Rewrite rule to HTTPS except when on localhost

Try this condition:

<system.webServer>
  <rewrite>
    <rules>
      <rule name="Redirect HTTP to HTTPS" stopProcessing="true">
        <match url="^(.*)$"/>
        <conditions>
          <add input="{HTTPS}" pattern="^OFF$"/>
          <add input="{HTTP_HOST}" matchType="Pattern" pattern="^localhost$" negate="true" /> 
        </conditions>
        <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther"/>
      </rule>
    </rules>
  </rewrite>
</system.webServer>

Using a negate condition against the localhost pattern should do the trick.


Adding to anubhava's answer, you can replace the add element for localhost with the following 2 entries to cater for both localhost and 127.0.0.1 with optional ports e.g localhost:59400 which is the case when debugging through visual studio and IIS

<add input="{HTTP_HOST}" matchType="Pattern" pattern="^localhost(:\d+)?$" negate="true" />
<add input="{HTTP_HOST}" matchType="Pattern" pattern="^127\.0\.0\.1(:\d+)?$" negate="true" />    

With the original answer, localhost:123 would be redirected to https which may not be desirable.