Project Description
A simple HttpModule for ASP.NET that redirects all non-secure http requests to an https equivalent. Module is fully configurable from web.config.
System Requirements
ASP.NET 2.0 or higher
Usage
Place binary in /bin folder
Add following to web.config <configSections>:
<section name="httpsOnly" type="HttpsOnly.HttpsOnlyModule+Configuration" />
Add following to <httpModules>
<add name="HttpsOnlyModule" type="HttpsOnly.HttpsOnlyModule, HttpsOnly" />
Add your configuration:
<httpsOnly mode="RemoteOnly" hstsEnabled="true" hstsMaxAge="31536000" removeWWWPrefix="true"> <ignoredPaths> <add path="~/webservices" /> </ignoredPaths> <tldTranslation> <add from="net" to="com" /> </tldTranslation> </httpsOnly>
Configuration
- mode: RemoteOnly, On, Off (Only required configuration setting)
- port: TCP port to check if request is secure (Default: 443)
- hstsEnabled: Enable/Disable HTTP Strict Transport Security header (Default: False)
- hstsMaxAge: The time in seconds for the HSTS header (Default: 31536000)
- removeWWWPrefix: removes www. prefix in domain name if present (Default: False)
- <ignoredPaths>: List of virtual paths to ignore requests on (optional element)
- <tldTranslation>: Changes top level domain (tld) from one to another (optional element)