I have URL Rewrite rule in IIS 10 to enforce all http request to https this way and it works perfect.
<rewrite>
<rules>
<rule name="HTTP/S to HTTPS Redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{SERVER_PORT_SECURE}" pattern="^0$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
Here comes the twist..
I am hosting one ClickOnce application on the same server and when installer try to download the application then it gives error
URLDownloadToCacheFile failed with HRESULT '-2146697202' Error: An error occurred trying to download
Although URL is propery accessed via browser which is mentioned in this error.
As per microsoft documents error description is
if the setup URL of the ClickOnce application being installed is redirected from a non-secure to a secure site (or vice-versa), the installation will fail because the Internet Explorer warning interrupts it.
** Installer is using IE internally to download the manifest file
Now to tackle this situation I have made IP binding with my site in IIS so i would access the file with IP but when I do access the site with IP then the above rule also trigger for it and redirects to HTTPS and browser give an error again because hostname mismatch in SSL Certs. I want to bypass this redirect rule for my site when it browsed with IP.
I donot know how I can modify the above rule by having additional condition or what will be the new rule to bypass this https redirection when access via IP.
EDIT: https://dpaste.de/xWJE Here is full webconfig with suggested fix by #Kul Tgin
Related
I have an IIS server hosting a few external domains and also an internal web app, also I have a woocommerce site sitting on an apache server. The IIS server sits on a fixed public IP address and the Apache server also on another fixed public IP. All infrastructure is in house. We are shortly giving up out /29 network for a single fixed IP /32 network. I was planning to use ARR and URL rewrite to have both the IIS and Apache server utilize 1 fixed public IP.
I installed ARR on the IIS box and configured the following web.config, note that bost the IIS box and Apache box have valid certificates.
<configuration>
<system.webServer>
<rewrite>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A, Form, Img" pattern="^http(s)?://192.168.8.100/(.*)" />
<action type="Rewrite" value="http{R:1}://test.example.com/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
<rules>
<clear />
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<action type="Rewrite" url="{C:1}://192.168.8.100/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
192.168.8.100 being the internal server hosting woocommerce on Apache. So what works after this is that https://test.example.com works fine reverse proxied to appache from IIS, test.example.com also works fine. However http://test.example.com fails with ERR_TOO_MANY_REDIRECTS which I can see using fidler.
Things I have tried
Turning off 'Reverse rewrite host in response headers' in ARR, this stops the too many redirects but shows the host as the 192.168.8.100 address and obviously fails the cert, however woocommerce site comes up fine.
Adding a rewrite rule for HTTP to HTTPS to Apache at /etc/apache2/sites-available/wordpress.conf - This made no difference to the too many redirects error.
Adding a redirect rule for HTTP to HTTPS in the .HTACCESS file at /var/www/wordpress/.htaccess - This made no difference to the too many redirects error.
Remove Really Simple SSL plugin from Wordpress - This made no difference to the too many redirects error.
I am now at my wits end as to what to try now.
Answering my own question, and it was a schoolboy error, when I tried the IIS HTTP --> (HTTPS) rewrite, I forgot to move it up ahead of the reverse proxy rule, hence it was never, ever going to execute it. Move it up and all works fine. Doh!
I have an ASP.Net application being hosted on a webserver with Plesk installed.
The application is hosted on a sub-domain (webapp.website.com) and the link to login to the system is supplied through the main domain website, so I haven't noticed this up until now.
If you type in webapp.website.com or http://webapp.website.com the website will connect to an unsecured page with the following error:
Server Error
403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.
If you manually type in https://webapp.website.com (which is what the link is setup to do) the app connects just fine and works as expected.
I have enabled Permanent Redirect to HTTPS in Plesk, and have manually written a redirect rule in IIS Manager, but for some reason it seems to be ignoring this rule because the server connection is failing in HTTP and displaying the Server Error page instead.
How can I resolve the redirect issue to either stop the error on HTTP, or for it to skip over and redirect to HTTPS?
I suspect there may be a problem with your rules, you can try the following rules:
<rewrite>
<rules>
<rule name="Test" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="OFF" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" />
</rule>
</rules>
</rewrite>
This rule will redirect all http requests to https.
I have ASP.NET MVC site on IIS 7.5/Windows Server 2008 R2. Site have a set of http bindings to different domains, such as domain1.test.dev.com. domain2.test.dev.com, 10 bindings in total. They all are doing well, except one. Every request for an image(jpg, gif, png) returns 404 for this single binding. So entire layout has been loaded, all others requests feel good, but all images are broken with error 404 Not Found. There are no https bindings, they all are using http, port 80 and IP Address is 'All Unassigned'.
Could anyone help please?
The answer is found. There was an additional web.config file in ~/Images directory. This config contained specific redirection rule for one of the domain, so for this domain I saw 404, and others worked great. An additional web.config appeared in ~/Images directory accidentally, because of missclicking
in URL Rewrite module on the IIS. Some time ago we have used such redirections for demo and removed them after that. The redirection rule in web.config was a kind of:
<system.webServer>
<rewrite>
<rules>
<rule name="ProductionRedirectDomain1" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{CACHE_URL}" pattern="*domain1.test.dev.com*" />
</conditions>
<action type="Redirect" url="{C:1}domain1.com{C:2}" />
</rule>
</rewrite>
</system.webServer>
The bug has disappeared after removing a redundant config. Thanks, everybody!
I installed IIS URL Rewrite 2.0 and add a rule to redirect all http links to https. Here is my Web.Config Code:
<rewrite>
<rules>
<rule name="REdirect To HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
Everything looks fine. But when I access my website using http, it throws 403 error.
403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.
TLS 1.0 is enabled with IIS 7.5.
Where I can get more info on exactly what type of 403 error it is?
SSL was enabled in IIS. I just read somewhere that in SSL Settings Require SSL need to be unchecked when using URL Rewrite 2.0.
I deselect the Require SSL and click Apply. Its working fine now.
I was getting the same error; here was my solution, in case it helps others.
My rule was rewriting URLs coming in to the Default Web Site's root application ("/") to "/public", but I was getting a 403 error. The "/public" application worked fine if I requested it directly, and it also worked fine if I disabled the rewrite rule, so permissions there were not the issue.
"Require SSL" was not checked, as noted in an earlier answer.
Looking at the IIS log file, I found that the specific flavor of error was 403.18 - "Cannot execute requested URL in the current application pool".
The web site's root application needs to be assigned the same application pool as the application you're sending the request to.
Its not sure if this will help but I see your rule is not enabled
<rule name="Redirect to https" enabled="false" stopProcessing="true">
Here is my web.config redirect rule:
<rewrite>
<rules>
<rule name="Redirect from old page">
<match url="^oldpage.aspx" />
<action type="Redirect" url="pages/newpage.aspx" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
On localhost this redirect rule works just fine.
When I publish the config file to IIS, the redirect rule seems to break the web application. Every page I try to go to returns a 500 error.
Note: the web application uses an IP addresses instead of domain name.
Example: I want to redirect http://192.168.168.255:44/oldpage.aspx?queryString=parameter to http://192.168.168.255:44/newpage.aspx?queryString=parameter but I receive a 500 error. Even if I want to visit http://192.168.168.253, I receive a 500 error.
IIS says to:
Delete the malformed XML element from the ApplicationHost.config file or from the Web.config file.
However, I can't identify what is malformed about this redirect rule. It works just fine in the localhost. Should I include the full IP address in the match url node? If so, how would I format that?
Are you sure the IIS Rewrite module is also installed on the server? If not IIS will not recognize the Rewrite Node and give a 500 error.
http://www.iis.net/downloads/microsoft/url-rewrite