IIS 7.5 HTTP to HTTPS redirect - web-config

I am trying to have all HTTP requests redirect to HTTPS.
Here is my web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers accessPolicy="Read, Execute, Script" />
</system.webServer>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
I found this sample in another post on Stackoverflow:
How to force HTTPS using a web.config file
When I save that file and try to access my site using http it does not redirect to https.
I thought that maybe the file was being ignored so I typed some incorrect syntax into the web.config then I got a 500 error- meaning that it is indeed looking at the web.config file.
Am I misunderstanding what the above configuration is supposed to do? I want to redirect all HTTP request to HTTPS.
The site that is being redirected to is a virtual directory for Tomcat if it makes a difference.

Assuming you have URL Rewrite Installed. Click here for info/installation.
Make sure you have the following configured within the URL Redirect in the IIS Manager.
Match URL Section
Requested URL: Matches the Pattern
Using: Regular Expressions
Pattern: (.*)
Make sure Ignore Case is checked
Conditions Section
Logical Grouping: Match All
Input: {HTTPS}
Type: Matches the Pattern
Pattern: ^OFF$
Action Section
Action type: Redirect
Action Properties
Redirect URL: https://{HTTP_HOST}/{R:1}
Make Sure 'Append Query String' is checked
Redirect Type: See other (303)

Just Try this:
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>

Related

conditional redirect in web.config

I have a web.config redirect section that is intended to redirect HTTP requests to HTTPS. Here is the redirect section in my web.config file:
<rewrite>
<rules>
<rule name="Redirect HTTP to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
<outboundRules>
<rule name="Add the STS header in HTTPS responses">
<match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
<conditions>
<add input="{HTTPS}" pattern="on" />
</conditions>
<action type="Rewrite" value="max-age=31536000" />
</rule>
</outboundRules>
</rewrite>
I am not sure what flexibility can be implemented but I want this section to work as-is EXCEPT for a specific URL. Specifically, I want all HTTP traffic to continue to be redirect from HTTP to HTTPS EXCEPT when the request is HTTP://{HOST}/symphony/default.aspx.
Is this possible?
You can try adding a condition to the rule to match the request HTTP://{HOST}/symphony/default.aspx, and then use the negate attribute to negate the result of matching.
More information about negate you can refer to this link: Rule pattern properties.

IIS: Redirect multiple URL's to same website

I'm looking for the best way to redirect multiple URL's to one new URL.
I have the following URLS:
https://domain.app.company.com/application
https://application.app.company.com
And I want those to redirect to: https://application.domain.app.company.com
What would be the best way to go about this (in IIS)?
I have tried using URL Rewriting, but I can only make that work for the first URL (https://domain.app.company.com/application):
<rule name="Application 1" patternSyntax="Wildcard" stopProcessing="true">
<match url="*application" />
<action type="Redirect" url="https://application.domain.app.company.com" appendQueryString="false" />
</rule>
For the second URL (https://application.app.company.com), I can make it work when setting up a new (empty) website in IIS (that listens to said URL) and add a httpRedirect in it.
<configuration>
<system.webServer>
<httpRedirect enabled="true" destination="https://application.domain.app.company.com" exactDestination="true" httpResponseStatus="Permanent" />
</system.webServer>
</configuration>
Is this the recommended way to go about this? Or would there be another way?
Thank you
Schoof
If you want to bind two url for the same IIS web site, I suggest you could try to below url rewrite. We could create two url rewrite rule to achieve your requirement.
<rule name="Application 1" patternSyntax="Wildcard" stopProcessing="true">
<match url="*application" />
<action type="Redirect" url="https://application.domain.app.company.com" appendQueryString="false" />
</rule>
<rule name="test" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="application.app.company.com" />
</conditions>
<action type="Redirect" url="https://application.domain.app.company.com" />
</rule>

confusion regarding 301 redirect from folder to subfolder in web.config

Say I have my api under this url
http://www.example.net/api/trythis and I would like to redirect to http://www.example.net/api/v1/trythis, so in future I can have http://www.example.net/api/v2/trythis or http://www.example.net/api/v3/trythis
I am thinking of doing this in web.config:
<system.webServer>
<rewrite>
<rules>
<rule name="Root Hit Redirect" stopProcessing="true">
<match url="/api/*" />
<action type="Redirect" url="/api/v1/*" />
</rule>
</rules>
</rewrite>
</system.webServer>
However, if someone access url /api/v2/trythis or /ap1/v3/trythis, won't they be redirected to /api/v1/trythis? So it will defeat the purpose of versioning?
According to your rules, it will cause multiple redirect errors. Since the "api/v1" also matches the "api".
To solve this issue, you should set the condition in your url rewrite rule to avoid multiple matching.
Details, you could refer to below rule:
<rule name="Root Hit Redirect" stopProcessing="true">
<match url="api/(.*)" />
<action type="Redirect" url="http://yousitedomain.com/api/v1/{R:1}" />
<conditions>
<add input="{PATH_INFO}" pattern="api/v1/(.*)" negate="true"/>
</conditions>
</rule>
If you want to avoid v2,v3, I suggest you could add multiple condition as above setting.

