CWA 2007 HTTP to HTTPS Redirect

So you want to redirect any client HTTP requests for OWA to the HTTPS version? Easy enough. For our external clients this is fairly simple because you can simply have ISA do the hard work. For the internal clients, which I'll show here, it requires a little more work.

So open up the IIS snap-in. By default CWA creates web sites outside of the Default Web Site, which makes this process easy for us. All we have to do is redirect requests to the default web site to the CWA one.

  1. Right-click the Default Web Site and choose Properties.
  2. Click the Home Directory tab.
  3. Under "The content for this resource should come from" choose A redirection to a URL.
  4. Enter the redirect URL, https://cwa.confusedamused.com in my case, and press OK. iis1

Now that should work well if you have a dedicated CWA server and nothing else clogging up your Default Web Site. But what if another application is already there? The method above won't work so hot in that case. As a workaround we need to create another virtual web site that will redirect our clients to the appropriate page.

  1. Right-click the Web Sites node and choose New | Website.
  2. Click Next to start the wizard and enter CWA Redirect as the description. Press Next.
  3. Leave Port 80 as the port and enter the hostname for your CWA site, cwa.confusedamused.com in my case. Press Next.
  4. For the path you can use the default IIS contents so just browse or enter C:\Inetpub\wwwroot. Make sure anonymous access is checked. Press Next.
  5. Accept the default access permissions by pressing Next and then click Finish.
  6. Now, just follow the steps above that I outlined for the Default Web Site, but do it instead for the CWA Redirect website you just created.
  7. When all is said and done, your IIS websites should look like this: iis2

Now you can browse to http://cwa.confusedamused.com and IIS will pick up the host-header, point your client at the CWA Redirect website, which immediately redirects the request to https://cwa.confusedamused.com.