IIS URL Rewrite not redirecting subfolders - iis

URL Rewrite rule for redirecting from http to https:
<rewrite>
<rules>
<rule name="http to https" enabled="false" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
However, when you go directly to a subfolder like http://www.example.com/employees via an old bookmark or by typing the address into the browser, it doesn't redirect to https://www.example.com/employees but stays on http://www.example.com/employees.
Oddly enough, we have the same rewrite rules for a dev site, and it will redirect from http://dev.example.com/employees to https://dev.example.com/employees.
Very strange. Any ideas?

This is what I use - I add it to the applicationhost.config file, so it's at the global level. It's a little different then yours, I run many different sites and never have the issue you're describing doing it this way.
<rule name="Root Redirect to HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{SERVER_PORT}" pattern="^80$" />
<add input="{HTTP_HOST}" pattern="example\.com$" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:0}" />
</rule>

Related

Redirect from http to https on IIS 10.0

I have an aspx web app accessed via http://domain/web.aspx. This web app uses port 80 and http://domain:80/web.aspx works OK. I would like to redirect all calls to https://domain:82/web.aspx. I've tried using the rewrite rule
<rule name="HTTPS force" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^(.*):80$" />
</conditions>
<action type="Redirect" url="https://localhost:82" appendQueryString="false" />
</rule>
in web.config in the same folder as web.aspx but this has no effect. What rewrite rule do I need to use?
You should use the following as input:
<rule name="HTTPS force" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{SERVER_NAME}/{R:1}" redirectType="Permanent" />
</rule>
Not sure if you want the :80 there in the URL? If so, it can be added to my example too. Taken from here: Web.config redirects with rewrite rules - https, www, and more.
Found this rule worked
<rule name="HTTPS force" enabled = "true" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="http://domain/Web.aspx" />
</conditions>
<action type="Redirect" url="https://domain:82/Web.aspx"/>
</rule>

IIS 10 URL Rewrite http traffic to https redirect not working

IIS 10 server behind an AWS application load balancer will not redirect traffic for domain without www when client requests http rather than https. The rule to redirect traffic when www is specified works fine, but 404 is returned if you try the same url without www.
So:
Enter "http://dname.com/blog" = 404
Enter "http://www.dname.com/blog" = redirect to "https://www.dname.com/blog"
<rule name="Force HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_X_Forwarded_Proto}" pattern="^https$" negate="true" />
<add input="{HTTP_HOST}" pattern="^dname\.com$" />
</conditions>
<action type="Rewrite" url="https://www.dname.com{REQUEST_URI}" />
</rule>
<rule name="Force WWW HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_X_Forwarded_Proto}" pattern="^https$" negate="true" />
<add input="{HTTP_HOST}" pattern="^www\.dname\.com$" />
</conditions>
<action type="Redirect" url="https://www.dname.com{REQUEST_URI}" />
</rule>
Nothing worked for me even after going through the answers provided on different forums.
After 2 days of banging my head in this here's what I found which solved the issue :
Bindings : Port 80 must be enabled (This can be added in bindings section in IIS).
SSL settings : Required SSL must be unchecked.
Add Rule :
<rewrite>
<rules>
<rule name="http to https redirection" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"
appendQueryString="false" />
</rule>
</rules>
</rewrite>
Verify web config as it should reflect the rule added in IIS.
I don't know why the previously posted rules wouldn't work, but I was able to create a refined rule that is working:
<rule name="Force HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_X_Forwarded_Proto}" pattern="^https$" negate="true" />
<add input="{HTTP_HOST}" pattern="^(www\.)?dname\.com$" />
</conditions>
<action type="Redirect" url="https://www.dname.com{REQUEST_URI}" />
</rule>
The above rule combines the two rules instead of looking for the domain without the www and then with the www in a separate rule. The regex (www\.) tells the rule to look for "www." and the question mark tells it that it may or may not be there, so that includes the domain with and without the www.
There is a very very important step that should take care, before setup a redirect configure.
in web Sites project --> Actions(in the right) --> Bindings , the content will like below:
Binding Content
You take carefully the yellow color part, the yellow part is your original web IP address. This original IP address must exist in "Site Bindings", without the yellow part the URL redirect will not working anymore.
The following config is my current IIS URL redirect setting:
<rewrite>
<globalRules>
<rule name="Http redirect to Https" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="localhost:8080" /> <-- the Red one should match above Site Bindings original IP address
</conditions>
<action type="Redirect" url="https://Your-Host-Name/{R:1}" redirectType="SeeOther" />
</rule>
</globalRules>
</rewrite>

IIS multiple rewrite rules for Virtual directory

i have a website and one virtual directory called prog .looking an iis redirect rule for the following condition.
1.i need to redirect all non www http request http://domain/prog to https://www.domain/prog
2.redirect http www request http://www.domain/prog to https://www.domain/prog
3.redirect https://domain/prog to https://www.domain/prog
i have follow the below url
iis url redirect http to non www https
but one condtion not working
https://domain/prog to https://www.domain/prog
<rewrite>
<rules>
<rule name="SecureRedirect" stopProcessing="true">
<match url="^(.*)$" />
<conditions>
<add input="{HTTPS}" pattern="off" />
<add input="{HTTP_HOST}" pattern="^(www\.)?(.*)$" />
</conditions>
<action type="Redirect" url="https://www.{C:2}/prog" redirectType="Permanent" />
</rule>
</rules>
i have applied url rewrite on prog Virtual directory and its worked
<rewrite>
<rules>
<clear />
<rule name="Redirect non-www OR non-https to https://www">
<match url=".*" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^domain.com$" />
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://www.domain.com/prog/{R:0}" redirectType="Permanent"/>
</rule>
</rules>
</rewrite>

