+1-888-365-2779
Try Now
More in this section

Forums / Deployment / Force HTTPS for entire site using IIS URL Rewrite module

Force HTTPS for entire site using IIS URL Rewrite module

4 posts, 0 answered
  1. Eric
    Eric avatar
    7 posts
    Registered:
    10 Dec 2012
    06 Nov 2013
    Link to this post
    I have already done this and while so far everything seems to be working okay, as far as I can tell with a totally empty site anyhow, I was wondering if there were any known issues between Sitefinity and using the IIS URL rewrite module to force https:
    automatically-redirect-http-requests-to-https-on-iis7-using-url-rewrite-2-0

    I have already looked at the following threads but they don't really go into forcing HTTPS this way and I am curious if there is a reason for the above method never really being discussed as an option:
    2008/12/18/secure_socket_layer_ssl_and_sitefinity
    how-do-i-secure-the-sitefinity-back-end-pages
    securing-a-sitefinity-backend-with-ssl
    securing-sf-admin-area

    edit - I am using Sitefinity 6.2 running on Windows 2012r2/IIS 8
  2. Eric
    Eric avatar
    7 posts
    Registered:
    10 Dec 2012
    06 Dec 2013
    Link to this post
    Turns out the Sitefinity backend wasn't too happy with this, I started running into problems when attempting to publish (or delete) pages the following error came up:

    The content type text/html; charset=UTF-8 of the response message does not match the content type of the binding (text/xml; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '<HTML><HEAD><link rel="alternate" type="text/xml" href="http://localhost/sf-five/DefaultWorkflows/PagesApprovalWorkflow.xamlx?disco"/><STYLE type="text/css">#content{ FONT-SIZE: 0.7em; PADDING-BOTTOM: 2em; MARGIN-LEFT: 30px}BODY{MARGIN-TOP: 0px; MARGIN-LEFT: 0px; COLOR: #000000; FONT-FAMILY: Verdana; BACKGROUND-COLOR: white}P{MARGIN-TOP:

    Similar problems to:
    http://www.sitefinity.com/developer-network/forums/bugs-issues-/external-security-token-service-issues

    I guess maybe i'll attempt to force ssl for the site and exclude the backend.
  3. Chris
    Chris avatar
    2 posts
    Registered:
    05 Oct 2012
    14 Jan 2014 in reply to Eric
    Link to this post
    I've been having the same issue when trying to force HTTPS for a Sitefinity site. Here's the rewrite rule that eventually worked for me:
    <rewrite xdt:Transform="Insert">
        <rules>
            <rule name="Redirect to HTTPS" stopProcessing="true">
                <match url="(.*)" />
                <conditions>
                    <add input="{HTTPS}" pattern="^OFF$" />
                    <add input="{URL}" pattern="/DefaultWorkflows/.+\.xamlx.*" negate="true" />
                </conditions>
                <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
            </rule>
        </rules>
    </rewrite>

    Cheers,
    Chris
  4. Pavel Benov
    Pavel Benov avatar
    341 posts
    Registered:
    14 Mar 2016
    17 Jan 2014
    Link to this post
    Hi guys,

    Thank you for bringing this interesting topic to our attention. We've had plans for releasing a KB about this and its finally out. You can check it in the ling below:

    http://www.sitefinity.com/developer-network/knowledge-base/forcing-all-site%27s-traffic-under-ssl-prevents-publishing-content-and-pages

    Regards,
    Pavel Benov
    Telerik
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
4 posts, 0 answered