TL;DR Changing my web.config file does nothing and HTTPS is forced on all domains despite that the entire rule is removed from web.config
Long version:
I previously read this tutorial on how to configure https on your azure web-app and force it to deliver only https content:
https://azure.microsoft.com/sv-se/documentation/articles/web-sites-configure-ssl-certificate/
Now, I want to change so that some subdomains do not force https, I read about it and was told that you could add this line to your web.config to remove the rule form certain domains:
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
<add input="{HTTP_HOST}" pattern="^subdomain\.mydomain\.com$" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
That all seemed nice, but I couldn't get it to work. Now, here's when it gets weird:
As a troubleshoot step, I removed the entire "Force HTTPS"-rule from my web.config, and azure STILL forces HTTPS on all domains. It still works for the normal domain, but for all subdomains that do not have certificate files I'm given an error response when I try to connect. It's as if the web.config file is cached, meaning that all domains are looking for certificate files and those that cannot find any that match them just report back that something is wrong.
When I try to visit subdomains, this is the response I get:
Looking at your web.config file, in the last line you set redirectType="Permanent". I suspect what you're seeing is an artifact of your browser caching the redirect settings.
Related
I have a website that I host on azure. I recently bought an SSL and configured it. Now users can visit my site by typing in either http://example.com or https://example.com.
What I want is for users who type in the former to be automatically redirected to the latter while also keeping anything after the .com
So if a user types in http://example.com/about they will be redirected instead to https://example.com/about.
After some reading, I've come across this code that seems to do what I want
<system.webServer>
<rewrite>
<rules>
<rule name=”Redirect to https”>
<match url=”(.*)”/>
<conditions>
<add input=”{HTTPS}” pattern=”Off”/>
<add input=”{REQUEST_METHOD}” pattern=”^get$|^head$” />
</conditions>
<action type=”Redirect” url=”https://{HTTP_HOST}/{R:1}”/>
</rule>
</rules>
</rewrite>
</system.webServer>
But before I add this to my web.config file I have a few questions.
What is the IIS url rewrite module? IIS Rewrite and is it required to be installed on my azure hosted websites before I upload my new web.config file.
How can I also include removing www from my URL when a user enters it. For example if a user types in www.example.com they should be redirected to https://example.com instead. The reason that I want this is because in my google search console I've told google to display URLs as example.com rather then www.example.com
and finally, will this code do what I'm looking for? Is there a more professional way to achieve this? What are the benefits. I should note that my sites are asp .net web forms. I know MVC has routing options but that is not an option for me.
Edit : I don't think How to force HTTPS using a web.config file solves my issue because I don't even know if I can install the URL Rewrite module since I am not hosting IIS myself. Does azure give you access to the IIS settings? I am unfamiliar with azure details.
The Microsoft URL Rewrite Module for IIS enables IIS administrators to create powerful customized rules to map request URLs to friendly URLs that are easier for users to remember and easier for search engines to find.
This module is pre-installed for Azure Web App, as shown when inspect the applicationHost.config of the Azure Web App in Kudu.
Hence, you do not need to worry about the availability of the module for Azure Web App.
The URL Rewrite configuration to enforce HTTPS redirection for Azure web app is the simplest way to achieve what you intend. Your above configuration will apply
only if the request method is either HTTP GET or HTTP HEAD. The below configuration will not have such limitation.
<system.webServer>
<rewrite>
<rules>
<rule name="Force HTTPS Redirection" enabled="true" stopProcessing="true">
<match url="^$" ignoreCase="false"/>
<conditions>
<add input="{HTTPS}" pattern="^OFF$"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/" redirectType="Permanent"/>
</rule>
</rules>
</rewrite>
</system.webServer>
I would add one last thing. Assuming you are running on Azure Web Apps, they have various probes to your site for warm up and initialization. You probably don't want these probes to also be redirected, otherwise, you may have some issues when you restart or use Azure's swaps feature for stuff like blue/green deployments. These probes would then be return with a 301/302 rather than actually hitting your site (and Azure doesn't actually follow the redirect)
More examples https://github.com/projectkudu/kudu/wiki/Xdt-transform-samples
<rule name="Redirect to non-WWW" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="www.example.com$" />
<add input="{HTTP_USER_AGENT}" pattern="Initialization" negate="true" /> <!-- IIS Application Initialization Warmup -->
<add input="{HTTP_USER_AGENT}" pattern="SiteWarmup" negate="true" /> <!-- Azure WebApps Warmup Request -->
<add input="{HTTP_USER_AGENT}" pattern="AlwaysOn" negate="true" /> <!-- Azure WebApps AlwaysOn Probes -->
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://example.com/{R:1}" />
</rule>
<!-- Redirect to HTTPS Version -->
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_USER_AGENT}" pattern="Initialization" negate="true" />
<add input="{HTTP_USER_AGENT}" pattern="SiteWarmup" negate="true" />
<add input="{HTTP_USER_AGENT}" pattern="AlwaysOn" negate="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
</rule>
Hi I have added a http to https redirect to my web.config
<rewrite>
<rules>
<rule name="HTTP/S to HTTPS Redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/" redirectType="Found" />
</rule>
</rules>
</rewrite>
It is within the as required, in fact it is exactly the same as another iis I have running on another box.
However on this server when I save the config and then check the IIS control panel I get an
"There was an error while performing this operation ... Details: Filename \?D:\site\web.config Error:
and there is no error. When I remove the rewrite from the config everything is fine.
The only difference between this server setup and the one that works is that the broken server website is not in the root or is it the default website.
Has anyone encountered this type of error before?
