I am trying to achieve following redirect.
https://abc.com to http://www.abc.com
I have already used following redirect rule, which works fine for http non-www to http www redirect, but it is not working for https non-www to http www redirect.
<rule name="HttpsTOHttpRedirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{CACHE_URL}" pattern="^https://abc.com" />
</conditions>
<action type="Redirect" url="http://www.abc.com{REQUEST_URI}" />
Please help me out.
Your rule to remove www may work but you can optimize it.
To get what you want you will need those 2 rules:
<rule name="Redirect to HTTP" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="^ON$" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{R:0}" />
</rule>
<rule name="Add www if missing">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\." negate="true" />
</conditions>
<action type="Redirect" url="http://www.{C:0}/{R:0}" />
</rule>
The first rule redirects using http if it was a https request (using a back reference to keep the original url: {R:0}).
The second rule appends www when it is missing (using 2 back references to keep the original url: {R:0} and {C:0}).
Related
I have requirement in which i am redirecting any http request to https i.e http://test.amey.com/sitename to https://test.amey.com/sitename
To achive this i am applying following rule in IIS url rewrite
<rule name="HTTP to HTTPS Redirect" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/sitename" />
</rule>
The above rule works fine which redirects any http request to https.
But I have another requirement in which i want to redirect https request to http for certain pages and anything below it i.e
https://test.amey.com/sitename/reports/index - (where reports is controller name and index being action method)
to >
http://test.amey.com/sitename/reports/index
Reports have more pages under this directory, so i want to apply rule anything under reports should redirect to http i.e
https://test.amey.com/sitename/reports/sales
to
http://test.amey.com/sitename/reports/sales
https://test.amey.com/sitename/reports/weeklysale to http://test.amey.com/sitename/reports/weeklysale
I have been looking for solution for sometime but can not figure anything out. Any help will be great advantage.
Thank You
Solution below always redirect user to Https but with exception of some pages defined in condition.
<rule name="Redirect to HTTPS">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="OFF"/>
<add input="{URL}" pattern="(.*)reports" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{HTTP_URL}" redirectType="Permanent" appendQueryString="false" />
</rule>
<rule name="Redirect to HTTP">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="ON"/>
<!-- condition below will satisfy that any URL request containing Reports will redirect to http -->
<add input="{URL}" pattern="(.*)reports" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}{HTTP_URL}" redirectType="Permanent" appendQueryString="false" />
</rule>
I need to have both https and non-www rewrites, while also NOT HARDCODING the domain, since we have numerous servers. This needs to be in the web.config, not in IIS.
I've read numerous articles:
http://www.iis.net/learn/extensions/url-rewrite-module/url-rewrite-module-configuration-reference
http://madskristensen.net/post/url-rewrite-and-the-www-subdomain
how to set asp.net web.config rewrite http to https and www to non-www
The https rewrite works, the non-www does not.
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
<rule name="Remove WWW" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<!--<add input="{CACHE_URL}" pattern="*://www.*" />-->
<!--<add input="{HTTP_HOST}" pattern="*://www.*" />-->
<add input="{HTTP_HOST}" pattern="^.*www.*" />
</conditions>
<action type="Redirect" url="https://{SERVER_NAME}/{R:1}" redirectType="Permanent" />
// i've also tried
// url="{C:2}/{R:1}"
// url="{C:1}/{C:2}"
</rule>
I tested the regex for ^.*www.* on a regex tester and it was matching www.testing.com but not testing.com - so I would assume the pattern would catch it.
I need the URLs to redirect from:
testing.com ---> https://testing.com
www.testing.com ---> https://testing.com
www.testing.com/xyz/ ---> https://testing.com/xyz/
Was my own issue - there was no DNS for the www, therefore the redirect wouldn't resolve on it's own.
Code used:
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)"/>
<conditions>
<add input="{HTTPS}" pattern="^OFF$"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent"/>
</rule>
<rule name="Remove WWW" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{CACHE_URL}" pattern="*://www.*" />
</conditions>
<action type="Redirect" url="{C:1}://{C:2}" redirectType="Permanent" />
</rule>
Add a "Canonical domain name" rule.
The soulution Rob found works fine as well. Mine seems to be a bit easier IMHO.
How would I modify this rule to include non-www to www redirect?
<rule name="Force Https" stopProcessing="true">
<match url="healthcheck.html" negate="true" />
<conditions>
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
Is there a better way to force HTTPS sitewide? I am using ASP.NET MVC 5 on IIS 8.5
I think you just need to add another rule where it checks if the HTTP_HOST variable just contains your host without the www. prefix, and redirect if so:
<!-- You first rule. Note stopProcessing is now false. -->
<rule name="Force Https" stopProcessing="false">
<match url="healthcheck.html" negate="true" />
<conditions>
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
<!-- Additional rule. -->
<rule name="Force WWW" stopProcessing="true">
<match url="healthcheck.html" negate="true" />
<conditions>
<add input="{HTTP_HOST}" pattern="^yourdomain\.com"/>
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://www.{HTTP_HOST}{REQUEST_URI}" />
</rule>
Just change yourdomain.com above to your actual host domain name.
To answer your other question, I think URL redirect (through URL Rewrite) is the simplest way to force HTTPS without returning a 403 to your users who still try to access your site via HTTP.