IIS 7 URL rewrite rules seem to be working one time only

I am trying to force a website running under IIS to always run in https mode and redirect to it's full root name which includes www in order for the SSL certificate to work properly.
Below is the web.config entry:
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_HOST}" pattern="^somewebsite.com$" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://www.{HTTP_HOST}{REQUEST_URI}" />
</rule>
</rules>
</rewrite>
</system.webServer>
This works on first time requests, for instance someone requests: somewebsite.com in the browser URI for the very first time, they will be automatically redirected to https://www.somewebsite.com. However, once the site is loaded and if user manually removes the www or https in the browser URI, the server does not perform subsequent redirects. Is that by design and is it possible for the rule to always execute?
This is what I use on all our live SSL sites. I use 2 rules and never had any problem with these:
<rule name="Redirect domain.com to www" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTP_HOST}" pattern="domain.com" />
</conditions>
<action type="Redirect" url="https://www.domain.com/{R:0}" />
</rule>
<rule name="HTTP to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>

web.config redirect non-www to www

I need to redirect non-www URLs to www URL for both HTTP and HTTPS URLs. I tried following rules in web.config.
<rule name="Redirect to WWW" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^example.com$" />
</conditions>
<action type="Redirect" url="http://www.example.com/{R:0}" redirectType="Permanent" />
</rule>
<rule name="Redirect to WWW https" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="^example.com$" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:0}" redirectType="Permanent" />
</rule>
It works perfectly for non-ssl URL but in case of SSL it redirect from https://example.com to http://www.example.com.
For a safer rule that works for both Match Any and Match All situations, you can use the Rewrite Map solution. It’s a perfectly good solution with the only drawback being the ever so slight extra effort to set it up since you need to create a rewrite map before you create the rule. In other words, if you choose to use this as your sole method of handling the protocol, you’ll be safe.
You can create a Rewrite Map called MapProtocol, you can use {MapProtocol:{HTTPS}} for the protocol within any rule action.
<rewrite>
<rules>
<rule name="Redirect to www" stopProcessing="true">
<match url="(.*)" />
<conditions trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^example.com$" />
</conditions>
<action type="Redirect"
url="{MapProtocol:{HTTPS}}://www.example.com/{R:1}" />
</rule>
</rules>
<rewriteMaps>
<rewriteMap name="MapProtocol">
<add key="on" value="https" />
<add key="off" value="http" />
</rewriteMap>
</rewriteMaps>
</rewrite>
Reference
Other answers here are unnecessary long, here's the rule i use (just copy and paste) :
<rule name="ensurewww" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{CACHE_URL}" pattern="^(.+)://(?!www)(.*)" />
</conditions>
<action type="Redirect" url="{C:1}://www.{C:2}" redirectType="Permanent" />
</rule>
This will redirect to the www version while preserving the HTTP and HTTPS protocol
Hope this helps.
Since 2018, consider to use everytime https (SSL) !
So I use redirect to www and to https together.
<rule name="Redirect to www" stopProcessing="true">
<match url="(.*)" />
<conditions trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^example.com$" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:1}" redirectType="Permanent" />
</rule>
<rule name="HTTP/S to HTTPS Redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{SERVER_PORT_SECURE}" pattern="^0$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
more info here :
https://forums.realmacsoftware.com/t/effective-july-2018-google-s-chrome-browser-will-mark-non-https-sites-as-not-secure/18597
I know this is an old post but it's not fully answered. I ended up extending Satpals answer
First rule catches http + www and second one catches non-www
For some reason i could not use MapProtocol in the fist Rule but it works with https written directly into the url.
<rewrite>
<rules>
<rule name="Special case www & HTTPS off" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^www\.example\.com$" />
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:1}" redirectType="SeeOther" />
</rule>
<rule name="Redirect to www & HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^example\.com$" />
</conditions>
<action type="Redirect" url="{MapProtocol:{HTTPS}}://www.example.com/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
<rewriteMaps>
<rewriteMap name="MapProtocol">
<add key="on" value="https" />
<add key="off" value="http" />
</rewriteMap>
</rewriteMaps>
</rewrite>
This worked fine for me:-
<rewrite>
<rules>
<rule name="Redirect to WWW" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^myExample.in$" />
</conditions>
<action type="Redirect" url="https://www.myExample.in/{R:0}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
This post is basically for those who need to redirect non-www to www URL in windows hosting.
In web.config file as below code:
<system.webServer>
<rewrite>
<rules>
<rule name=”Redirect example.com to www.example.com HTTP” patternSyntax=”ECMAScript” stopProcessing=”true”>
<match url=”.*” />
<conditions>
<add input=”{HTTP_HOST}” pattern=”^example.com$” />
<add input=”{HTTPS}” pattern=”off” />
</conditions>
<action type=”Redirect” url=”http://www.example.com/{R:0}” redirectType=”Permanent” appendQueryString=”true”/>
</rule>
<rule name=”Redirect example.com to www.example.com HTTPS” patternSyntax=”ECMAScript” stopProcessing=”true”>
<match url=”.*” />
<conditions>
<add input=”{HTTP_HOST}” pattern=”^example.com$” />
<add input=”{HTTPS}” pattern=”on” />
</conditions>
<action type=”Redirect” url=”https://www.example.com/{R:0}” redirectType=”Permanent” appendQueryString=”true”/>
</rule>
</rules>
</rewrite>
</system.webServer>
In the above code please note there are two rules used one for HTTP and another for HTTPS. To avoid clashing of HTTP and HTTPS in the same rule, here used two separate patterns.
I hope it works for you guys…!!
Follow the Step Below
Login to your website's cPanel
Click on Hosting Setting
Select your preferred domain as www.example.com

Resources