I have a client running SharePoint Server 2019 on IIS10, and they want to redirect http requests to https for one of a few Web apps/Alternate Access Mappings in their environment.
So, the web app http://intranet and http://intranet.domain.com should be redirected to https://intranet and https://intranet.domain.com respectively but http://mysites , http://mysites.domain.com and http://CentralAdmin:12345 should not.
Similarly, the internal SharePoint IIS sites like Security Token Service which are on host-named URLs like:
http://sp19-app:32843/SecurityTokenServiceApplication/securitytoken.svc
Should be left alone.
I have an internal CA-generated cert for https://intranet and a Comodo cert for https://intranet.domain.com in place, with working SharePoint AAMs and IIS bindings, both are working, a full range of URLs can be visited.
Most guides to the IIS URL rewrite, including Ruslan's
https://ruslany.net/2009/04/10-url-rewriting-tips-and-tricks/#redirect-https
and this well-written one:
https://www.namecheap.com/support/knowledgebase/article.aspx/9953/38/iis-redirect-http-to-https
and this one:
http://www.jppinto.com/2010/03/automatically-redirect-http-requests-to-https-on-iis7-using-url-rewrite-2-0/
grab all URLs on the site with (.*)
What I want to do is only grab and redirect the in-scope ones with this
(intranet)(.)*
or
^(http:\/\/intranet)(.)*
both of which I've tried, and while they don't redirect the critical service apps or MySites URLs, they don't consistently redirect the Intranet URLs either.
I've validated all of the affected URLs in regex101.com's testing panel, which they come up looking good in, but is there a possibility that either my regex isn't as hot as I think it is or URL rewrite uses a different implementation of it?
For example, under Conditions, I have dutifully added:
{HTTPS}
pattern: ^OFF$
which to my mind means "If OFF appears at the start of the string, at the end of the string", which is clearly nonsense.
My understanding from reading on the topic is that the purpose of Conditions is to create exceptions, and this one stops HTTPS requests being redirected to HTTPS, which is very sensible.
How it arrives at that using the rule I've added is not clear to me though.
The actual redirect to part is :
https://{HTTP_HOST}{REQUEST_URI}
which seems to be the most sensible, as SharePoint URLs will contain query strings and all sorts of stuff after the ? or &.
Screenshot of redirect rule
URL rewrite is configured on an IIS site-by-site basis, so maybe I'm worrying over nothing and I don't need to modify the regular expression. If that's the case, as I suspect it probably is, I suppose I can just leave it.
However, I hate having the solution but not knowing how it works, I'd much sooner be able to confidently write my rules and be certain they'll do precisely what I think they will and why.
You need to add another condition. You can try the rule below.
<conditions>
<add input="{HTTP_HOST}" pattern="^Intranet.(.*)$" />
<add input="{HTTPS}" pattern="^off$" />
</conditions>
Related
Link: https://www.tekcent.com/articles/2013/a-better-canonical-domain-name-rule-for-iis/
The author claims that The default Canonical Domain Name rule in IIS doesn't work very well. The generated rule doesn't work across different sub domains.
To test this I created 2 websites-
Website1 has 2 bindings: xx1.mydomain.com; xx2.mydomain.com
Website2 has 2 bindings: yy1.mydomain.com; yy2.mydomain.com
Then I added the Canonical Domain Name rule to both so they the request get redirected to the 2nd url.
Entering xx1.mydomain.com in the browser takes me to xx2.mydomain.com
Entering yy1.mydomain.com in the browser takes me to yy2.mydomain.com
This works as expected. What has the author mention that - The generated rule doesn't work across different sub domains?
I took a look at the link you provided. I can share my understanding with you and hope it can be helpful to your confusion.
The author's website has multiple bindings and he can access the website via localhost, staging.tekcent.com, tekcent.com etc as the hostname in the URL for different stages (localhost, dev, staging and production); while The canonical domain name is only required in production, so the author only wants requests from tekcent.com to be redirected to the production site. Create a canonical domain name rule in IIS, which by default generates a condition like this:
<conditions>
<add input="{HTTP_HOST}" negate="true" pattern="^www\.tekcent\.com$" />
</conditions>
Any request that is not www.tekcent.com will be matched successfully, including any request from localhost or staging.*, and then redirected. But this is not the effect the author wanted. So the author made some changes to the rules.
Your test doesn't contradict the point he made, the default canonical domain name rules work. If your website 1 works on localhost, it can also be accessed through localhost. According to the default rules, when you visit localhost, it will also be taken to xx2.mydomain.com,
If you don't want to follow this rule when accessing from localhost, then you need to change the rule to check for an exact match on xx1.mydomain.com.
