http doesn't forward to https on Google Chrome - redirect

I have a website: https://www.example.com running on IIS 10 on Windows Server 2016. I have URL forwarding set up so that if somebody goes to the non-www URL, it redirects to the www. If they go to http it redirects to https. In the past this has worked just fine.
Today I get a call that somebody can't get on to the site. Turns out that Google Chrome doesn't redirect http to https -- it comes back with a 403. Every other browser I've tried works fine (including the new MS Edge, which is Chromium-based). Going to https://example.com does successfully redirect to the www.
Here's the redirect, which has worked just fine until (not sure when) recently. I have tried these in either order.
<rules>
<clear />
<rule name="Force www." enabled="true" stopProcessing="false">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^pwaportal\.com$" />
</conditions>
<action type="Redirect" url="https://www.pwaportal.com{REQUEST_URI}" />
</rule>
<rule name="Force SSL (https)" enabled="true" stopProcessing="false">
<match url="(.*)" ignoreCase="false" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
...
</rules>
Note: If somebody has successfully pulled up the page in the past, it works fine. Chrome I suppose is caching the final URL, or the fact that it should use https for that domain.
UPDATE: The Plot Thickens: I tried it on Safari. Safari downloaded a 0-byte file called "example.com"

Related

Redirect subdomain in IIS via web.config file

Looking to redirect old subdomain back to the primary domain name (remove the subdomain if it's seen) in the web.config file for IIS.
For example,
preview.mysite.com redirects to mysite.com
The rule I've tried is this:
<rule name="Redirect away from Preview" enabled="true" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}{REQUEST_URI}" pattern="preview.mysite.com" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
It stops preview subdomain from loading, but shows error message instead of doing a redirect
This page isn’t working
preview.mysite.com redirected you too many times.
What can I do to correct the redirect rule to reroute any preview subdomain back to the base domain?
Got it fixed. Had to hardcode the redirect url and that fixed the looping issue, now redirects to the main domain:
<rule name="Redirect away from Preview" enabled="true" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}{REQUEST_URI}" pattern="preview.mysite.com" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://example.com" redirectType="Permanent" appendQueryString="false" />
</rule>
Hope this helps someone else. (Note: stackoverflow would not allow me to put mysite for the url so it shows example.com instead)

redirection from non-www to www and http to https in IIS

I am trying to redirect from non-www site to www and also from http to https.
Http to https works well, but non-www to www shows a page not found error.
This is my configuration:
<rules>
<clear />
<rule name="non-www to www" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^mydomain.com$" />
</conditions>
<action type="Rewrite" url="https://www.{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" />
</rule>
<rule name="http to https" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions logicalGrouping="MatchAny" trackAllCaptures="false">
<add input="{HTTPS}" pattern="OFF" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" />
</rule>
</rules>
What is going on? I have tried several variants for non-www to www, all from sites found in google, but non worked.
Jaime
Copied from the comment with more explanation.
The action should be set to Redirect instead of Rewrite, because you do want search engines to show www links, and then your site must issue 301 redirection to their bots.
Even if you sometimes want Rewrite, the url must be a relative path to the same site. If rewriting to another site (like the one you used above), then ARR is required with proxy mode. Otherwise, IIS naturally returns 404 errors.
However, rewriting does not change URLs in browser address bar, so it also has no effect on search engine bots.
Reference

https://www.subdomain.domain.com to https://subdomain.domain.com redirect

My boss wants to ensure that our internet-challenged users will be able to reach a particular subdomain (https://subdomain.domain.com) by typing it into their browser's address bar as:
https://www.subdomain.domain.com
It seems I am able to do the HTTP -> HTTPS redirect without issue using IIS's Rewrite module. Also it seems I am able to do the WWW.subdomain.domain.com to subdomain.domain.com with the rewrite module. However, combining them is proving difficult. So, it's when the user types in their browser https://www.subdomain.domain.com that ultimately fails with a privacy warning (our wildcard cert is for *.domain.com).
I've got a CNAME record set up pointing www.subdomain.domain.com to the A record for subdomain.domain.com. I've got the bindings in IIS set up for each of the 4 combinations (with/without https, with/without www).
I have the following in the config for the site:
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Remove WWW" patternSyntax="Wildcard" stopProcessing="false">
<match url="*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{CACHE_URL}" pattern="*://www.*" />
</conditions>
<action type="Redirect" url="{C:1}://{C:2}" redirectType="Permanent" />
</rule>
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
</system.webServer>
Still it seems that I can't get the browser to like the redirect from the https://www.subdomain.domain.com to https://subdomain.domain.com. Why isn't the rewrite taking care of this before the browser attempts to serve www.subdomain.domain.com. Is this even possible??

