IIS URL Redirect HTTP to HTTPS excluding one or more folders How to configure IIS to rewrite or redirect all HTTP requests to HTTPS except the files in a specific subfolder (or more) with a web.config rewrite rule

IIS URL Rewrite: redirect di più nomi di dominio su un singolo hostname

If you’ve stumbled upon this post, it most likely means that you’re trying to use the rewrite/redirect features of IIS to redirect all the HTTP requests coming to your website to HTTPS/SSL. Since you are here we’ll also took for granted that you’re working with the IIS URL Rewrite module (in case you don’t know what it is or if you need help installing it, check out this other post).

To get straight to the point, here’s the rewrite rule you’re probably looking for:

Now, what if we want to keep one or more folders (and all their contents) accessible through HTTP?

Here’s a nice way to create an exception to the above rule adding a single additional line:

As we can see, we took advantage of the negate=”true” attribute to create an excluding input pattern, which – if matched – will prevent that rule from triggering: therefore, all the pages included in that folder will be accessible without SSL. Needless to say, you can add multiple input patterns to exclude additional folders from the HTTP-to-HTTPS mandatory redirect as well.

Pretty neat, right?

For additional info, check out the following IIS URL Rewrite Module resources by Microsoft:

That’s it for now: I hope that this could help other IIS administrators that are struggling against this issue!

About Ryan

IT Project Manager, Web Interface Architect and Lead Developer for many high-traffic web sites & services hosted in Italy and Europe. Since 2010 it's also a lead designer for many App and games for Android, iOS and Windows Phone mobile devices for a number of italian companies. Microsoft MVP for Development Technologies since 2018.

View all posts by Ryan

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.