This might be a stupid question, however we have a website which we'll call http://example.com and we're using YuDu to publish some of our brochures online.
The URL's YuDu have given us are in the format http://content.yudu.com/htmlReader/SomeString/SomeName/SomeFile.html however we want to use our own URL's for these files:
i.e. http://example.com/ebrochure/SomeBrochure
I can setup URL rewriting for this, but it obviously redirects to the YuDu domain. Looking online it appears that I 'may' be able to use the IIS Application Request Routing module for this...but I'm at a loss as to how to do this. Everything I've found so far uses localhost and/or domains you already own for this.
So my question is:
Is my request even possible?
If so...could anyone point me in the right direction to do it?
Thanks in advance.
Matt
I don't think it's possible to do that. As far as the content must be served by yudu.com, you can only use redirections (with URL rewriting or by configuring a redirect in Application Request Routing). It will anyway end with a redirect. You could only manage this if yudu.com was one of your domains, which doesn't seem to be.
The only way I see if you really want to serve this content behind your example.com URL is using an iframe. But I don't know if Yudu will allow this.
Good luck !
It is definitely possible.
1) You need to install ARR module
2) In IIS manager you should enable reverse proxy
2.1) On server node click "Application Request Routing Cache"
2.2) Click "Server proxy settings" and click "Enable proxy", then "Apply"
3) In web.config add this rule:
<rule name="rewrite /ebrochure/SomeBrochure" stopProcessing="true">
<match url="^ebrochure/SomeBrochure$" />
<action type="Rewrite" url="http://content.yudu.com/htmlReader/SomeString/SomeName/SomeFile.html" />
</rule>
4) Open your url: http://example.com/ebrochure/SomeBrochure and you should see page from yudu
We recently setup a new website on a new domain using WordPress, to replace our old website using flat files. Because of time constraints, we had little time to plan and ended up having someone setup the redirects in IIS Manager.
This means that almost every folder in the old website has something like the following for each page:
<location path="old-file.html">
<system.webServer>
<httpRedirect enabled="true" destination="http://new-domain.com/new-page/" exactDestination="true" childOnly="true" httpResponseStatus="Permanent" />
</system.webServer>
</location>
The problem is that this was a massive site with ~15k pages and only about 1k pages were manually redirected to new URIs. This means we have potentially 14k pages of legacy content (effectively dead URLs, some of it is so old) but we need to it redirect to the root of the new domain.
So almost every folder has a web.config with one instance of the codeblock above for each page redirected, but we need every page that wasn't redirected in this manner to redirect to a fixed location.
Manually configuring isn't an option because of the number of pages. I thought about using a tool to add a line of PHP to handle the redirect to every .php and .html file (PHP had to parse html files on this site for legacy content) but it's far from ideal.
Ideally, there'd be something I could put in the web.config which would say "For any request not already redirected via <location>, redirect it to "http:// domain.com". Even if this meant appending something to the web.config already in each folder, it would save days of work, say if no locations match, then redirect.
I've searched for having multiple locations or wildcards in <location> blocks but doesn't seem possible so I'm not sure what do do here—any help appreciated!
Suggestion: why not you redirect your 404 page to home page of any other you wish to.. if someone lands to any old page that no longer exists should go to 404 so redirect 404 to homepage, common practice in case of ecommerce sites they redirect their discontinued product page to search page. If that helps you can google "redirect 404 to homepage wordpress" there are lots of plugins that would do it, but as IIS you can simply config your web.config.
If the urls are now dead and you dont have replacement content to redirect them to, then the proper response would be to return a 404/410. Redirecting dead urls in bulk to the homepage will be seen by Google as a soft 404. https://support.google.com/webmasters/answer/181708?hl=en
I would like to redirect one domain to another, whilst also maintaining the same folder and file request structure like so:
http://libraries.domain.net/testing/another/blah.php
https://libraries.anotherdomain.com/testing/another/blah.php
For the moment ignore the SSL part.
My first questions are the simple ones:
How to I achieve this in my web.config file (IIS)?
What is this type of redirect known as?
For my own interest, how do I do this with an .htaccess file aswell? You do not have to answer this as I think this question has the correct answer anyway, but just wanted it confirmed.
Please Note: If you only know the answer to question 3, please do not bother answering as my main question is regarding how to do this in IIS, not Apache.
SSL
I have left this part out so far because I am not sure if it is possible to do without receiving security errors. However, what I would like to know is how can I perform the redirect above whilst keeping a secure connection?
Obviously anotherdomain.com must have a valid SSL certificate, but does domain.com also have to have a valid one even if it is forwarding all pages?
