I'm using URL Rewrite on IIS 10.0 and have the following rule configured at the server level (applicationHost.config). I've tried it in my web.config to no avail as well.
<rewrite>
<globalRules>
<rule name="redirect">
<match url="/admin" />
<conditions>
<add input="{REMOTE_ADDR}" pattern="10.30.*.*" negate="true" />
</conditions>
<action type="Rewrite" url="/error" />
</rule>
</globalRules>
</rewrite>
Is there anything immediately obviously wrong here? I want any external traffic trying to hit /admin to get redirected to an error page, and only allow a single internal IP block to access it. Pulling my hair out over here.
You may need to install Application Request Routing, which is an extension to IIS and is available here: https://www.iis.net/downloads/microsoft/application-request-routing
There is a problem in match regexp. It shouldn't start with slash. Correct is ^admin (^ means start of url)
<rule name="redirect">
<match url="^admin" />
<conditions>
<add input="{REMOTE_ADDR}" pattern="10.30.*.*" negate="true" />
</conditions>
<action type="Rewrite" url="/error" />
</rule>
And i have couple of notes:
1) For IP validation better to have regexp like that: 10.30.[0-9]{1,3}.[0-9]{1,3} instead of 10.30.*.*
2) Depends on your load balancer and network infrastructure, but you might need to check {HTTP_X_Forwarded_For} header instead {REMOVE_ADDR}, because client's IP might be in different header
Related
I want to redirect "abc.aspx/" to "abc.aspx". How can this be done?
Page gets broken when requested page ends with '/'. How to handle such type of requests?
Is there any rewriting rule that can be added into web.config file?
In your web.config, under the system.webServer, add
<rewrite>
<rules>
<!--To always remove trailing slash from the URL-->
<rule name="Remove trailing slash" stopProcessing="true">
<match url="(.*)/$" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="{R:1}" />
</rule>
</rules>
</rewrite>
Some Gotchas
In your development environment, if you run your web site under Visual Studio Development Sever, you won't be able to see this feature working. You will need to configure your application to run under at least IIS Express.
When you deploy your web site and see that this feature is not working on your production server, it will be because you miss configured something. One of the common mistakes is having overrideModeDefault attribute set to Deny for rules under <sectionGroup name="rewrite"> inside your applicationHost.config file.
If you are on a shared hosting environment and you see that this feature is not working, ask your provider if they have given you the permission of configuring this part.
Source: http://www.tugberkugurlu.com/archive/remove-trailing-slash-from-the-urls-of-your-asp-net-web-site-with-iis-7-url-rewrite-module
I know this is an old post, but Mihai's answer can make your application vulnerable to open redirects attack (see this)
<action type="Redirect" redirectType="Permanent" url="{R:1}" />
This redirect URL can be used for an external redirect, so make sure you have other validations in place before this rule is evaluated or change the redirect to make it internal instead. If you really want to remove the trailing slash and keep it internal, you can change it to:
<action type="Redirect" redirectType="Permanent" url="/{R:1}" />
Cheers
I was trying to play with URL re-writing using the Rewrite Module 2.0 but I had no luck getting it to work. What I'm trying to do is re-write all calls to web app at port 80 to other applications hosted in IIS (or maybe on different servers on the network). Using the GUI provided by IIS I created the following rule:
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="site1/(.*)" />
<action type="Rewrite" url="http://localhost:7001/{R:1}" />
</rule>
</rules>
</rewrite>
Quiet simple, but unfortunately it does not work. On the other hand, when I change the action type to Redirect, it works fine.
What could be the problem?
I ran into this same issue yesterday, and it took me a long time to figure out.
The key here is that you've got an http:// prefix in your rewrite action; that makes this a special case that needs to be handled by Application Request Routing. The first step is to make sure that the Application Request Routing module is installed. You can find the module at https://www.iis.net/downloads/microsoft/application-request-routing. Once that is installed, go to your IIS web server (a level up from your web site), and open the Application Request Routing Cache feature. From the actions on the right, choose Server.Proxy.Settings, and make sure that the "Enable Proxy" checkbox is checked. This allows the URL rewrite task to be re-routed to Application Request Routing, and your reverse proxy should work for external requests.
The idea came from this excellent blog post from 2009: http://ruslany.net/2009/04/10-url-rewriting-tips-and-tricks/
Stumbled across this old post when I was trying to solve the same issue.
SOLVED!
Using Rewrite URL feature in IIS Services Manager I created a friendly URL rule.
This worked ok and when I looked at the rule in the web.config file (www root) it showed 1 rule to redirect and 1 rule to rewrite.
