How to Set Up IIS URL Rewrite on Windows Server 2019

March 22, 2026
Tutorials
Comment off

Introduction to IIS URL Rewrite on Windows Server 2019

The IIS URL Rewrite module is a powerful extension for IIS 10 on Windows Server 2019 that allows server-side manipulation of incoming request URLs before they are processed. URL Rewrite is used for canonicalising URLs (removing or adding trailing slashes, enforcing lowercase), redirecting HTTP to HTTPS, implementing clean URLs for content management systems, setting up vanity URLs, blocking malicious request patterns, implementing custom 404 pages, and proxying requests to backend servers. This guide covers installation, rule syntax, common use cases, and performance considerations.

Install URL Rewrite Module

URL Rewrite is not included in Windows Server 2019 by default — it must be downloaded from Microsoft and installed separately:

# Download URL Rewrite 2.1 from Microsoft (run as Administrator)
# Direct download: https://download.microsoft.com/download/1/2/8/128E2E22-C1B9-44A4-BE2A-5859ED1D4592/rewrite_amd64_en-US.msi

# Install silently
msiexec /i "C:Downloadsrewrite_amd64_en-US.msi" /quiet /norestart

# Verify installation
Get-WebGlobalModule | Where-Object Name -match "RewriteModule"

# Or check IIS modules
Get-WebConfiguration -Filter "system.webServer/globalModules/add" | 
    Where-Object name -match "Rewrite" | Select-Object name, image

URL Rewrite Rule Structure

URL Rewrite rules are XML elements in either applicationHost.config (server-wide) or web.config (site/application-specific). Each rule has a name, a match pattern (regular expression or wildcards), optional conditions, and an action. Actions can be Rewrite (change the URL silently), Redirect (send HTTP 301/302), AbortRequest, or CustomResponse.

# Example web.config URL Rewrite section structure:
# 
#   
#     
#       
#         
#         
#           
#         
#         
#       
#     
#   
#

Rule 1: Force HTTPS Redirect

Redirect all HTTP requests to HTTPS using a permanent 301 redirect. This is the most common URL Rewrite rule:

# Add HTTP to HTTPS redirect rule via PowerShell (modifies web.config)
$rule = @"

  
  
    
  
  

"@

# Using IIS PowerShell module to add the rule
Add-WebConfigurationProperty `
    -PSPath "IIS:SitesDefault Web Site" `
    -Filter "system.webServer/rewrite/rules" `
    -Name "." `
    -Value @{
        name = "Force HTTPS"
        stopProcessing = "true"
    }

# It is often easier to edit web.config directly for complex rules
$webConfigPath = "C:inetpubwwwrootweb.config"

Rule 2: Enforce Canonical Hostname (Remove www)

# Redirect www.example.com to example.com (301)
# Add this to web.config inside :
#
# 
#   
#   
#     
#   
#   
# 

# Or using URL Rewrite PowerShell cmdlets:
$ruleName = "Remove WWW"
$ruleFilter = "system.webServer/rewrite/rules/rule[@name='$ruleName']"
Add-WebConfiguration -PSPath "IIS:SitesMySite" `
    -Filter "system.webServer/rewrite/rules" `
    -Value @{name=$ruleName; stopProcessing="true"} -AtIndex 0

Rule 3: WordPress/CMS Clean URL Rewrite

WordPress and most CMS platforms require URL rewriting to route all requests through index.php unless the file or directory physically exists:

# WordPress URL rewrite rule (add to web.config in WordPress root)
# This is the standard WordPress web.config rule for IIS:
#
# 
#   
#   
#     
#     
#   
#   
# 

# Write this programmatically
$wpRule = '
  
  
    
    
  
  
'
# Insert into web.config manually

Rule 4: Block Bad User Agents

Reject requests from known malicious or unwanted user agents (scrapers, vulnerability scanners):

# Block requests matching known scanner user agents
# Add to web.config:
#
# 
#   
#   
#     
#     
#     
#     
#   
#   
#

Rule 5: Rewrite Application Path

Map a clean URL path to an application URL with query string parameters:

# Rewrite /products/123 to /product-detail.aspx?id=123
# Add to web.config:
#
# 
#   
#   
#

Use Rewrite Maps for Static URL Mapping

Rewrite Maps let you define a lookup table of old-URL-to-new-URL mappings, which is more efficient than writing individual rules for hundreds of redirects (e.g., after a site migration):

# Define a rewrite map
# In web.config:
#
# 
#   
#     
#     
#     
#   
# 
# 
#   
#     
#     
#       
#     
#     
#   
# 

# Import URL mappings from CSV file into a rewrite map
$mappings = Import-Csv -Path "C:url-migrations.csv"   # columns: OldUrl, NewUrl
# Build XML programmatically and insert into web.config

View and Manage Rules via Command Line

# List all URL Rewrite rules for a site
Get-WebConfiguration -Filter "system.webServer/rewrite/rules/rule" `
    -PSPath "IIS:SitesDefault Web Site" |
    Select-Object name, 
                  @{n="Pattern";e={$_.match.url}},
                  @{n="ActionType";e={$_.action.type}} | Format-Table

# Enable/disable a rule
Set-WebConfigurationProperty `
    -PSPath "IIS:SitesDefault Web Site" `
    -Filter "system.webServer/rewrite/rules/rule[@name='Force HTTPS']" `
    -Name "enabled" -Value $false

# Remove a rule
Remove-WebConfigurationProperty `
    -PSPath "IIS:SitesDefault Web Site" `
    -Filter "system.webServer/rewrite/rules" `
    -Name "." `
    -AtElement @{name="Force HTTPS"}

Summary

The IIS URL Rewrite module on Windows Server 2019 provides flexible, regex-based URL manipulation at the server level. The most universally applied rules are HTTP-to-HTTPS redirect and canonical hostname enforcement. For CMS platforms like WordPress, the physical file/directory bypass rule is essential. Rewrite Maps make batch URL migrations efficient without hundreds of individual rules. All rules should be tested in a staging environment first and validated with the IIS URL Rewrite Test button or PowerShell before deploying to production, as incorrect patterns can break all access to a site.