URL Rewriting for IIS (Windows Server)

As many of these posts are, this is in part to document the process for myself.  However, for anyone running IIS as their web server (such as for Windows Home Server or Windows Server Essentials), there are a few things that you can do to really improve your web server.

Specifically, I’m going to go over how to set up URL Rewriting and configure it to force all traffic over HTTPS, and to set it up as a reverse proxy so you can expose other services via the main web site.

First thing first, I’m going to assume that this is going to be done a Windows Home Server (WHS) or Windows Server Essentials (WSE) system, as there are a couple of extra steps that are required to ensure that this works 100%.  I’ll note these as they come up.

First, you need to access the system directly. You can use add-ins such as Advanced Admin Console or AWEICO’s Remote Launcher to accomplish this. However you can use Remote Desktop (“mstsc”) to accomplish this. For WHS, log in with the “Administrator” account and use the “Server” password (the one you use to log into the dashboard with). For WSE, use any admin account credentials.

Once you’ve logged in, you’ll want to open up the “Internet Information Services” console. This is located in “Administrative Tools” in the Control Panel. Or you can just run “inetmgr” to open this.

This will immediately prompt to get the “Microsoft Web Platform” installer.  While this isn’t strictly needed, it does make things a bit easier.  Click “Yes” on the prompt to open the webpage to download this. This will come up with a number of prompts if you don’t have the “IE Security policy” disabled.  Click through these and download the Web Platform Installer.

Once the Web Platform Installer has been run, you will want to find the “Application Request Routing 3.0” and “URL Rewrite 2.0” and click on “Add” for both of these.  Then click on “Install”. Click through and agree to any prompts that come up.

Once that’s done, close and re-open “Internet Information Services” console.  Click on the server name.  Find “Application Request Routing” on the main window, and double click on it to open up the settings for this.

From here, click on the “Server proxy settings” on the right sidebar.

Check the “Enable Proxy” setting here and hit the “Apply” button. There is no need to set anything else here, as it’s not needed.

Now, if you’re using Windows Server Essentials, there is a separate step that is necessary here. This is because the folder structure is “locked down”, permission wise.  So to make the changes, we need to change the NTFS permissions on certain files.  This only applies if you’re using Windows Server Essentials, or Windows Home Server 2011.

Navigate to “C:\Program Files\Windows Server\Bin\WebApps\Site”, right click on the “web.config” file and select “Properties”. Open up the “Security” tab and click on the “Advanced” tab. Click on “Change” next to “Owner” and set this to “Administrators”.  Then click “Apply”, accept the prompts, and then close and reopen the Properties and security settings again.  This time, select “Administrators”, and set it to “Full control”.

Once that is completed (if needed), you can then set up the rules for the site. From here, head back to the IIS Manager.  Open the Website you are using, and find the “URL Rewrite” module.

From there, add a new rule. You will want to create a “blank rule”.


From here, there are a few options that we can take.  However, the two that we are going to cover are redirecting to HTTPS (ensuring secure access to all content on your website), and how to set up a reverse proxy.

Redirect to HTTPS

Under the new rule, you will want to set the pattern to “(.*)”, so that it picks up everything.  Meaning that it will check this for every request to your server.

Now, we need to add a condition.  Under the “Conditions” section, click on the “Add” button.  Set the “Condition input” to “{HTTPS}”, and that it matches the pattern “Off”.  This will make sure that it only runs the rule when HTTPS is not in use.

For the Action, make sure that this is set to “Redirect” and not “Rewrite”.  Set the Redirect URL to “HTTPS://{HTTP_HOST}/{R:1}”, and set the Redirect type to “Permanent (301)”.  And hit “Apply”.

Once you’ve done this, any requests to the website will be automatically redirected to the HTTPS URL instead.  And any indexers will always use HTTPS.  Which may help get better results from indexers like Google.

Reverse Proxy

This will vary with the service that you’re using. For now, I’m going to use the example of Subsonic. Specifically, hosted on the same system, using port 8080 and hosted in a subdirectory (so that the normal URL to access it would be “http://localhost:8080/subsonic/”).

The subdirectory on the other web server is not strictly necessary, but it makes things a lot simpler

For the pattern, set it to “^subsonic(.*)”.  If you’re using something else, then change the “subsonic” part to match the subdirectory on that server.

Then for the rewrite part, set it to “http://localhost:8080/{R:0}”.  Note that the “subsonic” has been dropped from the URL here, and replaced with “{R:0}”. This will pass the full URL to the “backend server”, so that everything works “as expected.



And that’s it.  Everything should work now, and work well.  No need for a second server in front of IIS to handle this.

Author: Drashna Jael're

Drashna Jael're

2 thoughts on “URL Rewriting for IIS (Windows Server)”

  1. Hi drashna,
    Thanks for this guide. It helped me a lot getting Subsonic up and running with the built in SSL cert in Server 2016 Essentials.
    I’m now looking to get Tonido up and running in the same way but Tonido doesn’t use a subdirectory. The url for it is http://localhost:10001
    How would I go about getting Tonido up and running through the reverse proxy without the subdirectory? I’d like the public url to be https://xxx.remotewebaccess.com/tonido

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.