I have node.js server deployed in IIS on azure web sites and i want to block or redirect http requests. I use express + socket.io in my server.
I found 2 ways to do that:
in actual socket.io code by passing allowRequest parameter to socket.io. So my code will look like that :
var checkRequest = function (req, fn) {
fn(err, true);
};
var ioOptions = {
pingInterval: socketPingInterval,
pingTimeout: socketPingTimeout,
path: "/" + config.API_VERSION + "/socket.io",
allowRequest : checkRequest
};
_socketListener = io.listen(server, ioOptions);
the problem is that code never enters checkRequest method, and i dont know why.
Add rule to web.config file. I checked several forums, and everybody says that if i add this code:
<rule name="RedirecttoHTTPS">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{URL}" pattern="/$" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
</conditions>
<action type="Redirect" url="https://{SERVER_NAME}/{R:1}" redirectType="SeeOther" />
</rule>
It will redirect my hpt requests to HTTPS. But it still works and i can access via HTTP.
Can anyonw help with any option ?
Using Kudu Console, create an applicationhost.xdt file in your d:\home\site folder, containing the following:
<rewrite xdt:Transform="InsertIfMissing">
<rules xdt:Transform="InsertIfMissing">
<rule name="Force HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
<add input="{WARMUP_REQUEST}" pattern="1" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
And remove whatever you added to your web.config. This should just work.
This worked for me with a Node web app in Azure...
https://stpdev.wordpress.com/2015/09/23/force-https-redirection-for-nodejs-apps-hosted-in-azure/
<rewrite>
<rules>
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
Related
I have a little question about SSL. I have a website that we have purchased SSL and made some rewright rules in web.config. But the problem is, sometimes we can not redirect to https version. When we type the domain with https, it work perfectly, but when we delete https, we can not redirect to secure version of the site. Here is our web.config file (for privacy, I have hanged our site name as example.com);
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to www" enabled="false" stopProcessing="true">
<match url="(.*)" />
<conditions trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^example.COM$" />
</conditions>
<action type="Redirect" url="{MapProtocol:{HTTPS}}://www.example.com/{R:1}" />
</rule>
<rule name="AngularJS Routes" enabled="true" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="/" logRewrittenUrl="false" />
</rule>
<rule name="Redirect HTTP to HTTPS" enabled="false" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{HTTP_URL}" appendQueryString="false" redirectType="SeeOther" />
</rule>
<rule name="Force non-WWW and SSL" enabled="true" stopProcessing="true">
<match url="(.*)" negate="true" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^(www\.)(.*)$" />
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://example.com/{R:0}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
What can we do more to be sure that every time we will be redicting to secure version (https) of the link?
Did you use one of these Apache, IIS,Tomcat,Nginx? You have to set let http redirect to https.
In a Azure portal app, I configured traffic to redirect to https but https://www won't redirect to https://
Redirection from http://, http://www both work correctly.
Those are rules I have in web.config in azure app.
<system.webServer>
<rewrite>
<rules>
<rule name="HTTPS" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" />
</rule>
<rule name="NonWwwRedirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\.example\.com$" />
</conditions>
<action type="Redirect" url="https://example.com/{R:1}" redirectType="Permanent" />
</rule>
<!--To always remove trailing slash from the URL-->
<rule name="Remove trailing slash" stopProcessing="true">
<match url="(.*)/$" />
<action type="Redirect" redirectType="Permanent" url="{R:1}" />
</rule>
<rule name="AngularJS Routes" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
<add input="{REQUEST_URI}" pattern="^/(api)" negate="true" />
<add input="{REQUEST_URI}" pattern="^/(signalr)" negate="true" />
<add input="{REQUEST_URI}" pattern="^/(token)" negate="true" />
</conditions>
<action type="Rewrite" url="/" />
</rule>
</rules>
</rewrite>
How can I achieve the needed redirect?
The problem was with DNS records. A record with host www was pointed to different IP. Changed it to same IP as # host, that solved the problem
How about:
<rewrite>
<rules>
<rule name="Redirect www OR non-https to https://" enabled="true" stopProcessing="true">
<match url=".*" ignoreCase="true" />
<conditions logicalGrouping="MatchAny>
<add input="{HTTP_HOST}" pattern="^www\.(.*)$" />
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{C:1}/{R:0}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
You could refer to the code as below:
<rule name="NonWwwRedirect" stopProcessing="true">
<match url=".*"/>
<conditions>
<add input="{HTTP_HOST}" pattern="^www\.(.*)$" />
</conditions>
<action type="Redirect" url="https://example.com/{R:0}" redirectType="Permanent" />
</rule>
Note: Make sure the example.com hostname you have assigned to Site, so that you could reach it successfully.
