0

I am writing a rule with the IIS Rewrite module to detect if a URL request is formed HTTP:// or HTTPS://

The documentation says "HTTPS can be used to determine if a secure connection was used". https://docs.microsoft.com/en-us/iis/extensions/url-rewrite-module/url-rewrite-module-configuration-reference#Accessing_URL_Parts_from_a_Rewrite_Rule

But it's possible that a valid HTTPS URL may not be secure (eg because of an invalid SSL certificate). In which case would the {HTTPS} variable be true or false?

Is there a better way?

userSteve
  • 1,503
  • 4
  • 20
  • 32

1 Answers1

2

Just a point of clarification: the {HTTPS} variable will evaluate to on or off, not true or false. The variable should evaluate to on if it is an https connection (even if the certificate is invalid).

sippybear
  • 2,997
  • 1
  • 12
  • 12
  • That's good to know. So in short - when the word 'secure' is used it shouldnt always be taken literally – userSteve Feb 05 '18 at 13:39