I'm trying to enforce https and a www prefix. However my rule doesn't fully work. Here is my rule:
<rewrite>
<rules>
<clear />
<rule name="Force https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://www.mydomain.co.uk/{R:1}" redirectType="Permanent" />
</rule>
<rule name="Force www" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="localhost" negate="true" />
<add input="{HTTP_HOST}" pattern="www.mydomain.co.uk" negate="true" />
</conditions>
<action type="Redirect" url="https://www.mydomain.co.uk/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
It works for redirecting http to https.
it works if I go to https://mydomain.co.uk (redirects to https://www.mydomain.co.uk)
however it DOES NOT work if I go to https://mydomain.co.uk/blah/whatever
Please can somebody advise? Thanks.
These are the rewrite rules that I use for that exact purpose. I've also added a rule to make the URL all lowercase and a rule to remove the trailing slash should one be present. This makes working with Analytics easier since it treats page.aspx and page.aspx/ as different url's. That is why I use ignoreCase=true because then it does not matter if someone uses upper case somewhere since it will be handled later on by the ToLowerCase rule
<rule name="ForceWWW" stopProcessing="true">
<match url=".*" ignoreCase="true" />
<conditions>
<add input="{HTTP_HOST}" pattern="^yoursite.com" />
</conditions>
<action type="Redirect" url="https://www.yoursite.com/{R:0}" redirectType="Permanent" />
</rule>
<rule name="HTTPtoHTTPS" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
<rule name="RemoveTrailingSlash">
<match url="(.*)/$" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="{R:1}" />
</rule>
<rule name="ToLowerCase">
<match url=".*[A-Z].*" ignoreCase="false" />
<action type="Redirect" url="{ToLower:{R:0}}" redirectType="Permanent" />
<conditions>
<add input="{URL}" pattern="WebResource.axd" negate="true" />
<add input="{URL}" pattern="ScriptResource.axd" negate="true" />
</conditions>
</rule>
Here is an example of such web.config -- it will force HTTPS for ALL resources (using 301 Permanent Redirect):
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="HTTP Redirect to HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
<rewrite>
<rules>
<rule name="Redirects to www.example.com" patternSyntax="ECMAScript" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^example.com$" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:0}" />
</rule>
</rules>
</rewrite>
</system.webServer>
Source: https://stackoverflow.com/a/9823208/5740382
For more Details: https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/url-rewrite-module-configuration-reference
Related
Removed previous post due to my carelessness and posted the live domain.
I've having trouble building a functioning Web.config rule that will direct traffic from http:// to https://www and http://www to https://www and https:// to https://www EXCEPT when on localhost or 127.0.0.1 while I'm doing some development.
Web.config
<rewrite>
<rules>
<clear />
<rule name="Redirect non-www OR non-https to https://www">
<match url=".*" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^example.com$" />
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:0}" redirectType="Permanent"/>
</rule>
</rules>
Updated and working rule, maybe there is something wrong that someone could point out?
<rewrite>
<rules>
<clear />
<rule name="Enforce HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="off" />
<add input="{HTTP_HOST}" matchType="Pattern"
pattern="^localhost(:\d+)?$" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
appendQueryString="true" redirectType="Permanent" />
</rule>
<rule name="Redirect example.com to www.example.com"
enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="^[^www]" />
<add input="{HTTP_HOST}" matchType="Pattern"
pattern="^localhost(:\d+)?$" negate="true" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:1}"
appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
I have the following rewrite rules in my web.config. The canonical rule works, however the lower case rule doesn't.
I'm trying to test it like this: www.mysite.com/UPPERCASE. I would have expected the url to be transformed to www.mysite.com/uppercase, but it stays in uppercase. What am I doing wrong?
<rewrite xdt:Transform="Insert">
<rules>
<rule name="LowerCaseRule" patternSyntax="ExactMatch">
<match url="[A-Z]" ignoreCase="false"/>
<action type="Redirect" url="{ToLower:{URL}}"/>
</rule>
<rule name="CanonicalHostName">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="^www.mysite.com$" negate="true" />
</conditions>
<action type="Redirect" url="{MapSSL:{HTTPS}}www.mysite.com/{R:1}" redirectType="Permanent" />
</rule>
</rules>
<rewriteMaps>
<rewriteMap name="MapSSL" defaultValue="OFF">
<add key="ON" value="https://" />
<add key="OFF" value="http://" />
</rewriteMap>
</rewriteMaps>
</rewrite>
You should remove patternSyntax="ExactMatch" from the rule LowerCaseRule because in your case, you want to use the regular expression system (which comes by default or by setting patternSyntax="ECMAScript").
