Develop Reference

Web.config : force HTTPS and WWW with VARIABLE domain name

I've seen a lot of answers that come close, like this one: IIS Redirect non-www to www AND http to https but it's does not exactly match my case.
I have a website that has 2 domain aliases on top of its main domain name. Displaying the right content for each version is done in the code itself.
I am trying to use the WEB.CONFIG file to rewrite in 2 cases: when HTTPS is not used and/or when WWW is absent at the beginning of the url.
So http://example.com, https://example.com and http://www.example.com would all be rewritten as https://www.example.com Same thing if the site is visited using one of its domain aliases, for example http://examplealias.com would become https://www.examplealias.com
This answer
<rule name="Force WWW and SSL" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^[^www]" negate="true" />
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:0}" appendQueryString="true" redirectType="Permanent" />
</rule>
will not work for me as I cannot hard code the domain name.
I have tried this
<rule name="Force WWW and SSL" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^[^www]" negate="true" />
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://www.{HTTP_HOST}/{R:0}" appendQueryString="true" redirectType="Permanent" />
</rule>
but this results in https://www.www.example.com if I call http://www.example.com
What would be the right way to combine both conditions?

Okay, apparently in my case, it's better NOT to combine the rules:
<rule name="Redirect naked domains (that do NOT have a custom sub-domain) to www.domain.com" enabled="true" stopProcessing="false">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="^www." negate="true" />
</conditions>
<action type="Redirect" url="http://www.{HTTP_HOST}/{R:0}" appendQueryString="true" redirectType="Permanent" />
</rule>
<rule name="Redirect non-https urls to https" enabled="true" stopProcessing="false">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:0}" appendQueryString="true" redirectType="Permanent" />
</rule>
This works perfectly.

Multiple http bindings to HTTPS

Windows Server 2012
I have 1 IIS container with 4 different URLs for one domain and 2 domains in total as below (set with the bindings)
www.site1.com
site1.com
www.site1.co.uk
site1.co.uk
www.site2.com
site2.com
www.site2.co.uk
site2.co.uk
www.site1.com - is the primary domain, meaning any combination of the URLs above must take the user to www.site1.com or www.site2.com
I have the below rule which takes these sites to the primary URL
<rule name="PrimarySite" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="site1.co.uk" />
<add input="{HTTP_HOST}" pattern="www.site1.co.uk" />
<add input="{HTTP_HOST}" pattern="site1.com" />
</conditions>
<action type="Redirect" url="http://www.site1.com/{R:0}" />
</rule>
I now would like the same but for HTTPs so added a new rule (just for site 1 but i would do the same for site 2).
<rule name="site1HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions trackAllCaptures="true" logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="site1.co.uk" />
<add input="{HTTP_HOST}" pattern="www.site1.co.uk" />
<add input="{HTTP_HOST}" pattern="site1.com" />
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{C:1}{REQUEST_URI}" appendQueryString="false" redirectType="Permanent"/>
</rule>
When i add this i receive a redirecting loop error and have tried different combinations but it just doesnt seem to work.
What have i missed off (I have to rules in total)?

Use MatchAny for 3 {HTTP_HOST} and {HTTPS} will mess up the redirection logic.
You can combine 3 conditions into one so that {HTTP_HOST} and {HTTPS} can be used with "MatchAll" side by side.
<rule name="test">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="(site1|site2)\.(com|co.uk)" />
<add input="{HTTPS}" pattern="^off$" />
</conditions>
<action type="Rewrite" url="https://{HTTP_HOST}{REQUEST_URI}" />
Best regards,
Sam

URL Rewrite causing redirected you too many times

I am using IIS url rewrite rule to redirect from an IP Address to a domain name with the following rule.
<rule name="IPHit" enabled="true" stopProcessing="false">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="10.32.1.132" />
</conditions>
<action type="Redirect" url="https://daart-qa.sandbox.aimsplatform.com/eds-daas/{R:1}" redirectType="Permanent" appendQueryString="true" />
</rule>
Unfortunately, this results in an infinite loop redirect when I go to https://daart-qa.sandbox.aimsplatform.com/eds-daas.
How can I redirect from the IP address without having an infinite loop on dns entry?

Your rule will redirect 10.32.1.132/eds-daas to https://daart-qa.sandbox.aimsplatform.com/eds-daas/eds-daas. Is that expected behavior?
May I know your only face this infinite loop when you access specific URL or all requests hitted by IP address. What loop URL did you see in web browser developer tool?
Post the symtptom of loop URL would help us find the root cause.
Or you need to redirect request 10.32.1.132/eds-daas to https://daart-qa.sandbox.aimsplatform.com/eds-daas? If so you may need two rules side by side.
<rule name="IPHit" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="10.32.1.132" />
<add input="{REQUEST_URI}" pattern="^/eds-daas(.*)" negate="true" />
</conditions>
<action type="Redirect" url="https://daart-qa.sandbox.aimsplatform.com/eds-daas/{R:1}" redirectType="Permanent" appendQueryString="true" />
</rule>
<rule name="IP-HIT2" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="10.32.1.132" />
<add input="{REQUEST_URI}" pattern="^/eds-daas(.*)" />
</conditions>
<action type="Redirect" url="https://daart-qa.sandbox.aimsplatform.com/eds-daas{C:1}" />
</rule>

IIS http to https rewrite rule and exclude IP address

I wrote a http to https rewrite rule in IIS.
I want to exclude a http://XXX.XX.XXX.XX (one single IP address) from this.
Then I want to write another rule that rewrites those http://XXX.XX.XXX.XX and https://XXX.XX.XXX.XX to https://www.foo.com (my domain which I have ssl certificate for).
Here both rules:
<rule name="http to https redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
<add input="{REQUEST_URI}" pattern="^/XXX.XX.XXX.XX$" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" />
</rule>
<rule name="Redirect to my site">
<match url="XXX.XXX.XXX.XX" />
<conditions>
<add input="{QUERY_STRING}" pattern="XXX.XXX.XXX.XX" />
</conditions>
<action type="Rewrite" url="https:www.foo.com" />
</rule>
It does not work with the excluded pattern and I wonder if the second rule applies at all. Any advise is wellcome.

IIS 7 URL rewrite rules seem to be working one time only

I am trying to force a website running under IIS to always run in https mode and redirect to it's full root name which includes www in order for the SSL certificate to work properly.
Below is the web.config entry:
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_HOST}" pattern="^somewebsite.com$" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://www.{HTTP_HOST}{REQUEST_URI}" />
</rule>
</rules>
</rewrite>
</system.webServer>
This works on first time requests, for instance someone requests: somewebsite.com in the browser URI for the very first time, they will be automatically redirected to https://www.somewebsite.com. However, once the site is loaded and if user manually removes the www or https in the browser URI, the server does not perform subsequent redirects. Is that by design and is it possible for the rule to always execute?

This is what I use on all our live SSL sites. I use 2 rules and never had any problem with these:
<rule name="Redirect domain.com to www" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTP_HOST}" pattern="domain.com" />
</conditions>
<action type="Redirect" url="https://www.domain.com/{R:0}" />
</rule>
<rule name="HTTP to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>