IIS not secured after adding hid aspx ext to URL rewite - asp.net

I have a windows server 2016 Standard.
I have SSL installed and working fine. I also add the following to URL rewrite to redirect http to https:
<rules>
<rule name="ssl redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" />
</rule>
</rules>
Now I added a Rule to hide my extension:
<rule name="hide .aspx ext" enabled="true">
<match url="^(.*)$" />
<conditions logicalGrouping="MatchAny">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
<add input="{REQUEST_FILENAME}.aspx" matchType="IsFile" />
</conditions>
<action type="Rewrite" url="{R:0}.aspx" />
</rule>
However, now, I don't get the secure symbol (the lock icon) any more and saying the site is not secure. what am I doing wrong?
Thanks for any help

URL rewrite shouldn't report this error when you just rewrite for friendly URL.Did you receive this error in Edge or chrome?
1.I notice that you are using MatchAny for your rule.Based on my understanding you should use MatchAll instead.
<rule name="hide .aspx ext" enabled="true">
<match url="^(.*)$" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
<add input="{REQUEST_FILENAME}.aspx" matchType="IsFile" />
</conditions>
<action type="Rewrite" url="{R:0}.aspx" />
</rule>
2.What error message did you receive when chrome report site is not secure? Did you
receive something likeNET::ERR_CERT_COMMON_NAME_INVALID ? Please open chrome F12 developer tool->Seucrity. You should be find the root cause. Please ensure your are using a valid certificate with valid domain and SAN.
3.Please ensure the http binding and https binding are hosted in differernt site. To
enable SSL, you need to enable Require SSL. Then SSL handshake will corrupt http request from same site. So you need another site to handle http request and do the redirection.

Related

Redirect to subdomain using web.config rules

we migrate our webapp hosted in a directory "webapp" inside main domain:
http://www.example.com/webapp/
To the new subdomain without "webapp" folder:
http://subdomain.example.com/
I need to redirect only subdir "webapp". I don't want to redirect other url like http://www.example.com/, http://www.example.com/folder1, http://www.example.com/folder2, ....
But we have already sent a lot of emails to customers with link inside like: LOGIN TO YOUR DASHBOARD or other link like DOWNLOAD YOUR DOC
Now i'm trying to do a redirect trough web.config but it seem that nothing work.
If I try no navigate to, for example, http://www.example.com/webapp/login i don't get redirected to http://subdomain.example.com/login/ as expected.
If I try no navigate to, for example, http://www.example.com/webapp/data/download.php/id=43 i don't get redirected to http://subdomain.example.com/data/download.php/id=43 as expected.
Any suggest?
<rule name="redirect-to-subdomain" stopProcessing="true">
<match url="^webapp/$" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Redirect" url="http://subdomain.example.com/{R:0}" redirectType="Permanent" />
</rule>
You rule won't work except for http://www.example.com/webapp/.
If you want to redirect link like http://www.example.com/webapp/login. Please try this rule.
<rule name="redirect-to-subdomain" stopProcessing="true">
<match url="^webapp/(.*)$" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Redirect" url="http://subdomain.example.com/{R:1}" redirectType="Temporary" />
</rule>

Web.Config uppercase to lowercase Redirection - Losing HTTPS schema

I have the following rule to redirect an upper case URL to a lower case URL
But what I see is the HTTPS URL is getting redirected to HTTP URL. So, https://example.com/UPPERCASE is getting redirected to http://example.com/uppercase. I want the redirect to happen to https URL i..e, https://example.com/uppercase. Please suggest.
<rule name="LowerCaseRule" stopProcessing="true">
<match url="[A-Z]" ignoreCase="false" />
<action type="Redirect" url="{ToLower:{URL}}" />
<conditions>
<add input="{REQUEST_URI}" pattern="^.*/install" negate="true" />
<add input="{REQUEST_URI}" pattern="^.*/media" negate="true" />
<add input="{REQUEST_URI}" pattern="^.*/App_Plugins" negate="true" />
<add input="{REQUEST_URI}" pattern="^.*/css" negate="true" />
<add input="{REQUEST_URI}" pattern="^.*/scripts" negate="true" />
</conditions>
</rule>
The url attribute does not include the schema, you need to explicitly specify the schema in the redirect:
<action type="Redirect" url="https://{ToLower:{HTTP_HOST}}{ToLower:{REQUEST_URI}}" />
This will solve your problem.

