CODEWITHSUNDEEP
iisurl-rewritingiis-7.5
shakti
shakti

Reputation: 191

IIS 7.5 URL Redirect for specific patterns

When user enters domain.com it should redirect to my application which is https://www.domain.com. Currently it is not happening and it is showing a page "This Connection is Untrusted."

I have following rewrite tag added in my web.config:

        <rewrite>
           <rules>
            <rule name="Redirect to HTTPS" stopProcessing="true">
                <match url="(.*)" />
                <conditions>
                    <add input="{HTTPS}" pattern="^OFF$" />
                </conditions>
                <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
            </rule>
       </rules>
    </rewrite>

Currently in my IIS 7.5 i have added Inbound Rule which i have settings as follows:

  1. In Match URL

    Requested URL: Matches the Pattern

    Using: Reqular Expression

    Pattern: (.*)

    Ignore Case: Checked

  2. Conditions

    Logical Grouping: Match All

    Input: {HTTPS}

    Type: Matches the Pattern

    Pattern: ^OFF$

    Track group across condition: unchecked

  3. Action

    Action Type: Redirect

    Redirect URL: https://{HTTP_HOST}/{R:1}

    Append Query string: checked

    Redirect Type: See Other (303)

Please let me know if any changes can be made to existing settings.

Thanks in advance.

Upvotes: 0

Views: 11106

Answers (1)

Marco Miltenburg
Marco Miltenburg

Reputation: 6138

Your rewrite rule is just redirecting to the same domain. So if a user enters just domain.com (defaulting to http) it will redirect to https://domain.com. If your SSL certificate does not contain domain.com but only www.domain.com it will cause the browser to prompt a warning about a wrong certificate. Though most certificate authorities nowadays issue certificates with both the domain with and without www (but maybe yours not).

If you want the user to always use https://www.domain.com (always with www) you should use the following rewrite rule:

<rule name="Force HTTPS" stopProcessing="true">
    <match url="(.*)" />
    <conditions logicalGrouping="MatchAll">
        <add input="{HTTPS}" negate="true" pattern="^ON$" />
        <add input="{HTTP_HOST}" negate="true" pattern="^www\.domain\.com$" />
    </conditions>
    <action type="Redirect" url="https://www.domain.com{REQUEST_URI}" appendQueryString="false" redirectType="Permanent" />
</rule>

It will force SSL and will force www.domain.com as a host header. If not, it will issue a permanent redirect (= beter) to the same URL.

Upvotes: 4

Related Questions