Redirecting Non-HTTPS Traffic to HTTPS for SharePoint 2007

Like any sensible SharePoint 2007 deployment, I’m keeping the one I am working on currently currently strictly HTTPS (SSL). The reason for this is that we have opened up the SharePoint deployment to the web. Not a public facing web with anonymous access for internet users, but accessible without VPN on the web for our field employees to use.

One of the problems I have faced up until now is that when SharePoint is configured for HTTPS connections the Non-HTTPS connections are dropped and faced with a 404 Not Found error, the least helpful of all HTTP error codes.

Struggling for a solution to such a simple request –Redirect non-secured traffic to the secure protocol I searched online and found after a little digging this helpful article from a SharePoint blog at http://www.os.com/blog/capture-and-redirect-http-to-https-with-sharepoint-2007/. Here’s the crux of it:

  1. Configure the SharePoint AAM (Alternate Address Mapping) so that HTTPS is the default protocol for the public URL.
  2. Edit the IIS Site for SharePoint and either change the HTTP port to a random number, or do as I did and delete the binding for the HTTP port.
  3. Create a New IIS Site called SharePoint Redirect
  4. Assign the New Site to HTTP on Port 80
  5. Add a Host Header to the New Site Matching the URL of the Site (Eg. sharepoint.company.com)
  6. Using HTTP Redirects, Create a Permanent (HTTP 301) to the HTTPS URL of the SharePoint deployment.

Done

PS: Don’t forget to allow HTTP and HTTPS through the external firewall though otherwise users will never hit the redirect rule.