I hope this makes sense. I'm trying to write a global rewrite rule in IIS that will abort a request if a client cert isn't presented to the IIS(rather than giving a 403 error). I've come across the cert_flags option, but I can't quite figure out what I'm supposed to put in for the condition. Has anyone done this before?
Thanks!
Not sure if this is still relevant, but I recently ran into this, so I figured I'd toss my solution out there.
I took inspiration from this solution for Apache https://serverfault.com/questions/411858/allowing-users-in-from-an-ip-address-without-certificate-client-authentication.
There were two things I did to make this work. The first was to change IIS to "accept" client certificates instead of making it "require" them, while still requiring an SSL connection. The second was to add an extra rewrite rule that processes all incoming URLs and aborts the request if it matches the condition:
{CERT_FLAGS} Does not match pattern ^1$
CERT_FLAGS should be one if the certificate is valid as per the descriptions from https://msdn.microsoft.com/en-us/library/ms524602%28v=vs.90%29.aspx and the description of how microsoft does flags https://msdn.microsoft.com/en-us/library/dd304685.aspx.
My web.config for that rule looked basically like:
<rule name="Bad Certs" enabled="true" stopProcessing="false">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{CERT_FLAGS}" pattern="^1$" negate="true" />
</conditions>
<action type="AbortRequest" />
</rule>
Related
I have a URL that looks like
https://thesite.com/m/?pageName=profileSettings#notifications
I need to rewrite it to
https://thesite.com/m/?pageName=notificationSettings
I'm trying something like
<rule name="m_notifications" stopProcessing="true">
<match url="^m/(.*)" />
<conditions>
<add input="{QUERY_STRING}" pattern="pageName=profileSettings#notifications" />
</conditions>
<action type="Rewrite" url="pageName=notificationSettings" appendQueryString="False"/>
</rule>
This isn't working, no errors, just not making any changes. What am I missing?
Thanks
It is not possible to do a rewrite based on the hash string. Browser doesn't transmit the part after hash to the server.
It's called Fragment identifier and is client side only. It's not possible in any language unless you are using some browser implementation (or software) which would send that part of URL to the server.
Looking for a method we can use in our ASP.NET MVC-5 IIS-8 site to return a 410 error response (gone) based on a list of phrases contained in the querystrings.
Why? We're receiving a few hundred daily junk hits from reputable bots (e.g., Google, Bing, Yahoo) for ridiculously named pages that we've never had on our site. I'm thinking that for most of these pages I can test if a given key-phrase exists and, if it does, return the 410. I'd like to return the 410 to tell the bots they can remove their listing permanently thereby providing a gradually improved SEO environment.
Here's a few examples of URL's we're receiving with the key-phrase I would test for in bold.
https://www.example.com:443/apple-touch-icon-precomposed.png
http://ww.w.example.com:80/zdjqhhmtkatt.html
I know this is very do-able with .htaccess in other programming environments so I'm hoping there's also an elegant solution for ASP.MVC.
You can do that with URL rewrite module. The rule in your web.config should be like that:
<rewrite>
<rules>
<rule name="410response" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAny">
<add input="{REQUEST_URI}" pattern="apple-touch" />
<add input="{REQUEST_URI}" pattern="zdjqhhmtkatt" />
</conditions>
<action type="CustomResponse" statusCode="410" statusReason="System unavailable" statusDescription="Gone. The requested resource is no longer available." />
</rule>
</rules>
</rewrite>
The URLRewrite is "sort of" working. If I take out the ?title= from the https://devbox.mysite.com/?title=test-article and just have it as https://devbox.mysite.com/test-article, the page would still loads fine. However, the problem is, it still shows https://devbox.mysite.com/?title=test-article on the client's URL address. I don't understand that it's working but then it's still showing the actual URL on the client's browser. Below is my URLRewrite rule. Any suggestion is much appreciated.
<rule name="KB-rewrite" enabled="true">
<match url="^kb/article/([a-zA-Z0-9\-]+)$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{QUERY_STRING}" pattern="1" negate="true" />
</conditions>
<action type="Rewrite" url="kb/article/?title={R:1}" appendQueryString="false" />
</rule>
I thought I figured it out yesterday but that wasn't it. I re-edited this post because I think this is related to ColdFusion and perhaps our CommonSpot CMS. The question is, why is it showing ?titlte= in the URL when without it, it would still works? What could have caused this behavior? Where can I start troubleshooting?
Okay, this time I figured out it out. IIS URLRewrite works as it supposed to since if I removed the ?title=, the page still loads. The problem was, in the search result hyperlink, I put ?ititle= as part of the URL so when a user clicked on the result, it would show the URL as containing the ?title= in it. Since the URLRewrite is working as it should, all I had to do was remove the ?title= from each result's hyperlink and my problem is resolved.
I'm trying to use the URL Rewrite module for IIS 7.5 to redirect all HTTP requests to HTTPS for my ASP.NET website. The site works fine at the moment but forces the user to type the https:// in the address bar.
I followed the instructions in this article. Everything seems to be fine: I've tried putting the rule in the web.config and it shows up in the UI as it should; I've also done the reverse and can see the changes in the web.config when I use the UI to add the rule. I have RequireSSL unchecked for the site. Unfortunately I still just get a 404 when I try to hit the site via http://.
I've tried a few different action urls including {HTTP_HOST}/{R:1} and the one shown below.. nothing works.
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"
redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
</system.webServer>
I'm fairly new to this and pretty frustrated at this point. Seems like this should be a lot easier. Any advice would be appreciated, thanks..
Reposting from ServerFault as it's been sitting unanswered for a while.
HTTP Error 404. The requested resource is not found
Do you actually have binding for HTTP 80 port? Sounds like you do not have it (only HTTPS).
The reason I'm asking is the quoted text is the exact message that I would see if I request unknown to IIS domain (when there is no catch-all defined) or domain is not bound to the requested port.
I want to ensure that anybody who goes to http://example.com/* gets automatically redirected to http://www.example.com/*. Currently, IIS allows either URL form to work, meaning that any page can be accessed at multiple URLs, which has a number of disadvantages (SEO, etc).
Is there any way to do this built into IIS (especially IIS 6) without setting up a third-party rewriting engine like this? It seems like a bazooka to kill a mosquito.
The easy way would be to simply remove the DNS entries for 'www.mysite.com', so the only DNS entries that exist are for 'mysite.com'.
Alternatively, here's a couple of techiques for redirecting to a canonical URI:
http://www.kalyani.com/2010/01/redirecting-to-canonical-url-in-iis7/
https://web.archive.org/web/20211020203216/https://www.4guysfromrolla.com/articles/072810-1.aspx
http://www.stevenhargrove.com/redirect-web-pages/
Basically you want to hand back a 301 Moved Permanently status for the non-canonical URIs, along with the canonical URI so the user agent may load it instead.
I have another solution for you:
<rule name="Canonical domain name" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" negate="true" pattern="^www\.([.a-zA-Z0-9]+)$" />
</conditions>
<action type="Redirect" url="http://www.{HTTP_HOST}/{R:0}" appendQueryString="true" redirectType="Permanent" />
</rule>