So your rule should be:
<rule name="LowerCaseRule">
<match url="[A-Z]" ignoreCase="false"/>
<action type="Redirect" url="{ToLower:{URL}}"/>
</rule>
Try this
<rule name="LowerCaseRule" stopProcessing="true">
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{URL}" pattern=".*[A-Z].*" ignoreCase="false" />
</conditions>
<action type="Redirect" url="{ToLower:{URL}}" />
</rule>
This was better for me. I noticed {URL} does not properly resolve when you have a path like cassete.axd/scripts/myscript.js?xxx, it will redirect to cassette.axd?xxx instead.
<rule name="LowerCaseRule - HTTPS">
<match url="[A-Z]" ignoreCase="false"/>
<conditions>
<add input="{HTTPS}" pattern="on" ignoreCase="true"/>
</conditions>
<action type="Redirect" url="https://{ToLower:{HTTP_HOST}}{ToLower:{PATH_INFO}}" appendQueryString="true"/>
</rule>
<rule name="LowerCaseRule - HTTP">
<match url="[A-Z]" ignoreCase="false"/>
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true"/>
</conditions>
<action type="Redirect" url="http://{ToLower:{HTTP_HOST}}{ToLower:{PATH_INFO}}" appendQueryString="true"/>
</rule>
Hope this helps someone.
I would like to redirect all traffice coming from http://www.example.com to http://www.mysite.com/badreferer.aspx?bad=true
for this i tried to create a rule in web.config file of http://www.mysite.com in IIS7.
<rule name="bad referer" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_REFERER}" pattern="(.*)example(.*)" />
</conditions>
<action type="Redirect" url="/badreferer.aspx?bad=true" appendQueryString="false" />
</rule>
But having issue with redirect loop.
Please help.
Thanks.
Try this:
<rules>
<rule name="bad referer" stopProcessing="true">
<match url="^(.*)" />
<conditions>
<add input="{HTTP_REFERER}" pattern="http://www.example.com(.*)" negate="true" />
</conditions>
<action type="Redirect" url="http://www.website.com/badreferer.aspx?bad=true" />
</rule>
</rules>
update:
<rule name="bad referer" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<add input="{REQUEST_URI}" pattern="/badreferer\.aspx?bad=true" negate="true" />
<add input="{HTTP_REFERER}" pattern="^www.\example\.com.*" />
</conditions>
<action type="Redirect" url="/badreferer.aspx?bad=true" appendQueryString="false" />
</rule>
I got this rule in URL rewrite that rewrites every request to the site using HTTP to HTTPS
<rule name="Force HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
I need another rule or exception in this role to rewrite back or redirect specific urls to HTTP.
Is that possible?
You can add the exceptions for which you don't want to perform the redirect to HTTPS as extra conditions (not equal to that URL), like so:
<rule name="Force HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{REQUEST_URI}" negate="true" pattern="^/noredirect/forthis/page\.aspx$" ignoreCase="true" />
<add input="{REQUEST_URI}" negate="true" pattern="^/noredirect/forthis/page-as-well\.aspx$" ignoreCase="true" />
<add input="{REQUEST_URI}" negate="true" pattern="^/noredirect/forthis/page-as-well-too\.aspx$" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
Exception rule in Web.config, to not redirect the "NotSecurePage.ashx" to https:
<system.webServer>
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{REQUEST_URI}" matchType="Pattern" pattern="\bNotSecurePage.ashx\b" ignoreCase="true" negate="true" /> <!-- Crystal não suporta imagens https.. Criando exceção para imagens de barcode, utilizadas no crystal -->
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
I'm running IIS7 and I need to setup a redirect in my web config - in the httpRedirect...
What I need to do is up a couple permanent redirect:
- http://www.*.com to http://*.com, and
- http://*.com/test.html to http://*.com/test
Here is a rule for IIS7 that will work for your first requirement. The RedirectType is permanent (301).
<rewrite>
<rules>
<rule name="test" stopProcessing="true">
<match url="^www\.(\w+\.com)$" />
<action type="Redirect" url="http://{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
Your second requirement will require the following rules:
<rewrite>
<rules>
<rule name="RedirectUserFriendlyURL" stopProcessing="true">
<match url="^domain\.com/test\.html$" />
<conditions>
<add input="{REQUEST_METHOD}" negate="true" pattern="^POST$" />
</conditions>
<action type="Redirect" url="domain.com/test" appendQueryString="false" redirectType="Permanent" />
</rule>
<rule name="RewriteUserFriendlyURL" stopProcessing="true">
<match url="^domain\.com/test$" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="domain.com/test.html" />
</rule>
</rules>
</rewrite>
These rules will rewrite http://domain.com/test.html to http://domain.com/test.
You may need to change some of the settings to fit your needs.