I have a rewrite rule for my "Default Web Site" (aka at my wwwroot's web.config) to redirect all HTTP request to HTTPS as follows:
<rule name="http to https" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
Now I want to disable or exclude a Virtual Directory under this so I can reach that only with HTTP. How to do this?
What I have tried: Creating a rule that matches the virt.dir's name, and chose to stop any further action (no success):
<rule name="testsite no https" enabled="true" stopProcessing="true">
<match url="(testsite)" ignoreCase="true" />
<action type="None" />
<conditions>
<add input="{URL}" pattern="(testsite)" />
</conditions>
</rule>
Added a negate condition for the first rule (no success)
<add input="{URL}" pattern="(testsite)" negate="true" />
What am I doing wrong?
You do not need a separate rule for that.
Open IIS manager expand the site and select the virtual directory.
In the center pane you can see all the modules. Double click URL Rewrite.
Select the redirect rule and in the actions pane click disable rule.
Also you can add a web.config in your virtual directory and do below
<system.webServer>
<rewrite>
<rules>
<remove name="testsite no https" />
</rules>
</rewrite>
</system.webServer>
Or
Change your match condition from <match url="(.*)" /> to <match url="^((?!testsite).)*$" /> so basically this will work for all URLS except the one containing testsite.
Hope this helps.
Related
I have multiple domains bound to one site. For one domain, I would like to leave everything untouched by the Rewrite module. For the other domain, for example: www.example.com, I wish to allow every request down this path www.example.com/allowedpath yet for any other requests from www.example.com and below, return a 404.
From your description, I understand that you want to achieve requirement below.
Domain1.com -> Should not be affected by Rewrite rule
Example.com -> Example.com/allowed_path
Example.com/any_other_path -> Abort request
To achieve the above requirement, I have created 2 rewrite rules below.
<rules>
<clear />
<rule name="Rule-1" stopProcessing="true">
<match url="^$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="example.com" />
</conditions>
<action type="Redirect" url="/test_path" />
</rule>
<rule name="Rule-2" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="example.com" />
<add input="{REQUEST_URI}" pattern="/test_path" negate="true" />
</conditions>
<action type="AbortRequest" />
</rule>
</rules>
Test result with Domain1.com
Test result with Example.com
Further, you could modify these rules as per your own requirement.
IIS 10 server behind an AWS application load balancer will not redirect traffic for domain without www when client requests http rather than https. The rule to redirect traffic when www is specified works fine, but 404 is returned if you try the same url without www.
So:
Enter "http://dname.com/blog" = 404
Enter "http://www.dname.com/blog" = redirect to "https://www.dname.com/blog"
<rule name="Force HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_X_Forwarded_Proto}" pattern="^https$" negate="true" />
<add input="{HTTP_HOST}" pattern="^dname\.com$" />
</conditions>
<action type="Rewrite" url="https://www.dname.com{REQUEST_URI}" />
</rule>
<rule name="Force WWW HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_X_Forwarded_Proto}" pattern="^https$" negate="true" />
<add input="{HTTP_HOST}" pattern="^www\.dname\.com$" />
</conditions>
<action type="Redirect" url="https://www.dname.com{REQUEST_URI}" />
</rule>
Nothing worked for me even after going through the answers provided on different forums.
After 2 days of banging my head in this here's what I found which solved the issue :
Bindings : Port 80 must be enabled (This can be added in bindings section in IIS).
SSL settings : Required SSL must be unchecked.
Add Rule :
<rewrite>
<rules>
<rule name="http to https redirection" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"
appendQueryString="false" />
</rule>
</rules>
</rewrite>
Verify web config as it should reflect the rule added in IIS.
I don't know why the previously posted rules wouldn't work, but I was able to create a refined rule that is working:
<rule name="Force HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_X_Forwarded_Proto}" pattern="^https$" negate="true" />
<add input="{HTTP_HOST}" pattern="^(www\.)?dname\.com$" />
</conditions>
<action type="Redirect" url="https://www.dname.com{REQUEST_URI}" />
</rule>
The above rule combines the two rules instead of looking for the domain without the www and then with the www in a separate rule. The regex (www\.) tells the rule to look for "www." and the question mark tells it that it may or may not be there, so that includes the domain with and without the www.
