locked
URL Rewrite for SSL redirection RRS feed

  • Question

  • User424004880 posted

    Can URL Rewrite be used to change http: to https: for directories on my site which require ssl? If not, does anybody have any suggestions on how to achieve this?

    Thanks in advance.

    Thursday, November 13, 2008 9:18 AM

All replies

  • User963356089 posted

     Something like this?

            <rewrite>
    <rules>
        <clear />
        <rule name="Force HTTPS" enabled="true">
            <match url="(.*)" ignoreCase="false" />
            <conditions>
                <add input="{HTTPS}" pattern="off" />
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="true" redirectType="Permanent" />
        </rule>

            </rewrite>

     

    Thursday, November 13, 2008 9:57 AM
  • User-1637866776 posted

    You may want to change it a little:

        <rule name="Force HTTPS" enabled="true">
            <match url="(.*)" ignoreCase="false" />
            <conditions>
                <add input="{HTTPS}" pattern="off" />
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
        </rule>

    {REQUEST_URI} contains the entire requested URL including query string, so your original rule would end up duplicating query string parameters when redirecting.

    Thursday, November 13, 2008 11:48 AM
  • User424004880 posted

    Thanks for the advice. I will give it a try.

    Monday, November 17, 2008 1:49 PM
  • User424004880 posted

    The rule that you gave me is working. However, I need a rule that changes https back to http for all of the other directories in the site.

    Wednesday, November 19, 2008 10:03 AM
  • User424004880 posted

    Disregard the last message. I was able to create a rule which turns off the https.

    Wednesday, November 19, 2008 10:22 AM
  • User470070523 posted

     Hi

     can you show fully code and please tell me how to deploy.

    I just install URLRewrite and i don't know how to do??

     I also need redirect http to https

    Thanks

    Wednesday, March 4, 2009 4:09 AM
  • User190696977 posted
    <rules>
    	<rule name="RequiresSSL-Redirect" stopProcessing="true">
    		<match url="(.+)" />
    		<conditions>
    			<add input="{HTTPS}" pattern="off" />
    			<add input="{RequiresSSL:{R:1}}" pattern="(.+)" />
    		</conditions>
    		<action type="Redirect" url="https://{HTTP_HOST}/{C:1}" appendQueryString="true" redirectType="Permanent" />
    	</rule>
    </rules>
    <rewriteMaps>
    	<rewriteMap name="RequiresSSL">
    		<add key="path/to/secure/page.aspx" value="path/to/secure/page.aspx" />
    		<add key="nextpath/to/secure/page.aspx" value="nextpath/to/secure/page.aspx" />
    	</rewriteMap>
    </rewriteMaps>
    
    Wednesday, March 4, 2009 12:12 PM
  • User-1178652481 posted

    I'm having some trouble getting this working, it doesn't seem to be redirecting at all (to HTTPS, or to HTTP)

     I am using th redirect code above but my rewriteMap looks like this:

    <rewriteMaps>
      <rewriteMap name="RequiresSSL">
        <add key="admin" value="admin/" />
        <add key="secure" value="secure/" />
      </rewriteMap>
    </rewriteMaps>

     I have also tried it with a path directly to an .aspx page instead of a folder, but still, nothing seems to be working.

    Other rules are working fine, (ie. toLowercase, from non-www to www) and I have also disabled these temporarily to see if they where getting in the way.

    Wednesday, July 22, 2009 1:32 AM
  • User-1637866776 posted

    Can you give examples of full URLs you have tried requesting and they did not redirect?

    Also, you may try temporarily commenting out the condition that calls to rewrite map to check that actual redirection part works as expected. That will help to narrow down the cause of the problem.

    Wednesday, July 22, 2009 1:51 PM
  • User1229848078 posted

    Good day.

    Just trying out the redirect to SLL as per sample above on a site in IIS 7.5

    Rule snippet:

    <rule name="Force HTTPS" enabled="true">
                 <match url="(.*)" ignoreCase="false" />
                 <conditions>
                  <add input="{HTTPS}" pattern="off" />
                 </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
    </rule>

    Actions:

    Typing in http://172.12.13.61 in the address bar and would expect it to redirect/force to https://172.12.13.61 but it does not happen.

