This project is read-only.
This left up for archival purposes, development has been moved here:

Project Description
A simple HttpModule for ASP.NET that redirects all non-secure http requests to an https equivalent. Module is fully configurable from web.config.

System Requirements
ASP.NET 2.0 or higher

Place binary in /bin folder

Add following to web.config <configSections>:
<section name="httpsOnly" type="HttpsOnly.HttpsOnlyModule+Configuration" />

Add following to <httpModules>
<add name="HttpsOnlyModule" type="HttpsOnly.HttpsOnlyModule, HttpsOnly" />

Add your configuration:
<httpsOnly mode="RemoteOnly" hstsEnabled="true" hstsMaxAge="31536000" removeWWWPrefix="true">
		<add path="~/webservices" />
		<add from="net" to="com" />

  • mode: RemoteOnly, On, Off (Only required configuration setting)
  • port: TCP port to check if request is secure (Default: 443)
  • hstsEnabled: Enable/Disable HTTP Strict Transport Security header (Default: False)
  • hstsMaxAge: The time in seconds for the HSTS header (Default: 31536000)
  • removeWWWPrefix: removes www. prefix in domain name if present (Default: False)
  • <ignoredPaths>: List of virtual paths to ignore requests on (optional element)
  • <tldTranslation>: Changes top level domain (tld) from one to another (optional element)

Last edited Nov 23, 2015 at 2:27 PM by HughJeffner, version 16