IIS url rewrite Rules With domain change and https - asp.net

I used below code for http to https redirect, but don't know how to update domain and https at same time with multiple rules.
Thanks for your help
<!--Examples-->
Example 1:
input : http://prodServer/MyApplication
Expected Output: https://prodServer.mycompany.com/MyApplication
Example 2:
input : https://prodServer/MyApplication
Expected Output: https://prodServer.mycompany.com/MyApplication
Example 3
input : http://prodServer.mycompany.com/MyApplication
Expected Output : https://prodServer.mycompany.com/MyApplication
code
<system.webServer>
<rewrite>
<rules>
<rule name="httpsRedirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>

We just write two URL rules for the requirement. One for forcing the HTTP request to https request, another for converting the hostname to the actual server name.
<rewrite>
<rules>
<rule name="Force Https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{https}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" />
</rule>
<rule name="Myrule2" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="prodServer" />
</conditions>
<action type="Redirect" url="https://prodServer.mycompany.com/MyApplication" />
</rule>
</rules>
</rewrite>
Note: StopProcessing flag has no influent on the Redirect action, thereby these two rules will be performed properly on the server-side when an Http request received.
Feel free to let me know if the problem still exists.

it worked for me with
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
<add input="{HTTP_HOST}" pattern="^prodServer$" />
</conditions>
instead of
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
<add input="{HTTP_HOST}" pattern="prodServer" />
</conditions>

Related

Redirect to different domain while preserve subdomains and query parameters and also enforce https using web.config

Using the Web.config only, I need to redirect all traffic to a new domain, yet also:
1) preserve subdomains
2) preserve query parameters
3) if "http" and not "https" change to "https" while doing the above
I can easily handle enforcing HTTPS, and I have seen many references to redirects for domains, but have not found any that preserve the subdomains while changing to the root domain.
<rewrite>
<rules>
<rule name="Redirect HTTP to HTTPS" stopProcessing="true">
<match url="^(.*)$" />
<conditions trackAllCaptures="true">
<add input="{HTTPS}" pattern="^OFF$" />
<add input="{HTTP_HOST}" matchType="Pattern" pattern="^localhost(:\d+)?$" negate="true" />
<add input="{HTTP_HOST}" matchType="Pattern" pattern="^127\.0\.0\.1(:\d+)?$" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
'The above works to change http to https, but does not help with the need to change the domain. I have also seen this below which almost works:'
<rule name="redirect" enabled="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" negate="false" pattern="^(.*)\.foo\.com" />
</conditions>
<action type="Redirect" url="https://{C:1}.bar.com/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
...but removes the subdomain:
http://x.foo.com > https://.bar.com
Examples of what it needs to do:
http://x.foo.com > https://x.bar.com
https://y.foo.com > https://y.bar.com
https://x.foo.com/blah.aspx?param=blue > https://x.bar.com/blah.aspx?param=blue
http://y.foo.com/blah.aspx?param=blue > https://y.bar.com/blah.aspx?param=blue
Okay, I have come up with the following solution that does exactly what I have needed (see above requirements). I did this by adding two independent rule blocks: one to ensure HTTPS, and the other to do a redirect to the other domain if necessary. I sense that this does double the traffic if the visit needs both 1) HTTP to HTTPS and 2) direct to the new domain (from *.foo.com > *.bar.com) but at least it works. Not sure if it could be tweaked into one rule to save hits?
<rewrite>
<rules>
<rule name="Redirect HTTP to HTTPS" stopProcessing="true">
<match url="^(.*)$" />
<conditions trackAllCaptures="true">
<add input="{HTTPS}" pattern="^OFF$" />
<add input="{HTTP_HOST}" matchType="Pattern" pattern="^localhost(:\d+)?$" negate="true" />
<add input="{HTTP_HOST}" matchType="Pattern" pattern="^127\.0\.0\.1(:\d+)?$" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther"/>
</rule>
<rule name="Redirect to new domain" enabled="true">
<match url="(.*)$" />
<conditions trackAllCaptures="true">
<add input="{HTTP_HOST}" negate="false" pattern="^(.*)\.foo\.com" />
</conditions>
<action type="Redirect" url="https://{C:1}.bar.com/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>

Possible to exclude subfolder from https rewrite?

