I installed IIS URL Rewrite 2.0 and add a rule to redirect all http links to https. Here is my Web.Config Code:
<rewrite>
<rules>
<rule name="REdirect To HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
Everything looks fine. But when I access my website using http, it throws 403 error.
403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.
TLS 1.0 is enabled with IIS 7.5.
Where I can get more info on exactly what type of 403 error it is?
SSL was enabled in IIS. I just read somewhere that in SSL Settings Require SSL need to be unchecked when using URL Rewrite 2.0.
I deselect the Require SSL and click Apply. Its working fine now.
I was getting the same error; here was my solution, in case it helps others.
My rule was rewriting URLs coming in to the Default Web Site's root application ("/") to "/public", but I was getting a 403 error. The "/public" application worked fine if I requested it directly, and it also worked fine if I disabled the rewrite rule, so permissions there were not the issue.
"Require SSL" was not checked, as noted in an earlier answer.
Looking at the IIS log file, I found that the specific flavor of error was 403.18 - "Cannot execute requested URL in the current application pool".
The web site's root application needs to be assigned the same application pool as the application you're sending the request to.
Its not sure if this will help but I see your rule is not enabled
<rule name="Redirect to https" enabled="false" stopProcessing="true">
Related
I have an ASP.Net application being hosted on a webserver with Plesk installed.
The application is hosted on a sub-domain (webapp.website.com) and the link to login to the system is supplied through the main domain website, so I haven't noticed this up until now.
If you type in webapp.website.com or http://webapp.website.com the website will connect to an unsecured page with the following error:
Server Error
403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.
If you manually type in https://webapp.website.com (which is what the link is setup to do) the app connects just fine and works as expected.
I have enabled Permanent Redirect to HTTPS in Plesk, and have manually written a redirect rule in IIS Manager, but for some reason it seems to be ignoring this rule because the server connection is failing in HTTP and displaying the Server Error page instead.
How can I resolve the redirect issue to either stop the error on HTTP, or for it to skip over and redirect to HTTPS?
I suspect there may be a problem with your rules, you can try the following rules:
<rewrite>
<rules>
<rule name="Test" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="OFF" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" />
</rule>
</rules>
</rewrite>
This rule will redirect all http requests to https.
I have ASP.NET MVC site on IIS 7.5/Windows Server 2008 R2. Site have a set of http bindings to different domains, such as domain1.test.dev.com. domain2.test.dev.com, 10 bindings in total. They all are doing well, except one. Every request for an image(jpg, gif, png) returns 404 for this single binding. So entire layout has been loaded, all others requests feel good, but all images are broken with error 404 Not Found. There are no https bindings, they all are using http, port 80 and IP Address is 'All Unassigned'.
Could anyone help please?
The answer is found. There was an additional web.config file in ~/Images directory. This config contained specific redirection rule for one of the domain, so for this domain I saw 404, and others worked great. An additional web.config appeared in ~/Images directory accidentally, because of missclicking
in URL Rewrite module on the IIS. Some time ago we have used such redirections for demo and removed them after that. The redirection rule in web.config was a kind of:
<system.webServer>
<rewrite>
<rules>
<rule name="ProductionRedirectDomain1" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{CACHE_URL}" pattern="*domain1.test.dev.com*" />
</conditions>
<action type="Redirect" url="{C:1}domain1.com{C:2}" />
</rule>
</rewrite>
</system.webServer>
The bug has disappeared after removing a redundant config. Thanks, everybody!
I have URL Rewrite rule in IIS 10 to enforce all http request to https this way and it works perfect.
<rewrite>
<rules>
<rule name="HTTP/S to HTTPS Redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{SERVER_PORT_SECURE}" pattern="^0$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
Here comes the twist..
I am hosting one ClickOnce application on the same server and when installer try to download the application then it gives error
URLDownloadToCacheFile failed with HRESULT '-2146697202' Error: An error occurred trying to download
Although URL is propery accessed via browser which is mentioned in this error.
As per microsoft documents error description is
if the setup URL of the ClickOnce application being installed is redirected from a non-secure to a secure site (or vice-versa), the installation will fail because the Internet Explorer warning interrupts it.
** Installer is using IE internally to download the manifest file
Now to tackle this situation I have made IP binding with my site in IIS so i would access the file with IP but when I do access the site with IP then the above rule also trigger for it and redirects to HTTPS and browser give an error again because hostname mismatch in SSL Certs. I want to bypass this redirect rule for my site when it browsed with IP.
I donot know how I can modify the above rule by having additional condition or what will be the new rule to bypass this https redirection when access via IP.
EDIT: https://dpaste.de/xWJE Here is full webconfig with suggested fix by #Kul Tgin
Here is my web.config redirect rule:
<rewrite>
<rules>
<rule name="Redirect from old page">
<match url="^oldpage.aspx" />
<action type="Redirect" url="pages/newpage.aspx" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
On localhost this redirect rule works just fine.
When I publish the config file to IIS, the redirect rule seems to break the web application. Every page I try to go to returns a 500 error.
Note: the web application uses an IP addresses instead of domain name.
Example: I want to redirect http://192.168.168.255:44/oldpage.aspx?queryString=parameter to http://192.168.168.255:44/newpage.aspx?queryString=parameter but I receive a 500 error. Even if I want to visit http://192.168.168.253, I receive a 500 error.
IIS says to:
Delete the malformed XML element from the ApplicationHost.config file or from the Web.config file.
However, I can't identify what is malformed about this redirect rule. It works just fine in the localhost. Should I include the full IP address in the match url node? If so, how would I format that?
Are you sure the IIS Rewrite module is also installed on the server? If not IIS will not recognize the Rewrite Node and give a 500 error.
http://www.iis.net/downloads/microsoft/url-rewrite
I am using the Rewrite Module on IIS 7.
When I restart the Application Pool I get a Authentication Required window that doesn't except any credentials that it is given and when you click cancel it goes to a 401 unauthorized page.
The rewrite rule sends the request to an ashx page in a virtual directory (_assets).
How can I resolve this strange behavior?
Anonymous is turned on and it works fine.
The following is the rewrite rule we are using:
<rewrite>
<rules>
<rule name="Loader" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^[a-z0-9\-\/]*$" negate="false" />
<action type="Rewrite" url="/_assets/includes/load.ashx?q={UrlEncode:{REQUEST_URI}}" appendQueryString="false" />
</rule>
</rules>
</rewrite>
I can get past the weird login by going to /.reset. This causes a 500 error and then the site is available again.
Note: Our application pools restart nightly.
I found a forum post that outlines a problem pretty similar to yours (it also outlines how they managed to fix it). Hopefully it helps you sort out the issue!