Will having two certificates prevent any errors coming up, or will it come up with a warning saying that You are not going to where you think you are going, or something along those lines?
Would it be better to do this with DNS? Would the SSL work with DNS?
How to I achieve this in my web.config file (IIS)?
See the following:
http://www.iis.net/downloads/microsoft/url-rewrite
http://www.iis.net/learn/extensions/url-rewrite-module/url-rewrite-module-video-walkthrough
http://blogs.iis.net/ruslany/archive/2009/04/08/10-url-rewriting-tips-and-tricks.aspx
An example, using IIS URL Rewrite:
<rule name="Redirect example.net to example.com" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="example\.net$" negate="false" />
</conditions>
<action type="Redirect" url="http://www.example.com/{R:1}" redirectType="Permanent" />
</rule>
What is this type of redirect known as?
I am not sure if this has a specific name. I just call it a domain redirect or 30x redirect.
For my own interest, how do I do this with an .htaccess file aswell? You do not have to answer this as I think this question has the correct answer anyway, but just wanted it confirmed.
https://stackoverflow.com/a/3010036/908471
http://httpd.apache.org/docs/current/mod/mod_rewrite.html
RewriteEngine on
RewriteCond %{HTTP_HOST} example.net$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
Will having two certificates prevent any errors coming up, or will it come up with a warning saying that You are not going to where you think you are going, or something along those lines?
Yes, two valid certificates from trusted Certificate Authorities will prevent errors from coming up (as long as all content on the page is also sourced from valid https links). You can also just use a single certificate, if the certificate authority offers SubjectAltName support (also known as SAN or Unified Communications Certificates).
Another thing that you can do, if you have two valid certificates and only a single IP, is use SNI, but you will need to understand that not all web clients can use SNI - so be careful. The use of SNI is going up, and I would suggest that this is becoming the preferred method as you do not have to deal with the headache of tracking domains that should be on a SAN/UCC when updating.
Would it be better to do this with DNS? Would the SSL work with DNS?
DNS has nothing to do with SSL. You can not trick SSL via DNS shenanigans.
How would you approach setting up 301 redirects within Kentico CMS (v5.0)?
I want to provide a client with an easy way (ideally through the CMS Desk interface) to set up 301 redirects in a website that has recently be re-implemented on Kentico. For example, I would want to redirect "old-page.cfm" to "new-page.aspx", and ensure that the HTTP response to the original request is 301.
I have an approach that looks like it works, but maybe there is a better way. I configured extensions-less URLs (per Kentico's documentation) and added a new document alias to the "new-page" document, specifying the "old-page" as the URL path and adding ".cfm" to the URL extensions list. Using Fiddler (HTTP Debugging Proxy) tool, it looks like what I want to have happen is happening: the request for "old-page.cfm" is returning a 301, redirecting to the "new-page" document, and returning a 200 response.
Does anyone know if this is a good approach for setting up 301 redirects in Kentico? Is there a better way? Are there any known drawbacks to using extension-less URLs in Kentico?
I think this is a good approach and I'm not aware of any other way to accomplish 301 redirects without doing what your doing. I've used Extension-less URLs in Kentico for awhile now and they work well.
According to a Blog Post (Comment) by the CTO of Kentico:
... there are few new (so far experimental) settings in 4.0 (4.0 ONLY) you can put in the web.config file.
They are:
3) <add key="CMSUsePermanentRedirect" value="true" /> which allows 301 redirection in places where it makes sense, instead of 302 redirection.
2) <add key="CMSRedirectAliasesToMainURL" value="true" /> which you can use for better SEO. It does 301 on every URL which is not main for the document (NodeAliasPath). That should help you for now.
3) <add key="CMSRedirectInvalidCasePages" value="true" /> which goes even further and allows you to restrict the pages only to a specific case variant. When the case is not right, it gets 301 to the right case.
I'm not sure what the status of these are with 5.X, but I'm guessing they either work, or they are now configuration settings somewhere in the Site Manager.
I would install the IIS Rewriter module http://www.iis.net/downloads/microsoft/url-rewrite
Then I would add a rule (permanent = 301) for all the .cfm pages to be processed by a custom handler.
For the customer I have to create a custom table with two columns that holds the relation between the old links and the new links.
That custom handler will then look into the custom table for any matches and then do the correct redirection.
I have implemented it in IIS6 for several clients moving from a php system to kentico using ISAPI Rewrite from Helicon (http://www.helicontech.com/isapi_rewrite/). It uses a .htaccess file at the root of the site. You could make this an edittable page from kentico if you needed to, or updatable from a custom field in page if you needed to, however we just got mapping list from our clients.
I believe you can do the same thing natively in IIS7 with one of the optional plugins.