There is a very very important step that should take care, before setup a redirect configure.
in web Sites project --> Actions(in the right) --> Bindings , the content will like below:
Binding Content
You take carefully the yellow color part, the yellow part is your original web IP address. This original IP address must exist in "Site Bindings", without the yellow part the URL redirect will not working anymore.
The following config is my current IIS URL redirect setting:
<rewrite>
<globalRules>
<rule name="Http redirect to Https" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="localhost:8080" /> <-- the Red one should match above Site Bindings original IP address
</conditions>
<action type="Redirect" url="https://Your-Host-Name/{R:1}" redirectType="SeeOther" />
</rule>
</globalRules>
</rewrite>
I have a site that uses two characters in the URL path to determine the initial language e.g. https://my.company.net/Monitoring/gb displays in the English language. I want to setup a redirect for these two display the full culture code e.g. https://my.company.net/Monitoring/en-GB
This is the rule that I've tried:
<rewrite>
<rules>
<rule name="Monitoring gb rewrite" patternSyntax="ExactMatch" stopProcessing="true">
<match url="https://my.company.net/Monitoring/gb" />
<conditions />
<serverVariables />
<action type="Redirect" url="https://my.company.net/Monitoring/en-GB" appendQueryString="false" />
</rule>
</rules>
</rewrite>
I expected https://my.company.net/Monitoring/gb to redirect to https://my.company.net/Monitoring/en-GB however this rule does not have any effect: the browser URL stays at https://my.company.net/Monitoring/gb.
How can I rectify this?
You could use below url rewrite rule.
<rule name="gb to en-gb redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="ww.sample1.com" />
<add input="{HTTPS}" pattern="on" />
<add input="{REQUEST_URI}" pattern="Monitoring/gb" />
</conditions>
<action type="Redirect" url="https://www.sample1.com/Monitoring/en-GB" />
</rule>
Note: use your hostname instead of the www.sample1.com.
The redirect failure was due to browser caching. The redirect works once the cache is cleared.
URL Rewrite rule for redirecting from http to https:
<rewrite>
<rules>
<rule name="http to https" enabled="false" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
However, when you go directly to a subfolder like http://www.example.com/employees via an old bookmark or by typing the address into the browser, it doesn't redirect to https://www.example.com/employees but stays on http://www.example.com/employees.
Oddly enough, we have the same rewrite rules for a dev site, and it will redirect from http://dev.example.com/employees to https://dev.example.com/employees.
Very strange. Any ideas?
This is what I use - I add it to the applicationhost.config file, so it's at the global level. It's a little different then yours, I run many different sites and never have the issue you're describing doing it this way.
<rule name="Root Redirect to HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{SERVER_PORT}" pattern="^80$" />
<add input="{HTTP_HOST}" pattern="example\.com$" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:0}" />
</rule>
I am trying to force a website running under IIS to always run in https mode and redirect to it's full root name which includes www in order for the SSL certificate to work properly.
Below is the web.config entry:
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_HOST}" pattern="^somewebsite.com$" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://www.{HTTP_HOST}{REQUEST_URI}" />
</rule>
</rules>
</rewrite>
</system.webServer>
This works on first time requests, for instance someone requests: somewebsite.com in the browser URI for the very first time, they will be automatically redirected to https://www.somewebsite.com. However, once the site is loaded and if user manually removes the www or https in the browser URI, the server does not perform subsequent redirects. Is that by design and is it possible for the rule to always execute?
This is what I use on all our live SSL sites. I use 2 rules and never had any problem with these:
<rule name="Redirect domain.com to www" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTP_HOST}" pattern="domain.com" />
</conditions>
<action type="Redirect" url="https://www.domain.com/{R:0}" />
</rule>
<rule name="HTTP to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>