URL Rewrite in IIS 7 causes redirect loop

I have tried various methods found on the web (including some SO answers) for getting URL rewrite in IIS 7 to work so that I can turn mysite.com/somepage.aspx into mysite.com/somepage, for example. The last thing I've tried is the video at this link: https://www.youtube.com/watch?v=bBNJE7XA1m0. After applying these changes in IIS, I now can request mysite.com/somepage and get to mysite.com/somepage.aspx with the .aspx removed in the address bar. Partial success.
When I try to directly request mysite.com/somepage.aspx, however, I get into a redirect loop. I am hoping there is some simple mistake in my settings. Here is the web.config section created by making changes in IIS:
<rewrite>
<rules>
<rule name="HideAspxExtension">
<match url="^(.*)$" />
<conditions logicalGrouping="MatchAny">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
<add input="{REQUEST_FILENAME}.aspx" matchType="IsFile" />
</conditions>
<action type="Rewrite" url="{R:0}.aspx" />
</rule>
<rule name="RedirectingAspxExtension" stopProcessing="true">
<match url="^(.*).aspx$" />
<conditions logicalGrouping="MatchAny">
<add input="{URL}" pattern="^(.*).aspx$" />
</conditions>
<action type="Redirect" url="{R:1}" />
</rule>
</rules>
</rewrite>
I have tried to apply this setting to multiple applications and I get the same results. What I do not have is another server to test on.
These are rules I've used before:
<rule name="StripAspx">
<match url="^(.+)\.aspx$" />
<action type="Redirect" url="{R:1}" redirectType="Permanent" />
</rule>
<!-- Rewrite the .aspx for internal processing-->
<rule name="RewriteASPX" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="{R:1}.aspx" />
</rule>
The main differences I can see are:
These have the removal of the .aspx first (in rewrite rules, order matters). This also means that in these rules the stopProcessing directive is on the rewrite to .aspx, not the redirect away from it.
These don't have <add input="{REQUEST_FILENAME}.aspx" matchType="IsFile" />

Trailing slash Umbraco and HTTPs

I have an Umbraco site that sits behind a Netscaler. All requests are translated from http to https (via Netscaler) and a trailing slash is appended using IIS rewrites. The IIS re-write rule is causing a HTTPS request (without a trailing slash) to insert an additional request with a Status of 302. Essentially:
https://example.com/news (Status 301)
http://example.com/news/ (Status 302)
https://example.com/news/ (Status 200)
Ideally I would like one 301 Redirect and then a 200 - I need to remove the temporary redirect
The IIS rewrite rule to add trailing slashes:
<rule name="Add trailing slash" stopProcessing="true">
<match url="(.*[^/])$" ignoreCase="true" />
<conditions>
<add input="{REQUEST_METHOD}" pattern="POST" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
<add input="{REQUEST_URI}" pattern="^/umbraco/" negate="true" />
<add input="{URL}" pattern="^.*\.(asp|aspx|axd|asmx|css|htc|js|jpg|jpeg|png|gif|mp3|ico|pdf|txt|htm|html|php|xml)$" negate="true" ignoreCase="true" />
<add input="{URL}" pattern="/Base" negate="true" />
<add input="{URL}" pattern="cdv=1" negate="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="{R:1}/" />
</rule>
I have already implemented in the umbracoSettings.config file
{addTrailingSlash}true{/addTrailingSlash}
I have also tried the rewrite rule
<rule name="HTTP Redirect to HTTPS" enabled="true" patternSyntax="ECMAScript" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>
But this causes an infinite loop of 301's and the page dies
Running out of idea's
Sorted it.
<action type="Redirect" redirectType="Permanent" url="{R:1}/" />
Is not enough even though the redirect is Permanent the protocol is standard port 80. The action type need to updated to:
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}/" redirectType="Permanent" />
You need to specify https complete with the host and the {R:1}/ in the url attribute

IIS Url rewrite rule for Angular SPA + WebApi

I have a SPA + WebAPI application, they are both in the same project. I only want the WebAPI application to process requests from the directory "api". So anything under api will be handled by the server, everything else will be handled by the Angular SPA.
I currently have
<rewrite>
<rules>
<rule name="AngularJS" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
<add input="{REQUEST_URI}" pattern="^/(api)" negate="true" />
</conditions>
<action type="Rewrite" url="/" />
</rule>
</rules>
</rewrite>
This works OK except when I go to the URL
http://localhost/customers/2 (which loads the doc but all resources are coming in with the wrong mime type I have concluded its because of the redirect rules above)
the URL http://localhost/customers works fine will be routed by my SPA app
How do I get everything to be redirected to my SPA except for the requests that come under the API directory?
I do this with two rules. One to "whitelist" the server-side controllers I want to go to asp.net, which includes /api but also the authentication stuff under /Account and /Manage. The next sends everything else to angular unless it's a file or folder, much like what you already have.
<rule name="API Rule" stopProcessing="true">
<match url="^(api|account|manage)(.*)$" />
<action type="None" />
</rule>
<rule name="Angular Rule" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="/" />
</rule>
Try it this way, but feel free to remove "|account|manage" if you don't want those requests going to the server.
To see my entire ruleset, check out this question I have posted, where I handle HTTPS and canonical hostnames as well.
Update this line
<match url=".*" />
To this
<match url=".*|.*/.*$" />

Resources