I'm trying to rewrite HTTP to HTTPS for a specific subfolder on my IIS 8.5 web server but it's not working. I've read countless other solutions and blog postings but nothing I've tried works.
http://domain.example.com/one/two/three/
should redirect to... (same url but using https)
https://domain.example.com/one/two/three/
but instead is redirecting to... (site root using https)
https://domain.example.com
loading... (desired url with https)
https://domain.example.com/one/two/three/
also redirects to... (site root using https)
https://domain.example.com
it's removing the subfolders from the url.
This folder needs to also be protected with Windows Authentication, which I can get to work but the https redirection is failing with or without the authentication enabled so I don't think that's the cause.
Within IIS I selected the desired subfolder (/three/ in the example above) and created the Rewrite rule there.
<rewrite>
<rules>
<clear />
<rule name="HTTP to HTTPS redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
This should of course work with any files and folders contained within the desired subfolder. (/three)
I tried this and it redirects to the apparent correct url but gives the "too many redirects" error:
<rule name="HTTP to HTTPS redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" redirectType="SeeOther" />
</rule>
You should avoid doing this:
Within IIS I selected the desired subfolder (/three/ in the example
above) and created the Rewrite rule there.
Instead setup the rewrite rules in Web.config at the application root. You can redirect a specific folder to HTTPS by including it in the match parameter as follows:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect Subfolder" stopProcessing="true">
<match url="^one/two/three/" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Please note that this is a minimal Web.config file that does what you are looking for. If your application already contains a Web.config in the root folder, then you will have to merge the above into your solution.
Related
since hours I try to get an IIS problem solved. I have different application webservers, which will be reached by different ports. subdomain.domain:11701 looks for the webpage created by one app webserver subdomain.domain:11702 looks for another webpage by another app webserver
certs are created ssl is working
http://subdomain.domain.com works
https://subdomain.domain.com works
http://subdomain.domain.com:11701(or 11702, 11703, etc) works
https://subdomain.domain.com:11701 doesn't work (page not found).
IIS pattern test for
<add input="{HTTP_HOST}" pattern="^.+$" />
gives me the right output {C:0} as subdomain.domain.1170n
as I understand should
`<action type="Redirect" url="https://{C:0}" appendQueryString="false" />`
with {C:0} as the full URL including the port doing the rewriting to https, or do I have here some misconception
Full web.config
`<?xml version="1.0" encoding="UTF-8"?>`
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Rewrite to https" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<add input="{HTTPS}" pattern="off" />
<add input="{HTTP_HOST}" pattern="^.+$" />
</conditions>
<action type="Redirect" url="https://{C:0}" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
`
I'm looking for the best way to redirect multiple URL's to one new URL.
I have the following URLS:
https://domain.app.company.com/application
https://application.app.company.com
And I want those to redirect to: https://application.domain.app.company.com
What would be the best way to go about this (in IIS)?
I have tried using URL Rewriting, but I can only make that work for the first URL (https://domain.app.company.com/application):
<rule name="Application 1" patternSyntax="Wildcard" stopProcessing="true">
<match url="*application" />
<action type="Redirect" url="https://application.domain.app.company.com" appendQueryString="false" />
</rule>
For the second URL (https://application.app.company.com), I can make it work when setting up a new (empty) website in IIS (that listens to said URL) and add a httpRedirect in it.
<configuration>
<system.webServer>
<httpRedirect enabled="true" destination="https://application.domain.app.company.com" exactDestination="true" httpResponseStatus="Permanent" />
</system.webServer>
</configuration>
Is this the recommended way to go about this? Or would there be another way?
Thank you
Schoof
If you want to bind two url for the same IIS web site, I suggest you could try to below url rewrite. We could create two url rewrite rule to achieve your requirement.
<rule name="Application 1" patternSyntax="Wildcard" stopProcessing="true">
<match url="*application" />
<action type="Redirect" url="https://application.domain.app.company.com" appendQueryString="false" />
</rule>
<rule name="test" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="application.app.company.com" />
</conditions>
<action type="Redirect" url="https://application.domain.app.company.com" />
</rule>
My boss wants to ensure that our internet-challenged users will be able to reach a particular subdomain (https://subdomain.domain.com) by typing it into their browser's address bar as:
https://www.subdomain.domain.com
It seems I am able to do the HTTP -> HTTPS redirect without issue using IIS's Rewrite module. Also it seems I am able to do the WWW.subdomain.domain.com to subdomain.domain.com with the rewrite module. However, combining them is proving difficult. So, it's when the user types in their browser https://www.subdomain.domain.com that ultimately fails with a privacy warning (our wildcard cert is for *.domain.com).
