IIS Web.config rewrite rule issue - iis

I recently moved my website from http to https
My SSL certificate is for www.domain.com and not for domain.com, i.e. with www as prefix.
Now I facing an issue, when someone is accessing my website as http://www.domain.com it redirect to htts://www.domain.com without any issue as I have mentioned permanent redirect in web.config rewrite rules using following rules
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{REQUEST_URI}" negate="true" pattern="^/mobile.asmx*" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
However, when some is trying http://domain.com I am getting certificate error as SSL certificate is for domain with www prefix.
What I need help with is that rewrite should work as follows:
if request is from http://www.domain.com then move it to https://www.domain.com
however, if request is from http://domain.com then also move it to https://www.domain.com.
Please help if possible as the issue is with live website.

I got it, all I need is to add www.
<action type="Redirect" redirectType="Permanent" url="https://www.{HTTP_HOST}/{R:1}" />

Related

HTTPS://non-www to HTTPS://www IIS rewrite rule

Looking for IIS rewrite rule for HTTPS://example.co.uk to HTTPS://www.example.co.uk I have been able to redirect HTTP://example.co.uk & HTTP://www.example.co.uk to HTTPS://www.example.co.uk but unable to create a rule to redirect HTTPS://example.co.uk to HTTPS://www.example.co.uk In IIS the site bindings i have are: http www.example.co.uk 80 http example.co.uk 80 https www.example.co.uk 443
<rule name="https" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{REQUEST_URI}" pattern="https://example.co.uk/*" />
</conditions>
<action type="Redirect" url="https://www.{C:0}/{R:1}" />
</rule>
Not very experienced in creating rewrite rules they are already populated from past colleagues
Any assistance would be good : )
you could try below rule:
<rule name="RedirectNonWwwToWww" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="on" />
<add input="{HTTP_HOST}" pattern="^example.co.uk$" />
</conditions>
<action type="Redirect" url="https://www.{C:0}/{R:0}" redirectType="Permanent" />
</rule>
Cheers for your help Lex & Jalpa. I ended up creating site with https www site and adding redirect to the https domain.com site it works

URL Rewrite giving 404

I have subdomain with an A record to my IIS Server:
sub.domain.com
The IIS server has a binding for sub.domain.com and a cert for *.domain.com
What we need is when someone goes to sub.domain.com it takes them to another site but masks the URL and keeps the SSL. The destination page has in its SAN cert sub.domain.com.
Tried a forward on Godaddy which works but it doesn't keep the SSL and we get cert issues. So thought was to point to our server to pass SSL and then redirect it. I tried a URL Rewrite but it's giving a 404.
URL Rewrite:
<rewrite>
<rules>
<clear />
<rule name="Pay Redirect" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^(www\.)?sub\.domain\.com$" />
</conditions>
<action type="Redirect" url="https://www.domain2.com/cgsdesktop/PaymentLanding/UniversalPortal" appendQueryString="false" />
</rule>
</rules>
</rewrite>
I just need to know how to get this done.
How about this:
<rules>
<rule name="Pay Redirect" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^sub.domain.com$" ignoreCase="true"/>
<add input="{HTTP_HOST}" pattern="^www.sub.domain.com$" ignoreCase="true"/>
</conditions>
<action type="Redirect" url="https://www.domain2.com/cgsdesktop/PaymentLanding/UniversalPortal" appendQueryString="false" />
</rule>
</rules>
use sub.domain.com instead of sub\.domain\.com.
This article contains some useful recipes on IIS redirect/rewrite rules.
In order to mask the URL and keep the SSL in the browser bar, we need to create URL Rewrite action rules of URL Rewrite extension.
However, URL Rewrite action only supports to redirect the request to the same domain by default. We have to install the Application Request Routing extension when redirecting the request to another website.
https://www.iis.net/downloads/microsoft/application-request-routing
or we will get an Http 404 error.
See my preceding post for more details.
ASP.net URL Rewrite subdirectory to external URL
Feel free to let me know if there is anything I can help with.

Exclude specific urls from http to https permanent redirect rule

I've got the following redirect rule below to force all http traffic to https. However, we need to serve some pages that have a problem displaying in https and we need to force them to be http until we can get them updated to work under https.
<rule name="Redirect to https" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
One thing all these pages have in commons in that "/SSLA/" is part of the url. I'm not the rewrite guru I would like to be, but there are a couple of potential ways I can think of to fix this:
a) Somehow update this rule to exclude urls with "/SSLA/".
B) Add a rule before this rule that catches anything with "/SSLA/" and redirects to http if it's going to https and (either in the same rule or a separate rule?) also does nothing for http requests but stops processing so it doesn't hit this global http to https redirect rule.
Problem is, I'm not great with either regex or rewrite rules so I'm not quite sure how to accomplish either of those solutions (actually not even sure even either are the "proper" way to handle this).
So... please help! :)
EDIT: I should note that I have updated the c# code to redirect to http for these pages, but of course that causes a loop with the above rule. But I just point this out to say that all I need is for the redirect rules not to force http requests for pages with "/SSLA" to https since the code will redirect any such https requests to http. But if it's a trivial matter to also have the redirect rule force https requests with "/SSLA/" in them to http then I could remove the c# code that does the same.
try use
<match url="((?!SSLA).)*" />
insteed
<match url=".*" />
You should use two rewrite rules:
For redirecting HTTPS -> HTTP for SSLA/* pages
For redirecting HTTP -> HTTPS for non SSLA/* pages.
Check my example below how I am filtering SSLA and non SSLA pages
<rule name="Redirect to http SSLA" stopProcessing="true">
<match url="^SSLA" />
<conditions>
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
<rule name="Redirect to https" stopProcessing="true">
<match url="^SSLA" nagate="true" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>

IIS7 https to http redirect not working on www subdomain

I am trying to force the use of http on all pages of our site with the exception of a checkout page. I have used the rewrite rule below but it doesn't work with the www sub-domain in the url.
If I use https://domain.com it successfully redirects to http://www.domain.com but if I try https with www nothing happens. Please note that there is also a canonical domain name redirect in place but this issue still happens without this rule.
<rule name="No-https" enabled="true" stopProcessing="true">
<match url=".*" negate="false" />
<action type="Redirect" url="http://{HTTP_HOST}{REQUEST_URI}" />
<conditions>
<add input="{HTTPS}" pattern="on" />
<add input="{URL}" pattern="CheckOut" negate="true" />
</conditions>
</rule>
This has been driving me nuts all morning, I'm hoping someone with more experience of IIS rewrites can give me some help.
Spent a few hours on a similar issue. In my case I'm redirecting traffic from http to https and I want to do the same where sub domains are in use, e.g. http://subdomain.mydomain.com rewrites to https://subdomain.mydomain.com. It seems that for IIS 7.5 at least you need to add a http binding in IIS for each specific subdomain or it will not be picked up by the catch all matching below.
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>

IIS7 - URL Rewrite issue

I'm trying to rewrite some urls and i've done this in the past but for some reason it just won't stick this time. Here's the rule:
<rule name="Force HTTPS - Test.aspx" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^Templates/Test\.aspx" />
<conditions>
<add input="{HTTP_HOST}" pattern="^my\.domain\.com$" />
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://my.domain.com/Templates/test.aspx" />
</rule>
It should be taking http://my.domain.com/Templates/test.aspx and redirecting to https://my.domain.com/Templates/test.aspx.
Unfortunately it's not working at all, no matter what i try....
I figured out that IIS was configured to force SSL on the files I tried redirecting. That meant it would return an HTTP 403 error before even checking the url rewrite rules.
Hope that helps someone else.

Resources