I'm trying to rewrite urls from the form:
https://example.com/about
to the form
http://example.com/about
using IIS7 URL rewriting:
<!-- http:// to https:// rule -->
<rule name="ForceHttpsBilling" stopProcessing="true">
<match url="(.*)billing/(.*)" ignoreCase="true" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="false" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{REQUEST_URI}" />
</rule>
<!-- https:// to http:// rule -->
<rule name="ForceNonHttps" stopProcessing="true">
<match url="(.*)billing/(.*)" ignoreCase="true" negate="true" />
<conditions>
<add input="{SERVER_PORT}" pattern="^443$" />
</conditions>
<action type="Redirect" redirectType="Found" url="http://{HTTP_HOST}{REQUEST_URI}" />
</rule>
I'm at a loss; I've been browsing the web for examples and trying every syntax I can think of. The rewrite rules I specify simply don't appear to work at all for any https requests, as if all the https:// requests are flat out invisible to the rewrite engine.
rules work fine; see answer below.
Turns out that I had port :443 bound to a different website!
The above rewrite rules work fine for http:// to https:// rewriting and vice-versa -- though there might be more optimal or simple ways to do it.
Leaving this question here for future voyagers to find, as I didn't see many good examples of the https:// to http:// rewriting scenario on the web.
This post is a little old, but I wanted to answer. I am using ASP.Net MVC3, and Fabio's answer above didn't work for me. The easiest solution I came up with to handle the https redirect to http, while still allowing valid https pages to request secure content was just to add Whitelist rules above my https/http redirects:
<rule name="WhiteList - content folder" stopProcessing="true">
<match url="^content/"/>
<conditions logicalGrouping="MatchAll" trackAllCaptures="false"/>
<action type="None"/>
</rule>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)billing/(.*)" ignoreCase="true" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/billing/" redirectType="SeeOther" />
</rule>
<rule name="ForceNonHttps" stopProcessing="true">
<match url="(.*)billing/(.*)" ignoreCase="true" negate="true" />
<conditions>
<add input="{SERVER_PORT}" pattern="^443$" />
</conditions>
<action type="Redirect" redirectType="Found" url="http://{HTTP_HOST}{REQUEST_URI}" />
</rule>
please first consider binding https to your website for making below redirect module to work is essential (so bind your web app with a self-signed or valid certificate)
final part in web.config to redirect https to http:
<rewrite>
<rules>
<rule name="Force NonHTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="on" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{REQUEST_URI}" />
</rule>
</rules>
</rewrite>
if you need the equivalent IIS GUI in rewrite module see below image
source: look tech-net for more detail and step by step guide.
Your solution work, but the problem is: your second instruction kill first instruction for any links is not (.)billing/(.), including your css, js, and images.
You can use this https to http rule:
<rule name="HTTPS to HTTP redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{RequiresSSL:{R:1}}" pattern="(.+)" negate="true" />
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
<add input="{REQUEST_URI}" pattern="^(.+)\.(?!aspx)" negate="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="http://{HTTP_HOST}/{R:1}" />
</rule>
Related
I have requirement in which i am redirecting any http request to https i.e http://test.amey.com/sitename to https://test.amey.com/sitename
To achive this i am applying following rule in IIS url rewrite
<rule name="HTTP to HTTPS Redirect" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/sitename" />
</rule>
The above rule works fine which redirects any http request to https.
But I have another requirement in which i want to redirect https request to http for certain pages and anything below it i.e
https://test.amey.com/sitename/reports/index - (where reports is controller name and index being action method)
to >
http://test.amey.com/sitename/reports/index
Reports have more pages under this directory, so i want to apply rule anything under reports should redirect to http i.e
https://test.amey.com/sitename/reports/sales
to
http://test.amey.com/sitename/reports/sales
https://test.amey.com/sitename/reports/weeklysale to http://test.amey.com/sitename/reports/weeklysale
I have been looking for solution for sometime but can not figure anything out. Any help will be great advantage.
Thank You
Solution below always redirect user to Https but with exception of some pages defined in condition.
<rule name="Redirect to HTTPS">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="OFF"/>
<add input="{URL}" pattern="(.*)reports" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{HTTP_URL}" redirectType="Permanent" appendQueryString="false" />
</rule>
<rule name="Redirect to HTTP">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="ON"/>
<!-- condition below will satisfy that any URL request containing Reports will redirect to http -->
<add input="{URL}" pattern="(.*)reports" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}{HTTP_URL}" redirectType="Permanent" appendQueryString="false" />
</rule>
Pretty new to this, but trying hard to understand.
I was able to redirect non-www to www, and http to https, but now I need to redirect a domain pointer to the primary. i.e. Domain2.com to Domain1.com. I am concerned about the URL chain and taking a hit on SEO. Should I put the domain redirect before the WWW\https one?
