When I added the URL rewrite code in web.config and then publish it into azure. it will automatically redirects to https even I am trying to access website with http.
<rewrite>
<rules>
<rule name="Redirect to https">
<match url="(.*)"/>
<conditions>
<add input="{HTTPS}" pattern="Off"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}"/>
</rule>
</rules>
</rewrite>
But when I run the same code in my local machine it gives the below error.
This site can’t provide a secure connection
How can I resolve the above error when I run the above code in my local machine?
What I do personally is put that rewrite configuration into Web.Release.config precisely because it is a bit fiddly to get it working locally.
The problem is that IIS Express will expose HTTP and HTTPS on different ports, so if you redirect from http://localhost:1234 to https://localhost:1234, it simply won't work, because IIS Express is exposing HTTPS on something like https://localhost:44300.
You can enable SSL/TLS on IIS Express (and you should), but I would leave the rewrite rule only for Release mode.
Here is an example Web.Release.config file:
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.web>
<compilation xdt:Transform="RemoveAttributes(debug)" />
</system.web>
<system.webServer>
<rewrite xdt:Transform="Insert">
<rules>
<!-- Redirects users to HTTPS if they try to access with HTTP -->
<rule
name="Force HTTPS"
stopProcessing="true">
<match url="(.*)"/>
<conditions>
<add input="{HTTPS}" pattern="^OFF$" ignoreCase="true"/>
</conditions>
<action
type="Redirect"
url="https://{HTTP_HOST}/{R:1}"
redirectType="Permanent"/>
</rule>
</rules>
<outboundRules>
<!-- Enforces HTTPS for browsers with HSTS -->
<!-- As per official spec only sent when users access with HTTPS -->
<rule
xdt:Transform="Insert"
name="Add Strict-Transport-Security when HTTPS"
enabled="true">
<match serverVariable="RESPONSE_Strict_Transport_Security"
pattern=".*" />
<conditions>
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
</conditions>
<action type="Rewrite" value="max-age=31536000" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
Note that I also add HSTS here. It inserts the <rewrite> element into Web.config in Release mode. The <system.webServer> element already exists in Web.config, otherwise I would be inserting that.
This always solves the issue for me.
In Solution Explorer, click your project.
Hit the F4 key (view properties).
Copy the URL (NOT the SSL URL).
Paste the URL into the Project Url on the Web Tab, Save.
In Solution Explorer, click your project.
Hit the F4 key (view properties).
Change SSL Enabled to false.
Change it back to true. There should be a new SSL URL. Copy it.
Paste the new SSL URL into Project URL on Web tab. Click Create Virtual Directory.
Click Override application root URL, and paste in SSL URL. Save.
You will have to configure Visual Studio Server to be used with HTTPS.
Please go through this link for details:
HTTPS with Visual Studio's built-in ASP.NET Development Server
I solved this problem with older version of Chrome web browser.
This is the list of older chrome versions where you can download and install it.
60.0.3112.90 - for Ubuntu is the version that works just fine for me.
Maybe it's little slower then newer versions but i found it's pretty good for production (:
On my end, I found out that there was a javascript code that redirects the site from http to https. So try to explore your environment if there are other code responsible for that issue. Hope this can help. Thanks
I just changed the URL in the Web tab of the project properties to use a PORT that starts with 443, e.g. 44301. Also be sure to change http to https. It works for me.
Related
This issue is not related to application configurations (custom), but more to do with IIS settings.
So I need the following to be in the web.config when i create a publish for my app.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>
<security>
<requestFiltering allowDoubleEscaping="true" />
</security>
</system.webServer>
</configuration>
However, when debugging i only want the part and not the http redirect (If i try to debug my app with the rewrite in the web.config it does not start)
in previous asp.net, we could have multiple web.configs for debug and release and it would transform when published.
I simply want to the all of the above code to be in the web.config when published, and only part to be in applied in web.config when i am debugging
This isn't a true answer to your question, but I've got what I think is a much better solution overall. For some time, I've found the fact that URL Rewrites have to go into the Web.config to be frustrating. As careful as you are, it's almost inevitable that you're going to overwrite the Web.config at some point, removing rewrites that have been added to it. This is especially the case if a developer doesn't know better and adds a rewrite directly through IIS, but never copies it over to the project's Web.config in source control (which happens more often than not).
As a result, I started creating a site in IIS just for redirects like this. It has nothing but a Web.config, and then I add the bindings that I'm redirecting from to it. For example, for a rewrite like this, you'd add the binding for the HTTP version of your domain to the redirect site and the HTTPS binding to the actual web application site. Then, you can create the rewrite rule on the the redirect "site", and never ever worry about accidentally overwriting it, because you never publish anything there. This would effectively side-step your issue here, entirely.
We have an Asp.Net Core web application which is running on .Net framework (net452), and hosted in Azure as a Web App.
I'm trying to redirect all http requests to https.
My current understanding is:
I can't specify IIS rewrite rules in web.config as the application
is an Asp.Net Core application
I can't use the
Microsoft.AspNetCore.Rewrite middleware as of version 2.0.0.0 it
requires .Net Standard 2.0, and net452 only supports .Net Standard
1.5.
