Recently we had installed a SSL certificate on one of our sites and the requests with https were being served perfectly as expected, however it was noticed that the pages were still being served perfectly even when an http request was made instead of https. This to an extent was defeating the purpose of having a certificate in place to serve secured content. After some investigation and search I found two ways in which this can be addressed the second one was what I finally adopted because it would not break bookmarked pages for the users of the site
Option 1: Change IIS settings for that instance
To ensure that only SSL requests are served, we can configure the AccessSSL metabase property to force SSL content requests only.
In windows command prompt run the following command
cscript.exe adsutil.vbs set /w3svc/[site identifier]/AccessSSL TRUE
where site identifier is the unique number that identifies the instance in IIS. This number can be found in IIS Manager and in IIS metabase. The script file adsutil.vbs is normally found in ..\inetpub\AdminScripts folder.
Option 2: Use URL rewriting to redirect http requests to https
IndexIgnore *
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
The above syntax for URL rewriting is of Helicon ISAPI Rewrite in a .htaccess file (like the one thats available in Apache).