Force HTTPS via URL rewrite in web.config - iis

I'm trying to force HTTPS via a web.config URL rewrite rule for a URL which includes a path.
eg http://my.domain.com/folder must be forced to use https://my.domain.com/folder
I'd also like to force HTTPS for all pages on their relative paths
eg http:// my.domain.com/folder/page.aspx forced to https:// my.domain.com/folder/page.aspx
This is what I have:
<rewrite>
<rules>
<rule name="Redirect to https">
<match url="(.*)"/>
<conditions>
<add input="{HTTPS}" pattern="Off"/>
<add input=”{REQUEST_METHOD}” pattern=”^get$|^head$” />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}"/>
</rule>
</rules>
</rewrite>

Try this URL rewrite rule:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="HTTP/S to HTTPS Redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{SERVER_PORT_SECURE}" pattern="^0$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

Check your casing and the type of quotes you are using. Also, the 2nd input method is invalid - the pattern isn't valid a regex. This rule works for what you want:
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>

Related

iis rewrite url for https://example.com/default.aspx/default.aspx to https://example.com

I have tried all kinds of rewrite URL's and can't get IIS to send the URL of https://example.com/default.aspx/default.aspx to https://example.com/default.aspx
Google has indexed the site with the wrong URL when Bing got it right (go figure). Any help would be much appreciated. All my traffic is going to the wrong url (https://example.com/default.aspx/default.aspx).
<rewrite>
<rules>
<rule name="Redirect www.xxx.com to xxx.com" patternSyntax="ECMAScript" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^https://example.com/default.aspx/default.aspx" />
</conditions>
<action type="Redirect" url="default.aspx" />
</rule>
<rule name="redirect two character to default" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{URL}" pattern="^/[a-z]{2}(/)?$" />
</conditions>
<action type="Redirect" url="default.aspx" appendQueryString="false" />
</rule>
</rules>
</rewrite>
There is some issue in your rule. {HTTP_HOST} only matches the hostname which is www.example.com it will not match the whole URL.
You could try below rule:
<rule name="Redirect www.xxx.com to xxx.com" enabled="true" patternSyntax="ECMAScript" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="www.example.com" />
<add input="{HTTPS}" pattern="on" />
<add input="{REQUEST_URI}" pattern="default/default|default.aspx/default.aspx" />
</conditions>
<action type="Redirect" url="default.aspx" />
</rule>

How do I enforce www on an IIS hosted website?

My site is hosted on IIS, I need to enforce the browser to use www prefix.
I've installed the Url Rewrite Module and my rule is:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Add WWW" stopProcessing="true">
<match url="^(.*)$" />
<conditions>
<add input="{HTTP_HOST}" pattern="^(?!www\.)(.*)$" />
</conditions>
<action type="Redirect" url="http://www.{C:0}{PATH_INFO}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
from IIS7 URL Rewrite - Add "www" prefix
But I cannot work out how to maintain ssl
You need to capture the protocol in the input:
<rule name="Enforce WWW" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{CACHE_URL}" pattern="^(.+)://(?!www)(.*)" />
</conditions>
<action type="Redirect" url="{C:1}://www.{C:2}" redirectType="Permanent" />
</rule>
{C:1} will contain the protocol and {C:2} will have your domain and anything else.
(source)

IIS 7 URL rewrite rules seem to be working one time only

I am trying to force a website running under IIS to always run in https mode and redirect to it's full root name which includes www in order for the SSL certificate to work properly.
Below is the web.config entry:
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_HOST}" pattern="^somewebsite.com$" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://www.{HTTP_HOST}{REQUEST_URI}" />
</rule>
</rules>
</rewrite>
</system.webServer>
This works on first time requests, for instance someone requests: somewebsite.com in the browser URI for the very first time, they will be automatically redirected to https://www.somewebsite.com. However, once the site is loaded and if user manually removes the www or https in the browser URI, the server does not perform subsequent redirects. Is that by design and is it possible for the rule to always execute?
This is what I use on all our live SSL sites. I use 2 rules and never had any problem with these:
<rule name="Redirect domain.com to www" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTP_HOST}" pattern="domain.com" />
</conditions>
<action type="Redirect" url="https://www.domain.com/{R:0}" />
</rule>
<rule name="HTTP to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>