I edited this to suit 1 match. Then I just duplicated this code editing the product ID for each. Example below:
<rule name="RedirectUserFriendlyURL1" stopProcessing="true">
<match url="^product\.php$" />
<conditions>
<add input="{REQUEST_METHOD}" pattern="^POST$" negate="true" />
<add input="{QUERY_STRING}" pattern="^id_product=\b35\b" />
</conditions>
<action type="Redirect" url="990mm-bohemia-cast-iron-electric-radiator"
appendQueryString="false" />
</rule>
The first rule looks for the string "product.php" in the URL and "id_product=35", it then redirects to "990mm-bohemia-cast-iron-electric-radiator" which currently does not exist. Then (see below)
<rule name="RewriteUserFriendlyURL1" stopProcessing="true">
<match url="^\b990mm-bohemia-cast-iron-electric-radiator\b" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="product.php?id_product=35" />
</rule>
This rule rewrites the "product.php?id_product=35" bit to `990mm-bohemia-cast-iron-electric-radiator", creating the new location for the redirect.
Do make sure MVC routing doesn't steal your request. To prevent that from happening, ignore the route you're trying to rewrite:
RouteTable.Routes.Ignore("blog/{*pathInfo}");
Inspired by: https://sitecore.stackexchange.com/questions/3645/how-to-setup-a-reverse-proxy-with-sitecore
Change the Rewrite URL to AbsolutePath instead putting http://...
it should be
<action type="Rewrite" url="{R:1}" />
It worked for me, but in my case, I have been rewrite to a fixed webpage.
I've hosted a site in IIS but whenever I browse to the site I get 404.4. How can I solve this? I've referred several posts and they all say the issue is about staticfile but it is already mapped. What more can I do? Here is the attached picture of handler mappings in my iis 7.0
Any ideas?
EDIT:
I have this url rewriter set up:
<rules>
<rule name="Imported Rule 1-1" enabled="true" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions logicalGrouping="MatchAll">
<add input="{SERVER_PORT}" pattern="80" />
</conditions>
<action type="Rewrite" url="https://abc.com/{R:1}" />
</rule>
When I disable this rule the http:// request is correctly handled. But when I enable it, I get this error.
Yet another update:
If I replace this:
<action type="Rewrite" url="https://abc.com/{R:1}" />
with
<action type="Redirect" url="https://abc.com/{R:1}" />
It all works out pretty well.
I was having the exact same issue. I installed Application Request Routing component and then set the Proxy enabled and selected the Use URL Rewrite to inspect incoming requests entered the redirect url alias and mine worked
I'm simply adding to a set of rules on existing rewrite rules for our company website. We have a file that we need to restrict to only our internal IP addresses. The URL is http://oursite.com/internal/index.aspx?u=blahblah and need it restricted to IP ranges 10.1.X.X. I'm adding this and it's not doing anything. Even if I tried to capture all using .* for the pattern, it still ignores it. Is my syntax correct? Thanks.
<rewrite>
<rules>
...
<rule name="Restrict URL" enabled="true" stopProcessing="true">
<match url="internal/index\.aspx" />
<conditions>
<add input="{REMOTE_ADDR}" pattern="^10\.1\.\d+\.\d+$" negate="true" />
</conditions>
<action type="AbortRequest" />
</rule>
</rules>
</rewrite>
I resolved this myself. I ended up using HTTP_X_FORWARDED_FOR as the header, due to our hosting provider.
I need to force every request to https://www.mysite.com (always with https and www)
The site is hosted in GoDaddy and I need to do it via IIS7 URL Rewrite Module.
I've been able to do the HTTPS redirect with the following code:
<system.webServer>
<rewrite>
<rules>
<rule name="Canonical Host Name" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^mysite\.com$" />
</conditions>
<action type="Redirect" url="https://www.mysite.com/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
Test cases
http://mysite.com -> https://www.mysite.com OK
http://www.mysite.com -> https://www.mysite.com NOT WORKING
I guess the condition is not being satisfied when I enter www.mysite.com in the browser, so there's no redirect and the page serves as HTTP instead of HTTPS.
I think I just need to modify the condition pattern, but I have almost nothing regex knowledge and I need this asap.
Thanks!
emzero, I think the issue is that your condition only matches precisely mysite.com:
<conditions>
<add input="{HTTP_HOST}" pattern="^mysite\.com$" />
</conditions>
Note the pattern: ^mysite\.com$. This says, in English, that the incoming URL must start with mysite.com and end with mysite.com, meaning www.mysite.com will not be matched.
Try this pattern instead, which allows for an option www.:
<conditions>
<add input="{HTTP_HOST}" pattern="^(www\.)?mysite\.com$" />
</conditions>
Happy Programming!