<rule name="Force WWW and SSL" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^[^www]" />
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://www.domain1.com/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
<!-- Just add this? Should it go in front of the other? -->
<rule name ="Redirect Domain2 to Domain1" enabled="true">
<match url="(.*)" ignoreCase="true" />
<conditions>
<add input="{HTTP_HOST}" pattern="domain2.com" />
</conditions>
<action type="Redirect" url="https//www.domain1.com/{R:0}" appendQueryString="true" redirectType="Permanent" />
</rule>
Instead two rules you can create one rule with multiple conditions:
<rule name="All in one rule" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="off" />
<add input="{HTTP_HOST}" pattern="^www\.domain1\.com$" negate="true" />
</conditions>
<action type="Redirect" url="https://www.domain1.com{URL}" />
</rule>
This rule will do the following:
Redirect all other domains (domain1.com, domain2.com and etc) to www.domain1.com
Redirect HTTP to HTTPS
This rule will make only one necessary redirect instead of multiple redirects as your current rules
I am trying to configure Umbraco so all requests to the back office (www.mydomain.com/umbraco) get redirected to https and all non-backoffice requests are forwarded to http.
I can easily get the back office to use SSL by setting this web config appsetting key:
<add key="umbracoUseSSL" value="false" />
However, I am struggling to get all other pages to force http. The certificate is self signed so I don't want end users getting SSL errors. I have tried this rewrite rule in the web.config, but it has no impact.
<rule name="No-https" enabled="true" stopProcessing="true">
<match url=".*" negate="false" />
<conditions>
<add input="{HTTPS}" pattern="on" />
<add input="{URL}" pattern="umbraco" negate="true" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}{REQUEST_URI}" />
</rule>
My aim is that any request to https://www.mydomain.com is redirected to http://www.mydomain.com unless it matches the folder /umbraco.
If I have this rule, all http requests are redirected to https:
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
But when I negate the rule, it no longer has any effect?
<rule name="Redirect to HTTP" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" negate="true" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
Update. It looks like it isn't possible to process the redirect because the browser is giving the https error before the rewrite rule runs? Redirect from https to http when the SSL cert is no longer valid. Is there any way to redirect to http when using a self signed certificate?
Try amending your rule to only match on the Umbraco path, something like this:
<rule name="Force SSL" stopProcessing="true">
<match url="^umbraco/(.*)" />
<conditions>
<add input="{HTTPS}" pattern="OFF" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:0}" />
</rule>
That way http requests for anywhere other than the umbraco path will not be redirected. For https > http requests try the following (untested)
<rule name="Force Http" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="ON" />
<add input="{PATH_INFO}" pattern="^umbraco/(.*)" negate="true" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{R:0}" />
</rule>
I would recommend looking into making /umbraco/ unavailable on your site, and making it HTTP only.
I would then setup a different site, perhaps umbraco.yoursite.domain which does require SSL and allowing that address to access Umbraco.
Also, have you considered using LetsEncrypt to get a proper SSL certificate for your site?
There's lots of questions here about redirecting http to https so I figured it would be easy to reverse the process. However, everything I've tried hasn't worked.
I'm trying to combine the rule with my canonical host name rule (it's the first rule, at the top of the rewrite rules):
<rule name="CanonicalHostName" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="^ON$" />
<add input="{HTTP_HOST}" negate="true" pattern="^www\.example\.com|example-staging\.azurewebsites\.net$" />
</conditions>
<action type="Redirect" url="http://www.example.com/{R:1}" redirectType="Permanent" />
</rule>
The site is hosted on Azure and DNS is with CloudFlare if that makes any difference, I'm sure it shouldn't.
Any ideas what I'm doing wrong / might be preventing the https to http part of the rule working? (the host name part works fine)
CloudFlare
It seems the reason you cannot redirect away from SSL is because you are using CloudFlare. CloudFlare at a minimum uses flexible SSL. This means that the end user, browser shows the SSL lock but your server doesn't need SSL. See documentation here: https://www.cloudflare.com/ssl
Without CloudFlare the following example should work.
No CloudFlare
The following rule should work. You could still add your negate in if you want.
<rule name="HTTPS to HTTP redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="http://{HTTP_HOST}/{R:1}" />
</rule>
Full rewrite section for my working demo site.
<rewrite>
<rules>
<rule name="CanonicalHostNameRule1">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\.ashleymedway\.com$" negate="true" />
</conditions>
<action type="Redirect" url="http://www.ashleymedway.com/{R:1}" />
</rule>
<rule name="HTTPS to HTTP redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="on" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{R:1}" redirectType="Found" />
</rule>
</rules>
</rewrite>
Your redirect is still http:
url="http://www.example.com/{R:1}"
You can follow these instructions: Click Here
Additional information: Here
I want to force all http requests to redirect to https, so I now have this rule:
<rules>
<clear />
<rule name="force https" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP}" pattern="on" ignoreCase="true" />
<add input="{HTTP_HOST}" pattern="(sitea\.com)|(sitea\.uk)|(sitea\.org)" negate="true" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
But when I request for example http://www.sitea.com, it does not redirect to https://www.sitea.com.
(on a sidenote: I was also wondering if this has any negative effect on SEO)
This is what we use
<rule name="httpsredirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
</rule>
I can see a few differences - we have {R:1} where you have {REQUEST_URI} and we just have one condition entered which turns off https so only the http is redirected, that is perhaps where you are going wrong.
As for SEO - that is a big subject - but since you are doing a Permanent redirect, the search engines will recognize that and take the url out of their index, and use the https one instead.