Forcing HTTPS using IIS and ISAPI Rewrite

Question

Hello,

I'm working to force HTTPS, and if the user is on HTTP, redirect the user. For some reason My rewrite rule works great on my prod env but not my dev, here it is:

# Redirect HTTP to HTTPS# redirect all http requests  to https
RewriteCond  %HTTPS (?!on).*
RewriteCond Host: (.*)
RewriteRule (.*) https\://$1$2 [I,RP]

On Prod it works great, it redirects the user. On Dev, it does not but shows this very strange page:

-cache
Content-Type: text/html
Content-Length: 161
Location: https://blahblah.mainblah.com/

<html><body>The requested resource was moved. It could be found here: <a href="https://blahblah.mainblah.com/"&gt;https://dev-notebox.intuit.com/&lt;/a&gt;&lt;/body&gt;&lt;/html&gt;

Has anyone seen this or have any ideas/pointers on what's going on here?

Thanks

Answer 1

Instead of using rewrite, you can use <cflocation> if the page is requested from http. Check CGI scope in Application.cfc's onRequestStart(). Pure CFML solution that would work across all web servers.