Rewrite subfolder only (HTTP to HTTPS) redirects to site root

I'm trying to rewrite HTTP to HTTPS for a specific subfolder on my IIS 8.5 web server but it's not working. I've read countless other solutions and blog postings but nothing I've tried works.
http://domain.example.com/one/two/three/
should redirect to... (same url but using https)
https://domain.example.com/one/two/three/
but instead is redirecting to... (site root using https)
https://domain.example.com
loading... (desired url with https)
https://domain.example.com/one/two/three/
also redirects to... (site root using https)
https://domain.example.com
it's removing the subfolders from the url.
This folder needs to also be protected with Windows Authentication, which I can get to work but the https redirection is failing with or without the authentication enabled so I don't think that's the cause.
Within IIS I selected the desired subfolder (/three/ in the example above) and created the Rewrite rule there.
<rewrite>
<rules>
<clear />
<rule name="HTTP to HTTPS redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
This should of course work with any files and folders contained within the desired subfolder. (/three)
I tried this and it redirects to the apparent correct url but gives the "too many redirects" error:
<rule name="HTTP to HTTPS redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" redirectType="SeeOther" />
</rule>
You should avoid doing this:
Within IIS I selected the desired subfolder (/three/ in the example
above) and created the Rewrite rule there.
Instead setup the rewrite rules in Web.config at the application root. You can redirect a specific folder to HTTPS by including it in the match parameter as follows:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect Subfolder" stopProcessing="true">
<match url="^one/two/three/" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Please note that this is a minimal Web.config file that does what you are looking for. If your application already contains a Web.config in the root folder, then you will have to merge the above into your solution.

HTTP to HTTPS Redirect - IIS 8.5 not working properly

I've read a number of posts here on SO as well as on the 'net (IIS blogs, etc.). I'm trying to force all connections going from domain.com to www.domain.com and at the same time forcing the request from HTTP to HTTPS.
I'm using this set of rules and rewrites but the only thing happening is that it's redirecting fine but not redirecting to SSL.
<!-- Redirect to HTTPS -->
<rewrite>
<rules>
<rule name="Redirect to www" stopProcessing="true">
<match url="(.*)" />
<conditions trackAllCaptures="false">
<add input="{HTTP_HOST}" matchType="Pattern" pattern="^mydomain.com$" ignoreCase="true" negate="false" />
</conditions>
<action type="Redirect" url="{MapProtocol:{HTTPS}}://www.mydomain.com/{R:1}" />
</rule>
</rules>
<rewriteMaps>
<rewriteMap name="MapProtocol" defaultValue="http">
<add key="on" value="https" />
<add key="off" value="http" />
</rewriteMap>
</rewriteMaps>
</rewrite>
What am I doing wrong?
Main blog reference: http://weblogs.asp.net/owscott/url-rewrite-protocol-http-https-in-the-action and this SO post - web.config redirect non-www to www
We faced same issue while redirecting from http to https using URL Rewrite module, But after switching off the require ssl module within IIS did the trick.
Go to SSL Settings of website
Uncheck require SSL checkbox.
Apply settings and Restart iis
Edit: So I found this blog post: http://www.meltedbutter.net/wp/?p=231 and gave it a try and voila! Worked like a charm. Not sure why this worked over the rules posted above but in my case the below is working and successfully taking all non-www traffic and redirecting it to both www and https.
<!-- Redirect to HTTPS -->
<rewrite>
<rules>
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://www.domain.com/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
This is a long shot for some cases but I had deleted my port 80 bindings for the website as I only wanted SSL / port 443. So from what I can tell is Port 80 binding is also needed for the the rewrite to work correctly.
In my case, I did everything #Valien said and lots of other tries but it did not work. finally I found the problem. It was because I was using 2 rules. First rule was rewriting to NodeJs server and the second to redirect http to https. I changed the order and now it is working correctly.
The config with the correct order in case more than 1 rule is applied:
<rewrite>
<rules>
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://mywebsite.com/{R:1}" redirectType="SeeOther" />
</rule>
<rule name="ReverseProxyToLocalhost:3000" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:3000/{R:1}" />
</rule>
</rules>
</rewrite>