"This webpage is not available" from localhost after SSL removed - asp.net

When I attempt to debug my ASP.NET MVC 5 project I am getting the IIS error "This webpage is not available". Here is the sequence of events that led to this:
The project was originally using SSL and IIS Express and working fine.
I wanted to use Fiddler and saw that Fiddler doesn't (easily) monitor https traffic, so went into the project properties (F4) tab and changed it back to use http.
This is when I started seeing the error "The page can't be displayed". I noticed that even though my ProjectUrl and Start URL in the project properties window was http://localhost:57505, when I debugged, the URL would change to https.
A complication (sorry, I don't remember what it was) prompted me to use Local IIS (IIS 7.5) instead of IIS Express.
I restarted IIS and I decided to get rid of the SSL certificate in IIS but that didn't help.
Because nothing worked I changed the project back to use SSL. Now I am seeing "This webpage is not available" when I debug.
I have rebooted and recycled frequently
I'm not sure what to do next because my project is unusable right now. Any help appreciated.

Did you happen to had an entry in web.config that force a redirection to the HTTPS site?
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="^account/logon$|^account/register$" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
Note that redirectType="Permanent", it will return Permanent Redirect(301) to your browser. This will be cached permanently on your browser so you couldn't access the normal HTTP site even if you've removed this redirection. You will need to manually clear your browser caches to fix it.

If it happens with other projects as well then try to disable windows firewall or any other firewalls on the system and hopefully it should work.
Also try to run the website without fiddler and see if it works.
I had similar problem and it was the firewall causing it.

With HTTPS, you can only have one "web site" per ip_address:port. So https://localhost, https://example.com, it's all the same (modulo certificate errors.)
HTTP, however, allows multiple web sites per ip_address:port pair, via the "HOST" header in the HTTP 1.1 spec. IIS needs to know what site you want, and it defaults to binding the web site to the machine's hostname. (That is probably what is getting you.)
If you just want all requests that resolve to your host (like "localhost") to hit the same web site, edit the site bindings in inetmgr and set "Host Name" to empty string or *.

Related

Default page returns 404 only when using search bot user agent

I have created a website using ASP.NET web pages (not MVC, not web forms).
If I access the default page by mydomain.com in a browser it shows the default page (index.cshtml) fine. However, search engines are seeing a 404 page and if I change my user agent to Googlebot or Bingbot I get a 404 error too.
This only affects the default page - if I use mydomain.com/index.cshtml I don't get the 404 page.
There is no user agent detection in my code.
I have watched the headers and there is no redirections, just an immediate 404 response only when using a bot user agent.
Is there some built-in user agent detection that affects default pages in ASP.NET web pages? Or could my hosting company be doing something (Arvixe)?
I can add code if it helps (but not sure what code I would add), or link to the web site.
I found the cause of the problem.
Apparently Arvixe websites have been hacked. The hackers inserted some code in web.config that displayed a different URL in place of the home page for bots only...
<rewrite>
<rules>
<rule name="1" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^$" ignoreCase="true" negate="false" />
<conditions logicalGrouping="MatchAny" trackAllCaptures="false">
<add input="{HTTP_USER_AGENT}" pattern="Googlebot|Yahoo|MSNBot|bingbot" />
</conditions>
<action type="Rewrite" url="bot.asp" />
</rule>
</rules>
</rewrite>
I did see title/description for sports jerseys in Bing search for my website which is why I was investigating this.
From a search it appears this has affected lots of Arvixe customers, most will probably never know as they are unlikely to see their website with a search bot user agent.
It looks like Arvixe were aware of the hacking and have already put a stop to this by removing the spam file (bot.asp or bot.php) but they have not fixed the web.config. If you have shared hosting with Arvixe you should check for this now.
You should also check your Google search console/analytics accounts for owners/users added as some have reported this too, although you would have got an email warning of this.
I changed all my Arvixe passwords but I doubt they got individual account passwords, they probably hacked at the server level.

