Web.config webServer rewrite rules for local and remote - iis

I have an application that I want to run locally via http and remotely (on Azure) via https so I added this to my web.config file.
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to https">
<match url="(.*)"/>
<conditions>
<add input="{HTTPS}"
pattern="Off"/>
<add input="{REQUEST_METHOD}"
pattern="^get$|^head$" />
</conditions>
<action type="Redirect"
url="https://{HTTP_HOST}/{R:1}"/>
</rule>
</rules>
</rewrite>
</system.webServer>
After deploying this to Azure it worked perfectly on the remote server but when I run it locally the re-route occurs and I get SSL connection errors because I don't have or want a local ssl cert.
I have tried using the rule below (with an extra input testing localhost) to overcome the local issue but it appears as if the damage is done and nothing else I have tried will get my local site to work again.
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to https">
<match url="(.*)"/>
<conditions>
<!-- This has been added -->
<add input="{HTTP_HOST}"
pattern="localhost"
negate="true"/>
<add input="{HTTPS}"
pattern="Off"/>
<add input="{REQUEST_METHOD}"
pattern="^get$|^head$" />
</conditions>
<action type="Redirect"
url="https://{HTTP_HOST}/{R:1}"/>
</rule>
</rules>
</rewrite>
</system.webServer>
Would anyone mind putting me out of my misery and explaining where I'm going wrong?

I've got it working now!
I'm sure some of my previous attempts should have worked as well but didn't realise I need to clear the cache within Chrome - I guess Chrome caches such redirects?
Anyway, I added this rule and deleted the cache and all is working as I'd expect!
<rule name="Redirect to http"
stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll"
trackAllCaptures="false">
<add input="{HTTP_HOST}"
pattern="localhost" />
</conditions>
<action type="None" />
</rule>
Hope some of this might help others in the future...

Related

IIS redirect with url exception for stripe

I'm working on updating the stripe checkout from a website, I was doing it successfully on localhost but when I put it on live mode on a windows server it stopped working. The issue is that when I should be redirected to the checkout page from stripe, the url is altered and becomes something that doesn't make sense:
The correct url: www.checkout.stripe.com/pay/cs_...
The url that I get redirected to: www.mysite.com/pay/cs_..
I kept thinking what could be the causa of that and I think it's the URL rewrite rule that I have on the windows server. I would like to add an exception to the rule and allow the stripe checkout to initiate, but I have no idea how to do it.
Below is my web.config file:
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:8008/{R:1}" />
</rule>
<rule name="HTTPS" enabled="false" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
I figured it out. This is my final web.config
<configuration>
<system.webServer>
<urlCompression doDynamicCompression="false" />
<rewrite>
<rules>
<clear />
<rule name="ReverseProxyInboundRule">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="http://localhost:8008/{R:1}" />
</rule>
<rule name="stripe redirect in checkout" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{REQUEST_URI}" pattern="/pay/" />
</conditions>
<action type="Redirect" url="checkout.stripe.com{REQUEST_URI}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
</system.webServer>
My issue was not really understanding the meaning of the options in the URL Rewrite. I checked the course URL Rewrite for Developers and it was really helpful. I was able to solve the issue quickly.
The file you have shown contains the inbound rewrite rules only. But you have an issue with response from your server. Thus, you should fix the outbound rewrite rule in the right config file.

how do you forward http/www to https/non-www on windows hosting iis?

I'm really struggling with this. I have tried no end of examples and everything I read tells me this should work, however, I'm no server expert so I may well have made some incorrect assumptions about what I have done.
Quite simply I have a site at https://xxxxx.co.uk if someone types in
http://xxxxx.co.uk or
http://www.xxxxx.co.uk or
https://www.xxxxx.co.uk
I want them to be redirected to https://xxxxx.co.uk
Currently, I can get the Http to https working but not the www to non-www part (with or without the https bit). It just stays on the www.xxxxx.co.uk (http://www and https://www) and tells me about a security risk which makes sense. But I want it to go to my site.
Any help would be much appreciated as I have been at this all day.
I found this article enter link description here which covers nearly all scenarios except https://www.xxxxx.co.uk. This rule just doesn't seem to want to work
<system.webServer>
<rewrite>
<rules>
<rule name="RedirectWwwToNonWww" stopProcessing="false">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^(www\.)(.*)$" />
</conditions>
<action type="Redirect" url="https://xxxxx.co.uk" redirectType="Permanent" />
</rule>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>

Redirect HTTPS to HTTP IIS 10

I have IIS 10 running locally in my development environment. I am trying to test an SSO solution with a test ADFS instance. However, ADFS only allows for a secured endpoint to redirect to. I need to setup my local environment to change any requests that come in as https to http. Here is the configuration I have tried:
<rule name="Force Http" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="on" />
</conditions>
<action type="Rewrite" url="http://{HTTP_HOST}/{REQUEST_URI}" />
</rule>
The user is not being redirected and I am just getting a 404. I have tried with and without an https binding on the default website that I have the site sitting under.
Here is the solution that finally worked for me:
<rule name="No-https" enabled="true" stopProcessing="true">
<match url=".*" negate="false" />
<action type="Redirect" url="http://{HTTP_HOST}{REQUEST_URI}" />
<conditions trackAllCaptures="false">
<add input="{SERVER_PORT_SECURE}" pattern="^1$" />
</conditions>
</rule>

IIS URL Rewrite not redirecting subfolders

URL Rewrite rule for redirecting from http to https:
<rewrite>
<rules>
<rule name="http to https" enabled="false" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
However, when you go directly to a subfolder like http://www.example.com/employees via an old bookmark or by typing the address into the browser, it doesn't redirect to https://www.example.com/employees but stays on http://www.example.com/employees.
Oddly enough, we have the same rewrite rules for a dev site, and it will redirect from http://dev.example.com/employees to https://dev.example.com/employees.
Very strange. Any ideas?
This is what I use - I add it to the applicationhost.config file, so it's at the global level. It's a little different then yours, I run many different sites and never have the issue you're describing doing it this way.
<rule name="Root Redirect to HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{SERVER_PORT}" pattern="^80$" />
<add input="{HTTP_HOST}" pattern="example\.com$" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:0}" />
</rule>

IIS 7 URL rewrite rules seem to be working one time only

I am trying to force a website running under IIS to always run in https mode and redirect to it's full root name which includes www in order for the SSL certificate to work properly.
Below is the web.config entry:
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_HOST}" pattern="^somewebsite.com$" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://www.{HTTP_HOST}{REQUEST_URI}" />
</rule>
</rules>
</rewrite>
</system.webServer>
This works on first time requests, for instance someone requests: somewebsite.com in the browser URI for the very first time, they will be automatically redirected to https://www.somewebsite.com. However, once the site is loaded and if user manually removes the www or https in the browser URI, the server does not perform subsequent redirects. Is that by design and is it possible for the rule to always execute?
This is what I use on all our live SSL sites. I use 2 rules and never had any problem with these:
<rule name="Redirect domain.com to www" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTP_HOST}" pattern="domain.com" />
</conditions>
<action type="Redirect" url="https://www.domain.com/{R:0}" />
</rule>
<rule name="HTTP to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>

Resources