http with different app ports to https with same port - redirect

since hours I try to get an IIS problem solved. I have different application webservers, which will be reached by different ports. subdomain.domain:11701 looks for the webpage created by one app webserver subdomain.domain:11702 looks for another webpage by another app webserver
certs are created ssl is working
http://subdomain.domain.com works
https://subdomain.domain.com works
http://subdomain.domain.com:11701(or 11702, 11703, etc) works
https://subdomain.domain.com:11701 doesn't work (page not found).
IIS pattern test for
<add input="{HTTP_HOST}" pattern="^.+$" />
gives me the right output {C:0} as subdomain.domain.1170n
as I understand should
`<action type="Redirect" url="https://{C:0}" appendQueryString="false" />`
with {C:0} as the full URL including the port doing the rewriting to https, or do I have here some misconception
Full web.config
`<?xml version="1.0" encoding="UTF-8"?>`
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Rewrite to https" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<add input="{HTTPS}" pattern="off" />
<add input="{HTTP_HOST}" pattern="^.+$" />
</conditions>
<action type="Redirect" url="https://{C:0}" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
`

Related

Trouble getting redirects right using web.config for IIS

Ok have a strange redirect issue here. I have 3 domain names so lets call them the following
maindomain.com
aliasdomain.net
aliasdomain.org
We are using Let's Encrypt for https via IIS on a windows 2016 Server.
What we want is for anytime a person types in any of the 3 domains with or the www to all redirect to the domain name www.maindomain.com
Since the let's encrypt certificate is not creating www. versions for the domain aliases it is causing us some struggles. This is the web.config rules we are using but they do not work.
<rule name="Redirect to WWW" enabled="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\." negate="true" />
</conditions>
<action type="Redirect" url="https://www.{HTTP_HOST}{HTTP_URL}" redirectType="Permanent" appendQueryString="false" />
</rule>
<rule name="Redirect to HTTPS" enabled="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="OFF" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{HTTP_URL}" redirectType="Permanent" appendQueryString="false" />
</rule>
So the results of this are the following
This works
www.maindomain.com works and redirects to https://www.maindomain.com
maindomain.com works and redirects to https://www.maindomain.com
This doesn't work and oddly enough shows the standard IIS landing page
aliasdomain.net doesn't work redirects to http://www.aliasdomain.net
www.aliasdomain.net doesn't work and redirects to http://www.aliasdomain.net
This one doesn't work at all
aliasdomain.org doesn't work redirects to https://www.aliasdomain.org
www.aliasdomain.org doesn't work and redirects to https://www.aliasdomain.org
No idea how to get this to do what we want. You would think it would not be some difficult to redirect any version of any domain name to the https://www.maindomain.com
Thanks for any help here.
The problem with your rule is that you are using {HTTP_HOST} in your
redirect action.This parameter will take the incoming hostname from
the request.I think that is not what you want. <action
type="Redirect" url="https://{HTTP_HOST}{HTTP_URL}"
redirectType="Permanent" appendQueryString="false" />
Please try below rule. It redirects if the hostname does not match
www.maindomain.com ,also enforce https
<rule name="CanonicalHostNameRule1" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^www\.maindomain\.com$" negate="true" />
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://www.maindomain.com/{R:1}" />
</rule>

https://www.subdomain.domain.com to https://subdomain.domain.com redirect

My boss wants to ensure that our internet-challenged users will be able to reach a particular subdomain (https://subdomain.domain.com) by typing it into their browser's address bar as:
https://www.subdomain.domain.com
It seems I am able to do the HTTP -> HTTPS redirect without issue using IIS's Rewrite module. Also it seems I am able to do the WWW.subdomain.domain.com to subdomain.domain.com with the rewrite module. However, combining them is proving difficult. So, it's when the user types in their browser https://www.subdomain.domain.com that ultimately fails with a privacy warning (our wildcard cert is for *.domain.com).
I've got a CNAME record set up pointing www.subdomain.domain.com to the A record for subdomain.domain.com. I've got the bindings in IIS set up for each of the 4 combinations (with/without https, with/without www).
I have the following in the config for the site:
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Remove WWW" patternSyntax="Wildcard" stopProcessing="false">
<match url="*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{CACHE_URL}" pattern="*://www.*" />
</conditions>
<action type="Redirect" url="{C:1}://{C:2}" redirectType="Permanent" />
</rule>
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
</system.webServer>
Still it seems that I can't get the browser to like the redirect from the https://www.subdomain.domain.com to https://subdomain.domain.com. Why isn't the rewrite taking care of this before the browser attempts to serve www.subdomain.domain.com. Is this even possible??