If the above are correct, what is the best way of doing this?
I'm currently considering writing a small piece of middleware, but feels like there must be an easier way...
i really doubt for point 1.
because it is an IIS setting.
anything under <system.webServer> is only related to IIS not the tech you are using, even with PHP/Java/pureHtml applications, you can still use that section to add rewrite rules. the rewrite will happen before your requests reach your application. BUT for azure apps, you mean need to enable ARR, it used to have some issue with rewrite rules, but now it should be fine because recently i just set some rules for a PHP application in a new Azure app
You could use an App Service custom extension.
For example, there's an extension that forces traffic to go via HTTPS, described in this post.
This redirects all http traffic to https. It also makes sure that the site warmup request gets through, which makes things work correctly in site swap and Always On scenarios.
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-
Transform">
<location path="%XDT_SITENAME%" xdt:Transform="InsertIfMissing"
xdt:Locator="Match(path)">
<system.webServer xdt:Transform="InsertIfMissing">
<applicationInitialization xdt:Transform="InsertIfMissing">
<add initializationPage="/" xdt:Transform="InsertIfMissing"/>
</applicationInitialization>
<rewrite xdt:Transform="InsertIfMissing">
<rules xdt:Transform="InsertIfMissing">
<rule name="Force HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
<add input="{WARMUP_REQUEST}" pattern="1" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
Hope someone here has experience of this because I have no clue! Let me say from the start that I've got no experience with asp.net or DotNetNuke.
I've recently started up a small web hosting company to get some extra cash and I've got a client who wants to come on board. The current host of their website has provided me with the source files and a SQL Server db backup. The site was created using DotNetNuke.
I've restored the database and uploaded the source files, I also update the web config with the new connection details. I had hoped it would just work... but it didn't. I'm getting the following error:
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration
data for the page is invalid.
The Config Source box on the error page has
-1;
0:
and the 0 is in red.
Hope some can help with this, not sure what info you need so I'll leave it there for now.
Thanks a lot.
Alex
**** Update ****
I can't install anything on the server because it's shared hosting with 1and1, I don't get direct access to the server. I'll contact 1and1 and make sure that URL rewriter is installed.
The web.config is too big to put the contents into the post. So here's a link to it:
web.config
Thanks in advance.
Cheers
Alex
It could be unrelated to DotNetNuke itself. Error 500.19 means that there is a problem with the web.config file, see IIS HTTP Error 500.19.
First try to install the IIS URL rewriter (http://www.iis.net/downloads/microsoft/url-rewrite) on the server. That is the most common missing IIS plugin. If that does not work then post the web.config file so others can see and try to find the problem.
UPDATE
It is very likely the URL rewriter. Take a look at the web.config, lines 98 to 120. You will see the node.
<rewrite>
<rules>
<rule name="LowerCaseRule1" stopProcessing="true">
<match url="[A-Z]" ignoreCase="false" />
<action type="Redirect" url="{ToLower:{URL}}" />
</rule>
<rule name="CanonicalHostNameRule1">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\.test\.co\.uk$" negate="true" />
</conditions>
<action type="Redirect" url="http://www.test.co.uk/{R:1}" />
</rule>
<rule name="oldHome" stopProcessing="true">
<match url="^index.html(.*)$" />
<action type="Redirect" url="/" />
</rule>
<rule name="oldLodges" stopProcessing="true">
<match url="^lodges.html(.*)$" />
<action type="Redirect" url="/HolidayLodges.aspx" />
</rule>
</rules>
</rewrite>
You can remove it. It doesn't seem to be very important for the functionality of the website. Just some legacy stuff.
Second DNN has its own URL rewriter and I've never seen them being used at the same time. It could only lead to problems if both rewriters are trying something similar.
Also take a look at line 29, an Entity Framework connection string. Not sure why that is needed for DNN.
<add name="newsellerdwebsiteEntities1" connectionString="metadata=res://*/Model.Database.csdl|res://*/Model.Database.ssdl|res://*/Model.Database.msl;provider=System.Data.SqlClient;provider connection string="data source=**;initial catalog=**;user id=**;password=**;MultipleActiveResultSets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
And line 35, AutoUpgrade should ALWAYS be set to false, And to be sure there is no upgrade hack delete the InstallWizard.aspx, InstallWizard.aspx.cs, UpgradeWizard.aspx and UpgradeWizard.aspx.cs from the /Install folder. This only applies when the site is functioning.
<add key="AutoUpgrade" value="true" />
All, I was stuck with a problem when I deploy a web site. I found there is an element named rewrite in the web.config.
<rewrite>
<rules>
<!-- below rule will abort api request when the request to pattern "apis/v.*" is of "http" method-->
<rule name="AbortApiHTTPRequest">
<!-- Note:
the below pattern is assumed that all apis conain prefix "apis/v", e.g. apis/v3/aaauth
if there are some exceptions for the assumption, below pattern needs to be updated.
