ref MSDN guidance @

        <!--redirect if connected without SSL-->
        <error statusCode="403" subStatusCode="4" path="errors\403.4_requiressl.html" responseMode="File"/>

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
1.  Remove the redirectType parameter from your rewrite rule.  The rewrite handler assumes a permanent redirection unless otherwise stipulated.
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
  <match url="(.*)" />
      <add input="{HTTPS}" pattern="off" ignoreCase="true" />
  <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />

Open in new window

btanExec ConsultantCommented:
For 301 - redirectType="Permanent"
For 302 - redirectType="Found"
Possibly to be explicit,  <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
or <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent"  />
The latter is for inclusion of entire URL path with querystring
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.