IIS not redirecting https://domain.com to https://www.domain.com

I have a problem that I can't seem to find any solution to online. All searches are for http to https or non-www to www but without the http in front.
My site will not redirect https://domain.com to https://www.domain.com. It redirects domain.com to www.domain.com just fine though, it's only when the https is already entered does it not redirect and thus gives an error.
I have this for redirecting http to https:
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
Edit: after experimenting, it manages to redirect http://domain.com to https://www.domain.com correctly (i.e from without s to with s and www).
Yet still doesn't from https://domain.com to https://www.domain.com
Figured it out, after adding this:
<rule name="Force WWW and SSL" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^[^www]" />
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://www.domain.com/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
And most importantly, removing the hostname field 'www.domain.com in IIS > Site Bindings > Edit > Host Name, and unticking 'Require Server Name Indication'. Having my domain entered here was causing the above code to not work. I originally added this thinking it was necessary, but not so.

HTTP to HTTPS Redirect - IIS 8.5 not working properly

I've read a number of posts here on SO as well as on the 'net (IIS blogs, etc.). I'm trying to force all connections going from domain.com to www.domain.com and at the same time forcing the request from HTTP to HTTPS.
I'm using this set of rules and rewrites but the only thing happening is that it's redirecting fine but not redirecting to SSL.
<!-- Redirect to HTTPS -->
<rewrite>
<rules>
<rule name="Redirect to www" stopProcessing="true">
<match url="(.*)" />
<conditions trackAllCaptures="false">
<add input="{HTTP_HOST}" matchType="Pattern" pattern="^mydomain.com$" ignoreCase="true" negate="false" />
</conditions>
<action type="Redirect" url="{MapProtocol:{HTTPS}}://www.mydomain.com/{R:1}" />
</rule>
</rules>
<rewriteMaps>
<rewriteMap name="MapProtocol" defaultValue="http">
<add key="on" value="https" />
<add key="off" value="http" />
</rewriteMap>
</rewriteMaps>
</rewrite>
What am I doing wrong?
Main blog reference: http://weblogs.asp.net/owscott/url-rewrite-protocol-http-https-in-the-action and this SO post - web.config redirect non-www to www
We faced same issue while redirecting from http to https using URL Rewrite module, But after switching off the require ssl module within IIS did the trick.
Go to SSL Settings of website
Uncheck require SSL checkbox.
Apply settings and Restart iis
Edit: So I found this blog post: http://www.meltedbutter.net/wp/?p=231 and gave it a try and voila! Worked like a charm. Not sure why this worked over the rules posted above but in my case the below is working and successfully taking all non-www traffic and redirecting it to both www and https.
<!-- Redirect to HTTPS -->
<rewrite>
<rules>
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://www.domain.com/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
This is a long shot for some cases but I had deleted my port 80 bindings for the website as I only wanted SSL / port 443. So from what I can tell is Port 80 binding is also needed for the the rewrite to work correctly.
In my case, I did everything #Valien said and lots of other tries but it did not work. finally I found the problem. It was because I was using 2 rules. First rule was rewriting to NodeJs server and the second to redirect http to https. I changed the order and now it is working correctly.
The config with the correct order in case more than 1 rule is applied:
<rewrite>
<rules>
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://mywebsite.com/{R:1}" redirectType="SeeOther" />
</rule>
<rule name="ReverseProxyToLocalhost:3000" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:3000/{R:1}" />
</rule>
</rules>
</rewrite>