There are a few additional considerations to keep in mind when using URL Rewrite. Understanding the following considerations will make working with URL Rewrite much more productive.
IIS has the built-in ability to enforce SSL for sites, folders, or files. However, this isn't very friendly because it doesn't provide a redirect to the new location. Instead, it simply displays an error message if users visit the page over HTTP.
URL Rewrite offers a nice solution for this since it can seamlessly redirect a page from HTTP to HTTPS, or vice versa. You can use it for situations like ensuring that the login page, order page, or credit card page always use SSL, whereas the rest of the site redirects back to HTTP.
There are some important considerations for SSL to note.
The order of operations is important. When a request arrives at the server, it must first bind to the website and then URL Rewrite rules, and then site-level functions are performed. The order is as follows:
This is important for a couple of reasons. First, this shows that URL Rewrite has access to the decrypted information, which is very useful. Whether a request is SSL or not, URL Rewrite handles it the same.
Second, URL Rewrite doesn't have any control over which certificate is used in an incoming request. If the domain name doesn't match the certificate common name (for example, if ...