How to make a website work only with https [duplicate]

This question already has answers here:
How to force HTTPS using a web.config file
(10 answers)
Closed 7 years ago.
How do I make a website to work only with https? Is there any method to make my website work only if the protocol is https?
For example let me say http://www.mywebsite.com, this should work only with https://www.mywebsite.com, if it's http the website should not be accessible .
Is it possible to make a website work only with https? Is it possible to restrict a website /make a website inaccessible if the website was http?
Sure, assuming you are using IIS to host your site, open IIS Manager and select your web site and then binding on the right:
make sure you only have a binding for https not for http.
This way IIS will only send https traffic to that web site.
Edit: What is the difference between Andre's answer Require SSL and mine?
using Require SSL, when users requesting http:// they will get a:
403 - Forbidden: Access is denied.
When using only an https binding, no connection is made at all and the user eventually gets:
ERR_CONNECTION_TIMED_OUT
It's up to you which option you prefer.
I usually have a catch-all site on all servers that respond to any requests not picked up by real sites and just displays a basic 404 page.
The third option is to actually allow http:// but then redirect to https:// as mentioned in the comments. For that solution you have to install the URL rewrite module and add a redirect rule.
My single binding option is the leanest, but it all depends on how you want you site to handle http:// requests.
Create Rule in your web.config which will force to open in https only as shown below
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
For IIS? Start the IIS Manager, click on your site and double click "SSL Settings" and check "Require SSL".
What I have done using Apache: add redirect from http to https

IIS localhost is redirecting to the live server instead of showing local aspx files

I need to redesign a site front-end to make it responsive, the site is based on C# and ASPX. I am familiar with working PHP local development environment by using WAMP so for this case I installed visualstudio web express because of its IIS server features for testing local development.
The client sent the folder from its ftp for me to work on so I have everything ready but the problem which I am facing is that when I try to right-click on the website folder from the solution explorer to view in the browser the localhost is redirecting to the actual live site which is running on the server instead of taking me to the localhost with local files so that I can have a view of my modification and changes.
I am unable to figuring out the problem may be there is something I need to change or replace in the webconfig file. I am working in asp environment for the first time your help and guidance in this regard will be very appreciated.
Many thanks.
I had this same problem just now as well as two or three times before and haven't pinned down a clear cut resolution, though I've tried removing redirects, checking the Global.asax, commenting out default document files in the Web.config, etc. I'm mainly working in Chrome on Windows 7, and after I cleared Chrome's cache localhost started working for me again. I don't know if the answer is as simple as that or if the solution comes from some combination of things. All I know is nothing else seemed to work, then clearing the browser cache did.
PROBLEM
I was facing this problem because I wrote this rule inside webconfig file.
<rules>
<rule name="CanonicalHostNameRule1">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www.abc\.com$" negate="true" />
</conditions>
<action type="Redirect" url="www.abc.com/{R:1}" />
</rule>
</rules>
And because of this when I debug the solution the localhost is replaced with www.abc.com
SOLUTION
Just remove this rule if written
WHY USE RULE
These rules are used when you want to customize the url ,you can read further about Url Rewrite here
Redirecting to the live site from visual studio or localhost can be caused by a faulty url rewrite rule in the site web config. Even if the rule is deleted, the browser may cache the rule if it is a permanent redirect, and therefore clearing the browser cache and fixing the faulty rule can be a viable solution.
See article
https://theludditedeveloper.wordpress.com/2016/01/06/iis-url-rewrite-gotcha-2/
For me it was because the web.config had a rewrite rule added in it for SSL purpose. However, once I removed it, it still kept me redirecting to the live site. I wasted couple of hours searching the code without anything making sense. And then it turned out that the cache was the issue as the browser was still doing the redirection. So, I cleared the cache and it was solved.

Run two web sites on same port on IIS 7.5?