I've got a CNAME record set up pointing www.subdomain.domain.com to the A record for subdomain.domain.com. I've got the bindings in IIS set up for each of the 4 combinations (with/without https, with/without www).
I have the following in the config for the site:
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Remove WWW" patternSyntax="Wildcard" stopProcessing="false">
<match url="*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{CACHE_URL}" pattern="*://www.*" />
</conditions>
<action type="Redirect" url="{C:1}://{C:2}" redirectType="Permanent" />
</rule>
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
</system.webServer>
Still it seems that I can't get the browser to like the redirect from the https://www.subdomain.domain.com to https://subdomain.domain.com. Why isn't the rewrite taking care of this before the browser attempts to serve www.subdomain.domain.com. Is this even possible??
I've read a number of posts here on SO as well as on the 'net (IIS blogs, etc.). I'm trying to force all connections going from domain.com to www.domain.com and at the same time forcing the request from HTTP to HTTPS.
I'm using this set of rules and rewrites but the only thing happening is that it's redirecting fine but not redirecting to SSL.
<!-- Redirect to HTTPS -->
<rewrite>
<rules>
<rule name="Redirect to www" stopProcessing="true">
<match url="(.*)" />
<conditions trackAllCaptures="false">
<add input="{HTTP_HOST}" matchType="Pattern" pattern="^mydomain.com$" ignoreCase="true" negate="false" />
</conditions>
<action type="Redirect" url="{MapProtocol:{HTTPS}}://www.mydomain.com/{R:1}" />
</rule>
</rules>
<rewriteMaps>
<rewriteMap name="MapProtocol" defaultValue="http">
<add key="on" value="https" />
<add key="off" value="http" />
</rewriteMap>
</rewriteMaps>
</rewrite>
What am I doing wrong?
Main blog reference: http://weblogs.asp.net/owscott/url-rewrite-protocol-http-https-in-the-action and this SO post - web.config redirect non-www to www
We faced same issue while redirecting from http to https using URL Rewrite module, But after switching off the require ssl module within IIS did the trick.
Go to SSL Settings of website
Uncheck require SSL checkbox.
Apply settings and Restart iis
Edit: So I found this blog post: http://www.meltedbutter.net/wp/?p=231 and gave it a try and voila! Worked like a charm. Not sure why this worked over the rules posted above but in my case the below is working and successfully taking all non-www traffic and redirecting it to both www and https.
<!-- Redirect to HTTPS -->
<rewrite>
<rules>
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://www.domain.com/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
This is a long shot for some cases but I had deleted my port 80 bindings for the website as I only wanted SSL / port 443. So from what I can tell is Port 80 binding is also needed for the the rewrite to work correctly.
In my case, I did everything #Valien said and lots of other tries but it did not work. finally I found the problem. It was because I was using 2 rules. First rule was rewriting to NodeJs server and the second to redirect http to https. I changed the order and now it is working correctly.
The config with the correct order in case more than 1 rule is applied:
<rewrite>
<rules>
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://mywebsite.com/{R:1}" redirectType="SeeOther" />
</rule>
<rule name="ReverseProxyToLocalhost:3000" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:3000/{R:1}" />
</rule>
</rules>
</rewrite>
I am trying to have all HTTP requests redirect to HTTPS.
Here is my web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers accessPolicy="Read, Execute, Script" />
</system.webServer>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
I found this sample in another post on Stackoverflow:
How to force HTTPS using a web.config file
When I save that file and try to access my site using http it does not redirect to https.
I thought that maybe the file was being ignored so I typed some incorrect syntax into the web.config then I got a 500 error- meaning that it is indeed looking at the web.config file.
Am I misunderstanding what the above configuration is supposed to do? I want to redirect all HTTP request to HTTPS.
The site that is being redirected to is a virtual directory for Tomcat if it makes a difference.
Assuming you have URL Rewrite Installed. Click here for info/installation.
Make sure you have the following configured within the URL Redirect in the IIS Manager.
Match URL Section
Requested URL: Matches the Pattern
Using: Regular Expressions
Pattern: (.*)
Make sure Ignore Case is checked
Conditions Section
Logical Grouping: Match All
Input: {HTTPS}
Type: Matches the Pattern
Pattern: ^OFF$
Action Section
Action type: Redirect
Action Properties
Redirect URL: https://{HTTP_HOST}/{R:1}
Make Sure 'Append Query String' is checked
Redirect Type: See other (303)
Just Try this:
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>