Simple rule(s) for IIS/Azure web.config file to redirect traffic to non-www HTTPS - redirect

My goal is to have rule(s) in IIS/Azure's web.config file to successfully redirect the following client request examples:
HTTPS redirect:
From: example.com
To: https://example.com
No-www & HTTPS redirect:
From: www.example.com
To: https://example.com
No-www, HTTPS redirect & maintain path:
From: www.example.com/examplepage
To: https://example.com/examplepage
Here's what I have so far, which only is achieving point 1 and 2. If a visitor lands directly on a subpage, they aren't redirected to non-www and aren't redirected to HTTPS.
<rule name="Redirect to https">
<match url="(.*)"/>
<conditions>
<add input="{HTTPS}" pattern="Off"/>
<add input="{REQUEST_METHOD}" pattern="^get$|^head$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}"/>
</rule>
<rule name="Canonical Hostname" stopProcessing="false">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^(www\.)(.*)$" />
</conditions>
<action type="Redirect" url="https://{C:2}{REQUEST_URI}" redirectType="Permanent" />
</rule>
I've exhausted multiple search result pages and multiple StackOverflow questions without any luck - they all promise to be able to achieve the third point (redirect to a non-www, HTTPS page and maintain the path) but they haven't worked for me.
Thanks for taking the time to read this!

I discovered the problem, which is partly due to the way I presented my question (sorry, StackOverflowers!).
The issue was the ordering of the rules. I've put the following (new) rules at the top of my rules section, in the following order, for those who suffer this problem in the future. Now, it is redirecting to HTTPS, with no-www, and maintaining the path that was requested by the client.
<rule name="Canonical Hostname" stopProcessing="false">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^(www\.)(.*)$" />
</conditions>
<action type="Redirect" url="http://{C:2}{REQUEST_URI}" redirectType="Permanent" />
</rule>
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>

Related

Reverse Proxy with redirect to Sub-URL + URL Parameter

I have an IIS for the site web.test.com on Port 80 and 443 that is used as reverse proxy for another web-server configured on the same server on port 8090. So I'm using the IIS rewrite module and ARR module with the following rule.
<rule name="RULE1" enabled="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="web.test.com" />
</conditions>
<action type="Rewrite" url="http://localhost:8090/{R:1}" />
</rule>
I would like to add a redirect (or extended rewrite) that if someone goes directly to web.test.com , the URL is rewritten/redirected to web.test.com/foo/index.html?bar (which technically is localhost:8090/foo/index.html?bar) - so it should go to a file in a sub-url and add a URL parameter to the url.
Does anyone know how to do this. I found a lot of instructions on how to redirect, but never in combination with reverse proxy.
Thank you in advance
You could create a redirect rule then Move up the redirect rule ahead your Reverse proxy rule.
<rule name="Redirect Rule" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{URL}" pattern="^(/)?$" />
</conditions>
<action type="Redirect" url="/foo/index.html?bar" redirectType="Temporary" />
</rule>
<rule name="RULE1" enabled="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="domain.com" />
</conditions>
<action type="Rewrite" url="http://localhost:8090/{R:1}" />
</rule>
The order should looks like this:

How to redirect all traffic to https & non-www in web.config?

I'm using an SSL certificate and IIS. In my web.config I want to redirect all website traffic in the following order:
all http --> https
all www --> non-www
You want to use the redirect module in order to do this. This intercepts the request as it's coming in to the server and changes it according to your instructions.
Here is an action to redirect all to https:
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
and here is one to redirect www to non-www:
<conditions> <add input=”{HTTP_HOST}” pattern=”^example\.com$” negate=”true” /> </conditions> <action type=”Redirect” url=”http://example.com/{R:1}” />
There are plenty of articles around the web and StackOverflow when you include both "web.config" and "redirect" in your search.
Make sure that when you set up the rules you only use stopProcessing="true" on the final rule. If that appears on the first rule then the second rule will never execute.
i find the answer
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="NonWwwRedirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www.yoursit\.com$" />
</conditions>
<action type="Redirect" url="http://yoursite.com/{R:1}" />
</rule>
<rule name="Redirect to https" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>
<system.webServer />