I have one url which having ./ [period & slash] at the end of parameter. I want to redirect that url with different location but its not even detecting in rules. I am using IIS. I want to configure this on web.config
http://somesitename.com/mypage/teachers-manual./sku/8772
needs to redirect on
http://somesitename.com/mypage/teachers-manual/sku/8772
Though I have tried solution given on Here but its not even working. But if I use same thing instead of Redirect with Rewrite then Rule start working. Not sure why its not working for "Redirect".
<rule name="Trailing Dots and spaces" stopProcessing="true">
<match url="^mypage\/(.*)([\.\s]+)\/(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Rewrite" url="/index.cfm/{R:1}/{R:2}/{R:4}" appendQueryString="true" />
</rule>
Actually when I tried to write rule then url which having ./ is also not working.[ http://somesitename.com/mypage/teachers-manual./sku/8772 ]
<rule name="Trailing Dots and spaces1.1" stopProcessing="true">
<match url="^(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="http://somesitename.com/newpage.html" />
</rule>
Not sure where its wrong.
Just got more information on Post & Haacked Said for it.
so I have modified file as follows and now its perfectly working for me.
<configuration>
<system.web>
<httpRuntime relaxedUrlToFileSystemMapping="true" />
</system.web>
<system.webServer>
<rewrite>
<rules>
<rule name="Trailing Dots and spaces1.1" stopProcessing="true">
<match url="^(.*)/(.*)\.\/(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
</conditions>
<action type="Redirect" url="/{R:1}/{R:2}/{R:3}" appendQueryString="false" redirectType="Permanent" />
</rule>
</rules>
.... etc
Whats the best way to achieve the above? I do know that it can be achieved at HttpModule level. Is it possible just via web.config(easier and faster to code execute).
It's easy to do this with the URL rewrite module through the web.config :
<rewrite>
<rules>
<clear />
<rule name="Redirect naked domains to www.domain.com" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" negate="true" pattern="^www\." />
<add input="{REQUEST_URI}" negate="true" pattern="^noredirect/forthis/page\.aspx$" />
<add input="{REQUEST_URI}" negate="true" pattern="^noredirect/forthis/page-as-well\.aspx$" />
<add input="{REQUEST_URI}" negate="true" pattern="^noredirect/forthis/page-as-well-too\.aspx$" />
</conditions>
<action type="Redirect" url="http://www.{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
Or if you really only have a single page that doesn't need to be redirected, it can be even shortened to:
<rewrite>
<rules>
<clear />
<rule name="Redirect naked domains to www.domain.com" stopProcessing="true">
<match url="^noredirect/forthis/page\.aspx$" negate="true" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" negate="true" pattern="^www\." />
</conditions>
<action type="Redirect" url="http://www.{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
I'm really stuck on this one...
Basically, I'm trying to make 2 pages always over SSL using the URLRewrite add-on for IIS. But I also need to force all other pages to HTTP (sigh - don't ask).
But if I force other pages over HTTP, then when you view the SSL page you'll get the security warning. I tried to solve this by checking if the HTTP_REFERER is the SSL page then let it be sent over SSL for that page only. This doesn't work because if someone clicks a link on the SSL page then it will stay over SSL.
Is this even possible?...
This is as far as I got so far:
<rewrite>
<rules>
<rule name="Force HTTPS Login" stopProcessing="true">
<match url="(.+)login.aspx" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
</rule>
<rule name="Force HTTPS Payments" stopProcessing="true">
<match url="(.+)payments.aspx" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
</rule>
<rule name="Others Force HTTP" stopProcessing="true">
<match negate="true" url="((.+)login.aspx|(.+)payments.aspx)" />
<conditions>
<add input="{HTTPS}" pattern="^ON$" />
<add input="{HTTP_REFERER}" negate="true" pattern="(.+)login.aspx" />
<add input="{HTTP_REFERER}" negate="true" pattern="(.+)payments.aspx" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
UPDATE: Found this article: Rewrite http to https on some pages only using .htaccess. No answer since March 2010...!
So what I ended up doing is:
Force HTTPS for the page(s) that required it.
Force all other pages to HTTP EXCEPT for the page(s) in point#1 and the "/styles" and "/images" folders that are referenced on these pages.
Since the pages use relative paths, they automatically use the styles/images over HTTP/HTTPS respectively.
<rewrite>
<rules>
<rule name="Force HTTPS Login" stopProcessing="true">
<match url="(.*)/login.aspx" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
</rule>
<rule name="Others Force HTTP" stopProcessing="true">
<match url="(((.*)/login.aspx)|((.*)/styles(.*))|((.*)/images(.*)))" negate="true" />
<conditions>
<add input="{HTTPS}" pattern="^ON$" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>