The YAF engine is installed in a subdirectory on our website, and the root folder of the forum looks like domain.com/forum. Our website was working many years through the HTTP protocol, but we have recently bought and installed an SSL certificate to switch to HTTPS. We redirect all requests to HTTPS in Global.asax for the main part of the site (it's a complex algorithm that takes into accounts many things, not only the protocol itself). However, the Global.asax from the root folder doesn't work for the forum subfolder, which is a separate virtual app. What is the best way to enable redirection to HTTPS with the code 301 'Moved permanently' for the forum in our case?

At the moment, I implemented the solution with HSTS in web.config found on StackOverflow . Actually, I added the following node to the node in the web.config in the forum root directory:

<rewrite>
	<rules>
		<rule name="HTTP to HTTPS redirect" stopProcessing="true">
			<match url="(.*)" />
			<conditions>
				<add input="{HTTPS}" pattern="off" ignoreCase="true" />
			</conditions>
			<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
		</rule>
	</rules>
	<outboundRules>
		<rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
			<match serverVariable="RESPONSE_Strict_Transport_Security"
				pattern=".*" />
			<conditions>
				<add input="{HTTPS}" pattern="on" ignoreCase="true" />
			</conditions>
			<action type="Rewrite" value="max-age=31536000" />
		</rule>
	</outboundRules>
</rewrite>

Is it a good solution?

Edited by user  5 years ago  | Reason: Corrected the 1st <action> to work properly for virtual apps in subfolders