IIS url rewrite role except some urls - asp.net

I got this rule in URL rewrite that rewrites every request to the site using HTTP to HTTPS
<rule name="Force HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
I need another rule or exception in this role to rewrite back or redirect specific urls to HTTP.
Is that possible?


You can add the exceptions for which you don't want to perform the redirect to HTTPS as extra conditions (not equal to that URL), like so:
<rule name="Force HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{REQUEST_URI}" negate="true" pattern="^/noredirect/forthis/page\.aspx$" ignoreCase="true" />
<add input="{REQUEST_URI}" negate="true" pattern="^/noredirect/forthis/page-as-well\.aspx$" ignoreCase="true" />
<add input="{REQUEST_URI}" negate="true" pattern="^/noredirect/forthis/page-as-well-too\.aspx$" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>


Exception rule in Web.config, to not redirect the "NotSecurePage.ashx" to https:
<system.webServer>
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{REQUEST_URI}" matchType="Pattern" pattern="\bNotSecurePage.ashx\b" ignoreCase="true" negate="true" /> <!-- Crystal não suporta imagens https.. Criando exceção para imagens de barcode, utilizadas no crystal -->
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>

Related

Web config redirect HTTP and www needs to ignore localhost

I have a Asp.Net web.config redirect rule as follows, which redirects http to https and www to non-www:
<rule name="HTTPS and non-WWW only" stopProcessing="true">
<match url="^(.*)$" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_HOST}" pattern="^www\." ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://woodbid.co.za/{R:1}" />
</rule>
However, it needs to ignore localhost, but the following doesn't work because the conditions are MatchAny, and because it's a combined rule, using MatchAll will cause it to break.
<add input="{HTTP_HOST}" pattern="localhost" negate="true" />
How can I adjust the rule to ignore localhost, or can I rewrite it in some way to place it in the web.release.config?

You are close. Add your input and pattern without negate="true" to a new rule before that one with stopProcessing and no Action.
<rule name="Host Name" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^localhost$" />
</conditions>
<action type="None" />
</rule>
<rule name="HTTPS and non-WWW only" stopProcessing="true">
<match url="^(.*)$" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_HOST}" pattern="^www\." ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://woodbid.co.za/{R:1}" />
</rule>

Splitting the rule into two worked for me:
<rule name="HTTPS" stopProcessing="true">
<match url="^(.*)$" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_HOST}" pattern="localhost" negate="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://woodbid.co.za/{R:1}" />
</rule>
<rule name="Non-WWW only" stopProcessing="true">
<match url="^(.*)$" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="^www\." ignoreCase="true" />
<add input="{HTTP_HOST}" pattern="localhost" negate="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://woodbid.co.za/{R:1}" />
</rule>

web.config rewrite not applying negate attribute

I'm trying to configure a web config to redirect all http traffic to https. But I don't want this to apply when in the dev environment (e.g localhost). The below code I have tried but it's still re-writing to https when on localhost.
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_HOST}" matchType="Pattern" pattern="^localhost(:\d+)?$" negate="true" />
<add input="{HTTP_HOST}" matchType="Pattern" pattern="^127\.0\.0\.1(:\d+)?$" negate="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>

Rewrite rule to HTTPS and WWW except when on localhost

Removed previous post due to my carelessness and posted the live domain.
I've having trouble building a functioning Web.config rule that will direct traffic from http:// to https://www and http://www to https://www and https:// to https://www EXCEPT when on localhost or 127.0.0.1 while I'm doing some development.
Web.config
<rewrite>
<rules>
<clear />
<rule name="Redirect non-www OR non-https to https://www">
<match url=".*" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^example.com$" />
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:0}" redirectType="Permanent"/>
</rule>
</rules>
Updated and working rule, maybe there is something wrong that someone could point out?
<rewrite>
<rules>
<clear />
<rule name="Enforce HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="off" />
<add input="{HTTP_HOST}" matchType="Pattern"
pattern="^localhost(:\d+)?$" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
appendQueryString="true" redirectType="Permanent" />
</rule>
<rule name="Redirect example.com to www.example.com"
enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="^[^www]" />
<add input="{HTTP_HOST}" matchType="Pattern"
pattern="^localhost(:\d+)?$" negate="true" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:1}"
appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>

Possible to exclude subfolder from https rewrite?

I have a webiste that runs https. Now some programmers need a subfoder that has no https.
This is what i have in my web.config right now:
<rule name="HTTP Redirect to HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
We need the folder "wp-content\rest" to be excluded from this https redirect.
In hope someone can help me with this one.

You need to add an additional condition into your rule:
<rule name="HTTP Redirect to HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
<add input="{REQUEST_URI}" pattern="^/wp-content/rest" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
Then this rule will disable redirects to all urls like that http://www.example.com/wp-content/rest*

Web.config URL rewrite - force www prefix and https

I'm trying to enforce https and a www prefix. However my rule doesn't fully work. Here is my rule:
<rewrite>
<rules>
<clear />
<rule name="Force https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://www.mydomain.co.uk/{R:1}" redirectType="Permanent" />
</rule>
<rule name="Force www" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="localhost" negate="true" />
<add input="{HTTP_HOST}" pattern="www.mydomain.co.uk" negate="true" />
</conditions>
<action type="Redirect" url="https://www.mydomain.co.uk/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
It works for redirecting http to https.
it works if I go to https://mydomain.co.uk (redirects to https://www.mydomain.co.uk)
however it DOES NOT work if I go to https://mydomain.co.uk/blah/whatever
Please can somebody advise? Thanks.

These are the rewrite rules that I use for that exact purpose. I've also added a rule to make the URL all lowercase and a rule to remove the trailing slash should one be present. This makes working with Analytics easier since it treats page.aspx and page.aspx/ as different url's. That is why I use ignoreCase=true because then it does not matter if someone uses upper case somewhere since it will be handled later on by the ToLowerCase rule
<rule name="ForceWWW" stopProcessing="true">
<match url=".*" ignoreCase="true" />
<conditions>
<add input="{HTTP_HOST}" pattern="^yoursite.com" />
</conditions>
<action type="Redirect" url="https://www.yoursite.com/{R:0}" redirectType="Permanent" />
</rule>
<rule name="HTTPtoHTTPS" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
<rule name="RemoveTrailingSlash">
<match url="(.*)/$" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="{R:1}" />
</rule>
<rule name="ToLowerCase">
<match url=".*[A-Z].*" ignoreCase="false" />
<action type="Redirect" url="{ToLower:{R:0}}" redirectType="Permanent" />
<conditions>
<add input="{URL}" pattern="WebResource.axd" negate="true" />
<add input="{URL}" pattern="ScriptResource.axd" negate="true" />
</conditions>
</rule>

Here is an example of such web.config -- it will force HTTPS for ALL resources (using 301 Permanent Redirect):
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="HTTP Redirect to HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
<rewrite>
<rules>
<rule name="Redirects to www.example.com" patternSyntax="ECMAScript" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^example.com$" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:0}" />
</rule>
</rules>
</rewrite>
</system.webServer>
Source: https://stackoverflow.com/a/9823208/5740382
For more Details: https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/url-rewrite-module-configuration-reference

Resources