web.config redirect non-www to www

I need to redirect non-www URLs to www URL for both HTTP and HTTPS URLs. I tried following rules in web.config.
<rule name="Redirect to WWW" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^example.com$" />
</conditions>
<action type="Redirect" url="http://www.example.com/{R:0}" redirectType="Permanent" />
</rule>
<rule name="Redirect to WWW https" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="^example.com$" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:0}" redirectType="Permanent" />
</rule>
It works perfectly for non-ssl URL but in case of SSL it redirect from https://example.com to http://www.example.com.
For a safer rule that works for both Match Any and Match All situations, you can use the Rewrite Map solution. It’s a perfectly good solution with the only drawback being the ever so slight extra effort to set it up since you need to create a rewrite map before you create the rule. In other words, if you choose to use this as your sole method of handling the protocol, you’ll be safe.
You can create a Rewrite Map called MapProtocol, you can use {MapProtocol:{HTTPS}} for the protocol within any rule action.
<rewrite>
<rules>
<rule name="Redirect to www" stopProcessing="true">
<match url="(.*)" />
<conditions trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^example.com$" />
</conditions>
<action type="Redirect"
url="{MapProtocol:{HTTPS}}://www.example.com/{R:1}" />
</rule>
</rules>
<rewriteMaps>
<rewriteMap name="MapProtocol">
<add key="on" value="https" />
<add key="off" value="http" />
</rewriteMap>
</rewriteMaps>
</rewrite>
Reference
Other answers here are unnecessary long, here's the rule i use (just copy and paste) :
<rule name="ensurewww" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{CACHE_URL}" pattern="^(.+)://(?!www)(.*)" />
</conditions>
<action type="Redirect" url="{C:1}://www.{C:2}" redirectType="Permanent" />
</rule>
This will redirect to the www version while preserving the HTTP and HTTPS protocol
Hope this helps.
Since 2018, consider to use everytime https (SSL) !
So I use redirect to www and to https together.
<rule name="Redirect to www" stopProcessing="true">
<match url="(.*)" />
<conditions trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^example.com$" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:1}" redirectType="Permanent" />
</rule>
<rule name="HTTP/S to HTTPS Redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{SERVER_PORT_SECURE}" pattern="^0$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
more info here :
https://forums.realmacsoftware.com/t/effective-july-2018-google-s-chrome-browser-will-mark-non-https-sites-as-not-secure/18597
I know this is an old post but it's not fully answered. I ended up extending Satpals answer
First rule catches http + www and second one catches non-www
For some reason i could not use MapProtocol in the fist Rule but it works with https written directly into the url.
<rewrite>
<rules>
<rule name="Special case www & HTTPS off" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^www\.example\.com$" />
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:1}" redirectType="SeeOther" />
</rule>
<rule name="Redirect to www & HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^example\.com$" />
</conditions>
<action type="Redirect" url="{MapProtocol:{HTTPS}}://www.example.com/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
<rewriteMaps>
<rewriteMap name="MapProtocol">
<add key="on" value="https" />
<add key="off" value="http" />
</rewriteMap>
</rewriteMaps>
</rewrite>
This worked fine for me:-
<rewrite>
<rules>
<rule name="Redirect to WWW" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^myExample.in$" />
</conditions>
<action type="Redirect" url="https://www.myExample.in/{R:0}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
This post is basically for those who need to redirect non-www to www URL in windows hosting.
In web.config file as below code:
<system.webServer>
<rewrite>
<rules>
<rule name=”Redirect example.com to www.example.com HTTP” patternSyntax=”ECMAScript” stopProcessing=”true”>
<match url=”.*” />
<conditions>
<add input=”{HTTP_HOST}” pattern=”^example.com$” />
<add input=”{HTTPS}” pattern=”off” />
</conditions>
<action type=”Redirect” url=”http://www.example.com/{R:0}” redirectType=”Permanent” appendQueryString=”true”/>
</rule>
<rule name=”Redirect example.com to www.example.com HTTPS” patternSyntax=”ECMAScript” stopProcessing=”true”>
<match url=”.*” />
<conditions>
<add input=”{HTTP_HOST}” pattern=”^example.com$” />
<add input=”{HTTPS}” pattern=”on” />
</conditions>
<action type=”Redirect” url=”https://www.example.com/{R:0}” redirectType=”Permanent” appendQueryString=”true”/>
</rule>
</rules>
</rewrite>
</system.webServer>
In the above code please note there are two rules used one for HTTP and another for HTTPS. To avoid clashing of HTTP and HTTPS in the same rule, here used two separate patterns.
I hope it works for you guys…!!
Follow the Step Below
Login to your website's cPanel
Click on Hosting Setting
Select your preferred domain as www.example.com

updating url rewriting rule with vs2012 web deployment web.config transformations

I can't figure out how to get my web.config deployment transformation to work for a rewrite rule. I've tried the following and it ignores it.
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<rewrite xdt:Transform="Replace">
<rules>
<rule name="Force HTTPS On Login/Register" stopProcessing="true">
<match url="Account/Login(.*)|Register(.*)" ignoreCase="true" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
</rule>
<rule name="Force HTTPS Off" stopProcessing="true">
<match url="((Account/Login(.*))|(Register(.*)))" negate="true" ignoreCase="true" />
<conditions>
<add input="{HTTPS}" pattern="^ON$" ignoreCase="true" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
I use SlowCheetah to transform my web.config for production. I originally tried what you tried, but found that I had to add an empty
<rewrite>
<rules />
</rewrite>
to the base web.config
and then write a transform like
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true" xdt:Transform="Insert">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
(that is a redirect transform, but I think the same principal should apply).
Note xdt:Transform="Insert" to insert a new node into the skeletal <rules /> in the base config file.

Resources