I have this site lets call it www.mysite.com I use the sight to show users some images. for example : user will request an image as below(Encrypted of course)
for example mysite.com/download.aspxid?123123admaodko39032l2k
mysite.com/content/images/1.jpg (After Encryption)
The problem I am having is that once I do a Response.Redirect("mysite.com/content/images/1.jpg",false) after unencrypting the url the url I am directed to is
mysite.com/mysite.com/content/images/1.jpg
notice how mysite.com is repeated twice.
I am not sure if any trick is done from the IIS configuration.
Remove mysite.com from the url.
Response.Redirect("content/images/1.jpg",false)
Related
Let say the situation is
User type "http://siteA.com" without pagename or querystring in the browser's address bar then click "Go"
IIS receives the request and redirect it to "https://siteB.com/page1.aspx?id=1234"
IIS receives the response from "https://siteB.com/page1.aspx?id=1234"
IIS rewrites the url to "http://siteA.com/home" so users will see this url in their address bars.
At this state, any links on "http://siteA.com/home" must have http://siteA.com as domain name in URLs. Users should see the links like below links
http://siteA.com/page2.aspx
http://siteA.com/page3.aspx
page1.aspx, page2.aspx, and page3.aspx are actually hosted on https://siteB.com
How many rewrite rules do I need? How to write those? How to set up ARR? Any working examples would be helpful.
You asked a lot of questions at once, but in summary, you don’t know much about URL rewriting. So I suggest you take a look at the Microsoft documentation: URL Rewrite Module
I have a Wordpress website and want to have in form of https://website.com. When I test it on GTmertix in form of http://www.website.com, I receive multiple landing page redirects like this:
Avoid landing page redirects for the following chain of redirected URLs.
http://www.website.com/
http://website.com/
https://website.com/
I have set the base domain on https://website.com format in Wordpress, and also I have done many things on .htaccess file to redirect http to https, but could not solve this issue.
May you help me please?
Without the domain, it is difficult to diagnose (and even then it may be difficult without seeing your .htaccess). Something is obviously redirecting http://www.example.com to http://example.com rather than directly to HTTPS.
You could try looking further up the chain, such as at your domain registrar/DNS provider. If you are behind a proxy like Cloudflare, I'd also be curious if this happens when you add the instance's IP address in your hosts file and try connecting directly - that would at least determine if the issue exists on the host itself or further up the chain.
I have the following scenario. I have a website in IIS 8 and I am trying to secure it (https). I have made the web with web forms. In the process to secure it I have to change the page at the beginning (default page in the IIS administrator). When I do it, I don't get the change and I go to the website that was set by default.
I have seen the log and when trying to access the new homepage it gives an error 302 (object moved). I have seen the response header and I see that the location is configured with the old home page.
Example:
Old default page: www.namedomain.com/start.aspx
New default page: www. namedomain.com/home.aspx
The new website has as in the response header: location = /start.aspx and as I said before when trying to access it gives error 302.
Thanks.
There's a few things going on here, "securing" the site with HTTPS and also potentially <authentication mode="Forms"> in your web.config where it will try and redirect any unauthorised requests to a login page. It seems like you are just doing the HTTPS though at this stage, and maybe trying to set up a redirect from HTTP to HTTPS?
It sounds like you are also trying to change the default page for the website (in IIS or the web.config?) from default.aspx to home.aspx? I'm not sure I understand why you want to do that as it isn't necessary for HTTPS, but the effect of that will mean you can go to https://www.namedomain.com/ and you will get served the content from home.aspx instead of start.aspx (or default.aspx) but the URL will stay as just https://www.namedomain.com/
Normally to set up HTTPS, all you do is go into IIS, Bindings, and add a HTTPS binding (you'll need a TLS certificate to make the https work properly). then just make sure you include the "https://" at the start of your URL.
If you think it might be caching problem on your machine, just add a nonsense querystring to the end of your URL (like https://www.namedomain.com?blah=blahblah) and it will cause your browser to get a fresh copy of the page.
I'm not sure what is causing the 302 redirect, have you added any special code to swap HTTP requests over to HTTPS? Can you update your answer with any more info?
Yes, it is what I put in my last comment Jalpa. I do not understand very well the relationship between not configuring the session variables and the default page but once corrected in code, the application correctly loads the web by default.
The user has an option to enter hyperlinks which are persisted to the database, and then subsequently rendered to a Razor template. Where the user does not specify http://, however, the link is malformed; for example www.test.com renders as http://ourdomain.com/www.test.com.
How should we handle this?
The best thing to do is to run a regular expression on each hyperlink before you save it in the database. If it does not have http:// or https:// then I would just add http:// in front. All https sites will redirect http to https but most sites that do not support https won't smoothly redirect https to http.
An example of a possible regex is:
^(http|https)://
You want to be careful to only replace the http:// or https:// thats at the verify beginning of the string in case those values are used in url parameters
I'm trying to create a web browser using Cocoa and Swift. I have an NSTextField where the user can enter the website he wants to open and a WebView where the page requested is displayed. So far, to improve the user experience, I'm checking if the website entered by the user starts with http:// and add it if it doesn't. Well, it works for most of the cases but not every time, for example when the user wants to open a local web page or something like about:blank. How can I check if adding http:// is necessary and if I should rather add https:// instead of http://?
You need to be more precise in your categorization of what the user typed in.
Here are some examples and expected reactions:
www.google.com: should be translated into http://www.google.com
ftp://www.foo.com: Should not be modified. Same goes to file:// (local)
Barrack Obama: Should probably run a search engine
about:settings: Should open an internal page
So after you figure out these rules with all their exceptions, you can use a regex to find out what should be done.
As for HTTP vs. HTTPS - if the site supports HTTPS, you'll get a redirect response (307 Internal Redirect, 301 Moved Permanently etc) if you go to the HTTP link. So for example, if you try to navigate to http://www.facebook.com, you'll receive a 307 that will redirect you to https://www.facebook.com. In other words, it's up to the site to tell the browser that it has HTTPS (unless of course you navigated to HTTPS to begin with).
A simple and fairly accurate approach would simply be to look for the presence of a different schema. If the string starts with [SomeText]: before any slashes are encountered, it is likely intended to indicate a different schema such as about:, mailto:, file: or ftp:.
If you do not see a non-http schema, try resolving the URL as an HTTP URL by prepending http://.