We need to be able to run two versions of one ASP.net web application on the same intranet server and port number, but with one mapped to / and the other mapped to /experimental (not real names, but close enough).
C:\inetpub\wwwroot\Version1 => http://test1.organization.com/
C:\inetpub\wwwroot\Version2 => http://test1.organization.com/experimental
The first URL has already been exposed to some beta users and therefore needs to be kept somewhat stable. The second will contain experimental code that only users going to /experimental will see. We don't have the option of using a different server or a different port.
I've achieved this in the past by having / mapped to a site under Sites in IIS, then adding the second site as an application underneath it, and aliasing it to /site2.
Server
Sites
Default Web Site <= physical path mapped to first version and /
/ Application1 <= nested application mapped to second version and /experimental
However, this seems sloppy. Would it be cleaner to do this with a rewrite rule or with ARR? If so, how?
A combination of ARR and rewrite rules will solve this nicely. Here are the steps to follow:
Download and install ARR http://www.iis.net/download/ApplicationRequestRouting
In IIS Manager, select your machine in the Connections pane, double-click the Application Request Routing feature in the IIS section, click on the "Server Proxy" link in the Actions pane, then check the "Enable proxy" checkbox and choos the Apply action.
Change the bindings of your two existing websites, for instance, bind the Released website to port 81, and the Experimental website to port 82.
Create a new website and app pool, and bind it to http:*:80:. Name it "Default Web Site". Point its physical path to "%SystemDrive%\inetpub\DefaultWebSite"
Create a web.config file for the "Default" website, and write your routing rules there:
<rules>
<rule name="Reverse Proxy for Experimental" stopProcessing="true">
<match url="^.*/experimental/.*" />
<action type="Rewrite" url="http://{HTTP_HOST}:82/{R:0}" />
</rule>
<rule name="Reverse Proxy for Release" stopProcessing="true">
<match url=".*" />
<action type="Rewrite" url="http://{HTTP_HOST}:81/{R:0}" />
</rule>
</rules>
You may have to fiddle somewhat with your rewrite rules, you can experiment using the URL Rewrite Module applet on IIS, and read more about it here: http://learn.iis.net/page.aspx/500/testing-rewrite-rule-patterns/ For further help be sure and browse Ruslan Yakushev's blog: http://ruslany.net/
This will give you three completely separate websites, accessibly through a single facade on port 80 (though of course you can hit each website directly on port 81 and 82 if you need to: http://localhost:81/default.aspx, for example).
Can you run one of the sites at a different subdomain, say test1.organization.com and beta1.organization.com? If so then you can set them both up as top-level websites in IIS and set the Host Name on each Site Binding so they can both run on the same IP address and port.

Enabling SSL in asp.net 4.0 and IIS 7.5

I have created an asp.net 4.0 project. I want to enable SSL for it. Do I need to map this web project to new website in IIS. When I try to create a new website, I get:
The binding '*:80:' is assigned to another site. If you assign the same binding to this site, you will only be able to start one of the sites. Are you sure that you want to add this duplicate binding?
I am trying to follow the following posts:
http://weblogs.asp.net/scottgu/archive/2007/04/06/tip-trick-enabling-ssl-on-iis7-using-self-signed-certificates.aspx
http://mscrm4humans.wordpress.com/2010/06/24/enabling-ssl-on-iis-7-0-using-self-signed-certificates/
my IIS is 7.5.7600....
I am totally new to SSL in asp.net. Please suggest solution to this issue.
Whilst it is possible to configure host headers to do what you're after, the easy way is to configure your new site with a different IP address.
Add the new IP address to the server, then setup your binding for the new site to the new IP address on port 80 and 443. Set the app pool to run using .NET 4, then for a nice touch you could add a URLRewrite rule to push all non-SSL traffic to HTTPS by sticking this in your web.config:
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
</system.webServer>
Or if you wanted to force SSL then just tick the Force SSL option in IIS for the site.
It sounds like you already have a site setup on port 80. Your IIS probably has a Default Web Site setup. If you're not using that site, you can delete it before you follow the steps in Scott Guthrie's blog post and that should clear up the issue.
If you are using the Default Web Site, change your new site's port to 81 when you create it. You can change the port in the screen shown by the second image in Scott Guthrie's blog post.
If you want to prevent any non-ssl traffic from reaching your new site, you should delete the binding on port 80 (or 81) after you've finished setting everything up.
To use SSL you must:
Have a separate website in IIS
This website must have a separate IP address which will be bound on port 443
You cannot use host headers to host separate websites in IIS and use SSL.
Check this article for more help:
http://learn.iis.net/page.aspx/144/how-to-set-up-ssl-on-iis-7/

Resources