-->
<match url="^apis/v.*$" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="AbortRequest" />
</rule>
<!-- below rule will redirect all non-https requests except for above requests to https request.-->
<rule name="RedirectToHTTPS" stopProcessing="true">
<match url="^.*$" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{SERVER_NAME}/{R:0}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
When I remove the element everthing is ok, the website works well. Otherwise I got a error says.
HTTP Error 500.19 - Internal Server Error The requested page cannot be
accessed because the related configuration data for the page is
invalid.
After I did some research, I found this question talking about it. I am not sure if it is the cause of the problem. seems it is just a xml syntax validation of Visual studio. Does it really matter with the deployment of web site in IIS 7?
Anyway, I also followed the instructions of the post , But I failed to get it works .even I run the cmd as the administrator. the error says below.
Failed to open file Xml\Schemas\DotNetConfig.xsd. Make sure that the
script is run in the elevated command prompt.
I wandered if I have the enough previlige to run cscript command ? thanks.
More
If I run the project in the Visual Studio with the Asp.net development server, It can work without any error. But If I published the project to the IIS in my computer. It doen't work.
The rewrite directive is used by URLRewrite module for IIS.
If the module is not installed, you will get an error similar to the above. You can either install the module if you need URLRewriting - or - comment out the entire <rewrite> section.
I recently got a SSL certificate for my website and want to redirect all traffic to HTTPS. I got everything to go to https://mydomain.com but if someone enters http://mydomain.com/anotherpage it drops the other page and just takes the user to the home page.
My rule in my web.config file looks like this:
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
I also tried https://{HTTP_HOST}{REQUEST_URI} without any success. Can anyone tell me what I need to do to make the website redirect to the proper HTTPS version of the page? I have a feeling it has something to do with the pattern, but I can't seem to figure out the syntax.
I found a way to do this, and you don't need the Rewrite module for it. The following worked for me on Windows 8 (IIS 8.5):
Remove the HTTP binding from your site (leave HTTPS in place)
Add another site
Make sure that the new site has HTTP binding
Configure HTTP Redirect as shown:
Now all HTTP request will redirect to your HTTPS site and will preserve the rest of the URL.
Change it to:
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
I had the same problem where the R:1 was dropping my folders.
I fixed it like this.
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"
appendQueryString="false" redirectType="SeeOther" />
</rule>
I can't comment yet or I'd leave this as a comment under AndyH's answer. The solution was correct, though I hit a single further snag (likely tied to the use of Adobe's Coldfusion server). I wanted to share some further research I had to do for any other unfortunate soul who may run into it.
Once set up, the redirect would always end at this url:
https://xxx.xxx.com/jakarta/isapi_redirect.dll
The fix for this was found in an Adobe thread (https://forums.adobe.com/thread/1034854): I had to change an application pool's settings as follows:
Real site (HTTPS binding only, actually contains code and virtual directories)
Application pool's Advanced Settings: Enable 32-Bit Applications : False
Http_Redirect site (HTTP binding only, is a blank shell of a folder with no directories)
Application pool's Advanced Settings: Enable 32-Bit Applications : True
EDIT: Another detail, tied to query string preservation:
Per suggestion in this post (http://www.developerfusion.com/code/4678/permanent-301-redirect-with-querystring-in-iis/)
Add $S$Q at the end of the domain and make sure the box for Redirect all requests to exact destination is checked. Then it will save the query string as well.
I believe AndyH's answer to be the easiest and best way. I have found using the URL rewrite can also conflict with code that may redirect the user to another page. IT commonly broke in our environment. But Andy's solution worked flawlessly. I also think Andy's solution will put less overhead on the server as it doesn't need to examine every url hitting it for possible re-write conditions.
I found a workaround:
Consider what in IIS is consired a website: simply a set of rules, the path in which get files and its bindings.
Furthermore, there's available a function called "HTTP Redirect" (included standardly in IIS), that redirect an host to another, keeping all subdirectory (it makes a relative path). The workaround is to leave just the binding for HTTPS (port 443) in your website, and create another with the binding on HTTP (port 80) and set for this an HTTP redirect to your URL with https://.
For example, consider a website called mytest and its urls http://www.mytest.com/ and https://www.mytest.com/.
Set for it instead only binding on https://www.mytest.com/, and delete the http binding. Then create a new website with the same local path, called mytest http with just a binding over port 80 (http://www.mytest.com/) and set for this one an HTTP Redirect to https://www.mytest.com/.
Simple and clean, and that should be as fast as directly the https url for the user, because it's just an internal redirect. I hope that can work for you!
You can add the URL Rewrite module to IIS (IIS 7 or higher) which allows you to add create the redirect in a visual way. The module can be downloaded here.
This step-by-step tutorial worked wonders for me and explains that when using this module, all it actually does is add some code to your web.config file as such:
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
I have found that the
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
syntax will only work for the website's ROOT web.config file.
If the rewrite rule is applied to a virtual web.config file, then use..
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{URL}" />
The {URL} syntax will include the initial forward slash, the virtual path, and any URL parameters.