Thanks
Jon
Very strange, even though i had everything set up in IIS and during the add/remove roles to include the http redirect it still needed this extension adding
http://www.microsoft.com/web/gallery/install.aspx?appid=urlrewrite2
the urlrewrite. I installed that extension and it all started working. Shame the error message couldnt ell me that i was missing the feature.
I'm rebuilding a site using iis urlrewriting on both static and dynamic pages. The redirects are all working well. The rewrite module is working perfectly.
Since the site structure is changing, I need to be able to redirect "old" defunct urls to new pages. So, for example, www.sitename.com/research.asp needs to be redirected to www.sitename.com/news
I've followed the instructions to set up a rule using a rewrite map and placed the rule near the top of my webconfig file (just under the CanonicalHostNameRule). But whatever permutations I've tried in the rule, I just can get it to work. The redirects don't happen - I just get a 404 for the (non-existent) .asp page. The map just seems to be getting ignored entirely. Just to re-iterate, all my other rules are working fine.
I've tried turning off all other rules and just working with this one, but no luck. Equally, I've trawled this forum and others for suggestions (using REQUEST_URI rather than Filename, restarting IIS, recycling App. Pools, etc etc), but nothing seems to work. The "Redirect" url="{C:1}" just sends me back to the old asp page I'm trying to get redirected away from, if that makes sense. Nothing in FailedRequestTracing seems to help, either.
Am I missing something very obvious here?
The Rule:
<rule name="Redirect Rule" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny" trackAllCaptures="false">
<add input="{StaticRedirects:{REQUEST_FILENAME}}" pattern="(.+)" />
</conditions>
<action type="Redirect" url="{C:1}" appendQueryString="false" redirectType="Permanent" />
</rule>
The Map:
<rewriteMaps>
<rewriteMap name="StaticRedirects">
<add key="research.asp" value="news" />
<add key="blog.asp" value="news" />
<add key="mentors.asp" value="interviews" />
<add key="regulars.asp" value="opinion" />
</rewriteMap>
</rewriteMaps>
NB - there are lots of other static redirects to add to this once it actually works, which is why I wanted to use a map.
I would like to make a website always have www in the address, and enforce it via IIS rewrite.
For example, test.com would become www.test.com.
The typical example rewrite rule is:
<rule name="Canonical Host Name" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" negate="true" pattern="^www\.test\.com$" />
</conditions>
<action type="Redirect" url="http://www.test.com/{R:1}" redirectType="Permanent" />
</rule>
However this requires me to enter the full url of my website. It will not work for development and staging environments that have URLs like www.test.dev and www.test.stage.
Is it possible to create an IIS Rewrite rule that will handle all of those cases?
I have another solution for you:
<rule name="Canonical domain name" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" negate="true" pattern="^www\.([.a-zA-Z0-9]+)$" />
</conditions>
<action type="Redirect" url="http://www.{HTTP_HOST}/{R:0}" appendQueryString="true" redirectType="Permanent" />
</rule>
You're right that the full URL needs to be in the web.config. You have options though.
You can use a config transform to make the regular expression match the correct environment.
There doesn't seem to be any harm if you include all three URL rewrite rules in your web.config. It sounds like your environments are isolated so each environment would only ever match one of the rules. That can clutter your web.config, but not horribly.
I'd go with option 1. You can find information on config transforms here: http://msdn.microsoft.com/en-us/library/dd465326.aspx
I would also suggest you another variant for testing in local environment:
Add to c:\Windows\System32\drivers\etc\hosts:
127.0.0.1 www.example.com
In IIS Manager select site and right click -> Edit bindings.. -> Add..
Enter host name: www.example.com
Open cmd and run iisreset
Now you are able to use www.example.com in browser which is mapped to localhost
I've been using the UrlRewrite IIS plugin for about a month on our production site.
I created a single redirect rule using the supplied template/wizard, the resulting config enrty is as follows:
<rewrite>
<rules>
<rule name="CanonicalHostNameRule1" enabled="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\.mycompany\.com$" negate="true" />
</conditions>
<action type="Redirect" url="http://www.mycompany.com/{R:1}" />
</rule>
</rules>
</rewrite>
It's been running fine until this morning, when the site started erroring with "too many redirects". As far as I know, nothing in the configuration or infrastructure changed.
I disabled the rule, and the site became functional again (though clearly without any redirecting).
I then re-enabled the rule, and now all is running as expected. I didn't make any changes to the rule other than to temporarily disable it.
Any ideas? Is the plugin buggy?
I'd recommend setting this up:
http://learn.iis.net/page.aspx/467/using-failed-request-tracing-to-trace-rewrite-rules/
This may help you track down the problem if you start getting the "too many directs" error again.
Try this other code, i have on my web and run perfect:
<rule name="Canonical Host Name" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^yourdomain\.com$" />
</conditions>
<action type="Redirect" url="http://www.yourdomain.com/{R:0}" redirectType="Permanent" />
</rule>
The explanation is simple:
Match any URL received to process
The condition is that have anydomaintext.extension (your domain and extension) without prefix
Redirect to same domain with full prefix and put all url.
Other tries was R:1 but quit some of the main url and not run.
The sample from Ruslani:
http://blogs.iis.net/ruslany/archive/2009/04/08/10-url-rewriting-tips-and-tricks.aspx
I tried to use adding www but finally use the sample above.
The fix below worked for me. I discovered my rewrite rule was at out-of-date. The other domain had changed their URL policy and were now redirecting all traffic from otherdomain.com to www.otherdomain.com
<action type="Rewrite" url="http://otherdomain.com/abc/{R:1}" />
to
<action type="Rewrite" url="http://www.otherdomain.com/abc/{R:1}" />
Do you see the difference? By adding the 'www' I preempted the other domain redirection. I basically just complied with their new policy.