I have a webiste that runs https. Now some programmers need a subfoder that has no https.
This is what i have in my web.config right now:
<rule name="HTTP Redirect to HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
We need the folder "wp-content\rest" to be excluded from this https redirect.
In hope someone can help me with this one.
You need to add an additional condition into your rule:
<rule name="HTTP Redirect to HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
<add input="{REQUEST_URI}" pattern="^/wp-content/rest" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
Then this rule will disable redirects to all urls like that http://www.example.com/wp-content/rest*

IIS Rewrite Rule - How to include root documents

I have a simple IIS rule to redirect HTTPS to HTTP:
<rule name="HTTPS" enabled="true" stopProcessing="true">
<match url=".*\.(asp)$" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="on" />
<add input="{REQUEST_URI}" negate="true" pattern="^/ecards/user*" ignoreCase="true" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
The matching url will only work on .asp files, but how can I also get it to work for root directories?
E.g.
example.com
example.com/
example.com/test
example.com/test/
I don't want to just have the match URL as:
<match url="(.*)" />
Because then other non .asp files get rewritten.
One way to include directories in your rule is to exclude everything else.
Assuming that everything else has a file extension (e.g. .php, .css. .js, etc.) you can negate all input that has the . in the path.
I changed your code a bit to make a working demo locally (I don't have HTTPS locally to test so instead of redirecting to HTTP I set it to redirect to About.aspx) and the two rules are:
<rule name="HTTPS" enabled="true" stopProcessing="true">
<match url=".*\.(asp)$" ignoreCase="false" />
<action type="Redirect" url="/About.aspx" appendQueryString="true" redirectType="Permanent" />
</rule>
<rule name="NEWRULE" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{REQUEST_URI}" negate="true" pattern=".*\.(.)$" ignoreCase="true" />
<add input="{REQUEST_URI}" negate="true" pattern="^/About*" ignoreCase="true" />
</conditions>
<action type="Redirect" url="/About.aspx" appendQueryString="true" redirectType="Permanent" />
</rule>
So, based on your original code sample, a new rule that will work for you would be similar to this:
<rule name="IncludeDirectories" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{REQUEST_URI}" negate="true" pattern=".*\.(.)$" ignoreCase="true" />
<add input="{HTTPS}" pattern="on" />
<add input="{REQUEST_URI}" negate="true" pattern="^/ecards/user*" ignoreCase="true" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
Note: The above approach is rather aggressive. You could replace this condition:
<add input="{REQUEST_URI}" negate="true" pattern=".*\.(.)$" ignoreCase="true" />
with the following:
<add input="{REQUEST_URI}" negate="true" pattern=".*\.(php|css|js|jpg|gif|png)$" ignoreCase="true" />
Where you exclude specific extensions. You add as many as you want.
Edit: If you want to have specific pages still with HTTPS maybe the following rule will be helpful (haven't tested it though). The previous rule sends to HTTP all URLs except those that have /ecards/user where this one sends to HTTPS those that have /ecards/user. I believe there will be no conflict.
<rule name="HTTPS2Admins" enabled="true" stopProcessing="true">
<match url="/ecards/user(.*)" />
<conditions>
<add input="{HTTP}" pattern="on" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/ecards/user{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>

web.config to redirect multiple aliases across HTTP and HTTPS

My application has multiple aliases that all need to be redirected to our new alias. With my current rules, I'm able to get the redirects working, but only in one protocol or the other, not both.
For example, my web.cong rule looks like this:
<rule name="Redirect_Alias_1" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTP_HOST}" pattern="*example1.com" />
</conditions>
<action type="Redirect" url="http://example2.com" />
</rule>
But if the user is trying to access our HTTPS version of example2, they get redirected back to the HTTP version. How do I write the rule so that the protocol doesn't matter?
Try 2 rules, each with a condition to check the HTTPS server variable.
<rule name="Redirect_Alias_1" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTPS}" pattern="OFF" />
<add input="{HTTP_HOST}" pattern="*example1.com" />
</conditions>
<action type="Redirect" url="http://example2.com" />
</rule>
<rule name="Redirect_Alias_2" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTPS}" pattern="ON" />
<add input="{HTTP_HOST}" pattern="*example1.com" />
</conditions>
<action type="Redirect" url="https://example2.com" />
</rule>

How do I redirect all but a single url to https in ASP.Net?

I have the following code in my web.config:
<rewrite>
<rules>
<rule name="Redirect HTTP to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
I would like to redirect everything EXCEPT for http://www.mysite.com/manual to https.
How would I modify the above to allow this?
It should be ok with adding the following code in your conditions tag
<add input="{REQUEST_URI}" negate="true" pattern="^/manual/*" ignoreCase="true" />

Resources