web.config force redirect of www to non-www with https

So currently my main domain works fine, if I go to www.domain.com it redirects to https://domain.com
my sub-domains are the issue. I have a wildcard SSL as well for *.domain.com
if I go to www.sub.domain.com, it redirects to https://www.sub.domain.com which has an invalid SSL cert and I am trying to get it to load FROM: www.sub.domain.com to https://sub.domain.com but am having some issues. Godaddy was no help as it seems most of them are "New". Hosting with Plesk unfortunately. Currently what I have for my web.config is:
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Check for domains hosting settings like "preferred domain" and 301 redirect to HTTPS:
If you have no 301 redirect to HTTPS you can just delete this web.config.
Wildcard SSL Certificate cannot work on second level sub-domain when you have installed certificate for first level (for example: level3.level2.level1.domain.com).
You cannot use WWW before your sub-domain. I suggest you to refer my previous answer on the same issue.
https://stackoverflow.com/a/37959152/4649681
Hope this will help.
<rewrite>
<rules>
<clear />
<rule name="Force WWW and SSL" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^yourwebsite\.com$" negate="true"></add>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://yourwebsite.com/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
<rewriteMaps>
<rewriteMap name="MapProtocol">
<add key="on" value="https" />
<add key="off" value="http" />
</rewriteMap>
</rewriteMaps>
</rewrite>

Rewrite subfolder only (HTTP to HTTPS) redirects to site root

I'm trying to rewrite HTTP to HTTPS for a specific subfolder on my IIS 8.5 web server but it's not working. I've read countless other solutions and blog postings but nothing I've tried works.
http://domain.example.com/one/two/three/
should redirect to... (same url but using https)
https://domain.example.com/one/two/three/
but instead is redirecting to... (site root using https)
https://domain.example.com
loading... (desired url with https)
https://domain.example.com/one/two/three/
also redirects to... (site root using https)
https://domain.example.com
it's removing the subfolders from the url.
This folder needs to also be protected with Windows Authentication, which I can get to work but the https redirection is failing with or without the authentication enabled so I don't think that's the cause.
Within IIS I selected the desired subfolder (/three/ in the example above) and created the Rewrite rule there.
<rewrite>
<rules>
<clear />
<rule name="HTTP to HTTPS redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
This should of course work with any files and folders contained within the desired subfolder. (/three)
I tried this and it redirects to the apparent correct url but gives the "too many redirects" error:
<rule name="HTTP to HTTPS redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" redirectType="SeeOther" />
</rule>
You should avoid doing this:
Within IIS I selected the desired subfolder (/three/ in the example
above) and created the Rewrite rule there.
Instead setup the rewrite rules in Web.config at the application root. You can redirect a specific folder to HTTPS by including it in the match parameter as follows:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect Subfolder" stopProcessing="true">
<match url="^one/two/three/" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Please note that this is a minimal Web.config file that does what you are looking for. If your application already contains a Web.config in the root folder, then you will have to merge the above into your solution.

Special non-www to www redirection under Amazon Elastic Load Balancer

How to create a 301 redirect in IIS7 using the Rewrite Rule extension for IIS (writes to web.config) that will allow redirecting non-www to www - BUT, I don't want to use (.*), I want the URL rewriter to ignore URLs like DNS ones, so it can work under Amazon Load Balancer. Without it, Amazon Load Balancer will not be able to read the health check file, because it will be redirected and instead of getting 200OK it will get 301.
So I actually need a rule that will match a URL that contains mydomain.com, or one that start with it of course, so it won't loop.
The current rule is not good:
<rewrite>
<rules>
<rule name="CanonicalHostNameRule1">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\.mydomain\.com$" negate="true" />
</conditions>
<action type="Redirect" url="http://www.mydomain.com/{R:1}" />
</rule>
</rules>
</rewrite>
This will redirect URLs like dns.amzn.com to www.mydomain.com - I've tried it on IIS7.
Need a better solution
did you come with a solution..
i added a condition using {HTTP_USER_AGENT} to not match ELB (user agent).
This stopped the rule from running for ELB, but i'm just testing this at the moment.
cheers
Added This Also:
<rule name="Redirect to HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTPS}" pattern="^OFF$" />
<add input="{HTTP_USER_AGENT}" pattern="ELB-HealthChecker" negate="true" />
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="HTTPS" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
The bit you want is
<add input="{HTTP_USER_AGENT}" pattern="ELB-HealthChecker" negate="true" />