    Any ideas? Thanks

    Thursday, October 21, 2010 7:33 AM
  • User1229848078 posted

    Not sure if it has anything to do with the fact that I am running a classic asp application.

    I still cannot make the above rule work, but thought Id ask this too. 

    On IIS 6 we used the following to jump/force/redirect SSL on 403;4 errors by setting it to a page that includes the following.

    <%
       If Request.ServerVariables("SERVER_PORT")=80 Then
          Dim strSecureURL
          strSecureURL = "https://"
          strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")
          strSecureURL = strSecureURL & Request.ServerVariables("URL")
          Response.Redirect strSecureURL
       End If
    %>

    Is this still feasible or would the URL Rewrite be the prefferred method in IIS 7.5?

    Thursday, October 21, 2010 9:06 AM
  • User-349316378 posted

     Hi,

    I have no idea about Classic ASP, does it use web.config files as well? The rules above I use them in such file.

    Also, I don't think it works when run with Visual Studio, has to be against IIS7 itself. The rules seem ok, perhaps try using a domain name rather than an ip address?

     

    Good luck

    Thursday, October 21, 2010 4:46 PM
  • User1229848078 posted

    No Classic ASP does not use the webconfig so I guess the question is if it actually gets looked at at all when using the URL rewrite module on a classic asp application?

    I cannot imagine that using the domain name would make a difference, I did try it and still cannot make it work.

    Anybody out there that could shine some light on the matter? :)

    Friday, October 22, 2010 4:32 AM
  • User-349316378 posted

    My guess is no... Why don't you use a third-party url rewrite tool such as http://www.isapirewrite.com/ ?

    Friday, October 22, 2010 5:02 AM
  • User1229848078 posted

    Well I just need to redirect/jump to SSL so handling the 404 error with a jumptossl.asp page will do the trick for me and therefore no need for a third party component.

    Thanks anyway.

    Friday, October 22, 2010 5:46 AM
  • User-1897882741 posted
    Is there a way to create an exception if a specific port is used?
    Friday, November 2, 2012 6:09 PM
  • User497591033 posted

     Something like this?

            <rewrite>
    <rules>
        <clear />
        <rule name="Force HTTPS" enabled="true">
            <match url="(.*)" ignoreCase="false" />
            <conditions>
                <add input="{HTTPS}" pattern="off" />
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="true" redirectType="Permanent" />
        </rule>

            </rewrite>

     

    This worked perfectly, thanks alot!

    Monday, January 7, 2013 6:32 AM
  • User1664706752 posted

    "Disregard the last message. I was able to create a rule which turns off the https."

    Can you post the code for this please?

    Thursday, August 15, 2013 1:30 PM
  • User1632433470 posted

    If you already have a canonical domain name rule configured for your website, you can easily add https redirection to that rule. Here is how to do it: https://www.orderfactory.com/articles/IIS-URL-Rewrite-to-HTTPS.html

    HTH

    Friday, August 22, 2014 6:10 PM
  • User42490559 posted

    Hi - how were you able to do this? Here is my situation:

    http:// was set up to redirect https://  using a separate site in IIS. I don't know what else was done to enable the redirect or if that was necessary, but I also don't know how to undo it to accomplish what I need to.

    Now, we have changed the hosting server for www, and it is no longer secure, but search engines and media had bookmarked the https:// domain. How do I get https:// to redirect to http:// for the www. subdomain? Here are some looks at what I have tried:

    Original redirect:

    Pattern: (.*)

    Input {HTTPS} Pattern ^OFF$

    Redirect URL https://{HTTP_HOST}/{R:1}

    What I need is to make sure the www subdomain redirect to http, while other subdomains (in this case auctions.) maintains the http -> https redirect

    Many thanks for the help...

    Thursday, August 28, 2014 2:14 PM