SecureAuth IdP Version Affected: All
Description/Cause:
If a user connects using port 80 (http) to a realm that it secured with SSL, it will throw a 403.4 Forbidden error. This guide will help you create a rule within URL Rewrite that automatically redirects all http requests to https.
Resolution:
Create a rule with URL Rewrite within IIS that redirects all http requests to https for all realms.
If you don't have the URL Rewrite extension, you can download it right here. The first thing we need to do is open IIS Manager. Expand "Sites," then select "Default Web Site." Double click the URL Rewrite module to open it. Follow the steps below to configure the rule.
1. Click "Add Rule(s)"
2. Select "Blank Rule" under Inbound Rules.
3. Set the name of the rule (1), Set the Match URL to use Wildcards (2), Set the Pattern to * (3), Set the Logical Grouping to "Match Any" (4), Add the condition that is highlighted (5).
4. On the rule, set the action type to "Redirect", and fill out the rest of the settings exactly like the picture below. Click apply afterwards.
5. Lastly, any realm that you want to utilize this rule must have "Require SSL" turned off. You can do this by going to any realm, clicking on SSL Settings, and removing the check mark from the "Require SSL" box.
Comments
If the Pattern * does not work, or gives you an error with an invalid reference, try the pattern ^(.*)$
Please sign in to leave a comment.