Trouble getting redirects right using web.config for IIS

Ok have a strange redirect issue here. I have 3 domain names so lets call them the following
maindomain.com
aliasdomain.net
aliasdomain.org
We are using Let's Encrypt for https via IIS on a windows 2016 Server.
What we want is for anytime a person types in any of the 3 domains with or the www to all redirect to the domain name www.maindomain.com
Since the let's encrypt certificate is not creating www. versions for the domain aliases it is causing us some struggles. This is the web.config rules we are using but they do not work.
<rule name="Redirect to WWW" enabled="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\." negate="true" />
</conditions>
<action type="Redirect" url="https://www.{HTTP_HOST}{HTTP_URL}" redirectType="Permanent" appendQueryString="false" />
</rule>
<rule name="Redirect to HTTPS" enabled="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="OFF" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{HTTP_URL}" redirectType="Permanent" appendQueryString="false" />
</rule>
So the results of this are the following
This works
www.maindomain.com works and redirects to https://www.maindomain.com
maindomain.com works and redirects to https://www.maindomain.com
This doesn't work and oddly enough shows the standard IIS landing page
aliasdomain.net doesn't work redirects to http://www.aliasdomain.net
www.aliasdomain.net doesn't work and redirects to http://www.aliasdomain.net
This one doesn't work at all
aliasdomain.org doesn't work redirects to https://www.aliasdomain.org
www.aliasdomain.org doesn't work and redirects to https://www.aliasdomain.org
No idea how to get this to do what we want. You would think it would not be some difficult to redirect any version of any domain name to the https://www.maindomain.com
Thanks for any help here.
The problem with your rule is that you are using {HTTP_HOST} in your
redirect action.This parameter will take the incoming hostname from
the request.I think that is not what you want. <action
type="Redirect" url="https://{HTTP_HOST}{HTTP_URL}"
redirectType="Permanent" appendQueryString="false" />
Please try below rule. It redirects if the hostname does not match
www.maindomain.com ,also enforce https
<rule name="CanonicalHostNameRule1" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^www\.maindomain\.com$" negate="true" />
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://www.maindomain.com/{R:1}" />
</rule>

Too many redirects rewrite loop

To redirect my visitors to https I used this rule in my web.config:
<rewrite>
<rules>
<clear />
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
But I get errors (too many redirects) when I try to visit the website, it seems it gets stuck in a loop.
https://example.com and https://www.example.com are ok.
But these addresses result in an error:
example.com & www.example.com
http://example.com & http://www.example.com
Can anyone help me with this?
If You have an endless loop of redirecting. Try this tips.
"login.php" redirects to "login.php" if you're not logged in. "login.php" redirects to "login.php" if you're not logged in. "login.php" redirects to "login.php" if you're not logged in. "login.php" redirects to "login.php" if you're not logged in. etc.
You should probably make the redirect happen only when the current page is not "login.php"; i.e. remove that logic from this page.
I found a solution in these rules:
<rules>
<clear />
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^example\.com$" negate="true" />
<add input="{HTTPS}" pattern="OFF" ignoreCase="true" />
</conditions>
<action type="Redirect" url="http://example.com/{R:1}" />
</rule>
<rule name="Redirect to WWW" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^example\.com$" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:0}" redirectType="Permanent" />
</rule>
</rules>

IIS Redirect www to non-www and http to https: is it possible to do it with only one Redirect?

I need to avoid the double redirect I have after I created two IIS URL Rewrite rules to do:
1) Redirect www to non-www.
2) Redirect HTTP to HTTPS.
This is my code:
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
<rule name="CanonicalHostNameRule1" enabled="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" matchType="Pattern" pattern="^mydomain\.com$" ignoreCase="true" negate="true" />
</conditions>
<action type="Redirect" url="https://ABC/{R:1}" />
</rule>
(ABC is mydomain.com name but I had to change it in order to be able to post the question)
The problem is that if I go to www it does two redirects, one from www to non-www and a second one from http to https.
I also tried having only one rules with both conditions but the result was not better.
Is there a way to only do one redirect?
This is the final configuration I used:
<rewrite>
<rules>
<rule name="Force non-WWW and SSL" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^(www\.)(.*)$" />
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://yourdomainname.com/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
It's only one rule that redirects to non-www and https url.
You should be able to with HTTP to HTTPS, the reverse is trickier depending on your IIS setup.
<rule name="HTTP to HTTPs and www to non-www " enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny" trackAllCaptures="false">
<add input="{SERVER_PORT}" pattern="^80$" />
<add input="{HTTP_HOST}" pattern="^www\.example\.com$" />
</conditions>
<action type="Redirect" url="https://example.com/{R:1}" />
</rule>
Keep in mind, based on how you have sites structured in IIS (Bindings, sites, etc), it's all going to influence how your rewrite rules work and where your going to place them. At the app level or as a global rule.
Since I don't know how you have your bindings or IIS structured with other sites, It's impossible to write the URL Rewrite rule for you with 100% accuracy.
So you might need to do a little experimentation with the above syntax.
Of course. Just drop these rules instead: (no modification required)
<rule name="Redirect to HTTPS without www" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="^OFF$" />
<add input="{HTTP_HOST}" pattern="^(www\.)?(.*)$" />
</conditions>
<action type="Redirect" url="https://{C:2}/{R:1}" redirectType="Permanent" />
</rule>
<rule name="Special case for HTTPS with www" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="^ON$" />
<add input="{HTTP_HOST}" pattern="^(www\.)(.*)$" />
</conditions>
<action type="Redirect" url="https://{C:2}/{R:1}" redirectType="Permanent" />
</rule>