UPDATE
In response to your comment regarding the double 301, you could try this single rule. I do not have my laptop at home to verify, but I think this will work:
<!-- This rule will capture any http request regardless of the 'www.' prefix in the URL -->
<rule name="Force Https" stopProcessing="true">
<match url="healthcheck.html" negate="true" />
<conditions>
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" />
</conditions>
<action type="Redirect" url="https://www.yourdomain.com{REQUEST_URI}" redirectType="Permanent" />
</rule>
<!-- This rule will capture https request that does not have the 'www.' prefix in the URL -->
<rule name="Force WWW Prefix" stopProcessing="true">
<match url="healthcheck.html" negate="true" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" />
<add input="{HTTP_HOST}" pattern="^yourdomain\.com$"/>
</conditions>
<action type="Redirect" url="https://www.yourdomain.com{REQUEST_URI}" redirectType="Permanent" />
</rule>
There's lots of questions here about redirecting http to https so I figured it would be easy to reverse the process. However, everything I've tried hasn't worked.
I'm trying to combine the rule with my canonical host name rule (it's the first rule, at the top of the rewrite rules):
<rule name="CanonicalHostName" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="^ON$" />
<add input="{HTTP_HOST}" negate="true" pattern="^www\.example\.com|example-staging\.azurewebsites\.net$" />
</conditions>
<action type="Redirect" url="http://www.example.com/{R:1}" redirectType="Permanent" />
</rule>
The site is hosted on Azure and DNS is with CloudFlare if that makes any difference, I'm sure it shouldn't.
Any ideas what I'm doing wrong / might be preventing the https to http part of the rule working? (the host name part works fine)
CloudFlare
It seems the reason you cannot redirect away from SSL is because you are using CloudFlare. CloudFlare at a minimum uses flexible SSL. This means that the end user, browser shows the SSL lock but your server doesn't need SSL. See documentation here: https://www.cloudflare.com/ssl
Without CloudFlare the following example should work.
No CloudFlare
The following rule should work. You could still add your negate in if you want.
<rule name="HTTPS to HTTP redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="http://{HTTP_HOST}/{R:1}" />
</rule>
Full rewrite section for my working demo site.
<rewrite>
<rules>
<rule name="CanonicalHostNameRule1">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\.ashleymedway\.com$" negate="true" />
</conditions>
<action type="Redirect" url="http://www.ashleymedway.com/{R:1}" />
</rule>
<rule name="HTTPS to HTTP redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="on" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{R:1}" redirectType="Found" />
</rule>
</rules>
</rewrite>
Your redirect is still http:
url="http://www.example.com/{R:1}"
You can follow these instructions: Click Here
Additional information: Here
I'm trying to rewrite urls from the form:
https://example.com/about
to the form
http://example.com/about
using IIS7 URL rewriting:
<!-- http:// to https:// rule -->
<rule name="ForceHttpsBilling" stopProcessing="true">
<match url="(.*)billing/(.*)" ignoreCase="true" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="false" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{REQUEST_URI}" />
</rule>
<!-- https:// to http:// rule -->
<rule name="ForceNonHttps" stopProcessing="true">
<match url="(.*)billing/(.*)" ignoreCase="true" negate="true" />
<conditions>
<add input="{SERVER_PORT}" pattern="^443$" />
</conditions>
<action type="Redirect" redirectType="Found" url="http://{HTTP_HOST}{REQUEST_URI}" />
</rule>
I'm at a loss; I've been browsing the web for examples and trying every syntax I can think of. The rewrite rules I specify simply don't appear to work at all for any https requests, as if all the https:// requests are flat out invisible to the rewrite engine.
rules work fine; see answer below.
Turns out that I had port :443 bound to a different website!
The above rewrite rules work fine for http:// to https:// rewriting and vice-versa -- though there might be more optimal or simple ways to do it.
Leaving this question here for future voyagers to find, as I didn't see many good examples of the https:// to http:// rewriting scenario on the web.
This post is a little old, but I wanted to answer. I am using ASP.Net MVC3, and Fabio's answer above didn't work for me. The easiest solution I came up with to handle the https redirect to http, while still allowing valid https pages to request secure content was just to add Whitelist rules above my https/http redirects:
<rule name="WhiteList - content folder" stopProcessing="true">
<match url="^content/"/>
<conditions logicalGrouping="MatchAll" trackAllCaptures="false"/>
<action type="None"/>
</rule>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)billing/(.*)" ignoreCase="true" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/billing/" redirectType="SeeOther" />
</rule>
<rule name="ForceNonHttps" stopProcessing="true">
<match url="(.*)billing/(.*)" ignoreCase="true" negate="true" />
<conditions>
<add input="{SERVER_PORT}" pattern="^443$" />
</conditions>
<action type="Redirect" redirectType="Found" url="http://{HTTP_HOST}{REQUEST_URI}" />
</rule>
please first consider binding https to your website for making below redirect module to work is essential (so bind your web app with a self-signed or valid certificate)
final part in web.config to redirect https to http:
<rewrite>
<rules>
<rule name="Force NonHTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="on" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{REQUEST_URI}" />
</rule>
</rules>
</rewrite>
if you need the equivalent IIS GUI in rewrite module see below image
source: look tech-net for more detail and step by step guide.
Your solution work, but the problem is: your second instruction kill first instruction for any links is not (.)billing/(.), including your css, js, and images.
You can use this https to http rule:
<rule name="HTTPS to HTTP redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{RequiresSSL:{R:1}}" pattern="(.+)" negate="true" />
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
<add input="{REQUEST_URI}" pattern="^(.+)\.(?!aspx)" negate="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="http://{HTTP_HOST}/{R:1}" />
</rule>