URL Rewrite rule not working Http to Https Redirect IIS 10 - Asp.Net Framework 4.8 - aspx - Web Forms

techthiru 40

Using URL rewrite module 2.1 in IIS 10 is not working as expected.

Here is my requirement

I have several web applications running under "Default Web Site". One of them is "WebAppDemo"

The Default Web Site has bindings as in the screenshot

Bindings

The WebAppDemo running under "Default Web Site" can be accessed via this URL:

http://dev-abc-iis.myorg.com/WebAppDemo

I want to allow https: only for this WebAppDemo application.

My team wants to take an approach like this:

Create a new web site say "WebAppDemo Site"
Create a web application under this new web site say "WebAppDemo"

Create a https: binding (only) for this "WebAppDemo Site" on a custom port number(non standard port number)

  https:9443
  hostname: dev-abc-iis.myorg.com
  IP Address: All UnAssigned
  Require Server  Name Identification: Checked
  **Note:** The WebAppDemo under both the "Default Web Site" and "WebAppDemo Site" point to the same physical folder : inetpub\wwwroot\WebAppDemo

We prefer this approach such that we want the users keep requesting the old url without needing to update their bookmarks.

URL Rewrite Rules

With the above setup, I have written this rule and put it in the web.config file for the "Default Web Site" under inetpub\wwwroot\web.config

<rules>
	<rule name="WebAppDemo Https Redirect" stopProcessing="true">
		<match url="WebAppDemo(/.*)?$" />
		<conditions>
			<add input="{HTTPS}" pattern="^OFF$" />
			<add input="{HTTP_HOST}" pattern="([^/:]+)(:[^/]*)?" />
        </conditions>  			
		<action type="Redirect" url="https://{C:1}:9443/{R:0}" appendQueryString="false" />
	</rule>
</rules>

Here are the specifications of my requirements for the rules

http: requests made to WebAppDemo application running under "Default Web Site" should be redirected to the https: site which is bound to "WebAppDemo Site" -> WebAppDemo on the custom port :9443

The result of the above mentioned rule is:

When i browse this URL using a browser: http://dev-abc-iis.myorg.com/WebAppDemo

I am redirected to this URL : https://dev-abc-iis.myorg.com/WebAppDemo/

You can notice, in the redirected URL, the port number :9443 is missing and this result is not the expected result.

I am not sure what is wrong in the rule.

Somebody, please help me fix this and get this working!! Update:06/08/24

I still am gathering answers for this question. I prefer to fix this rule before i consider other options.

Thanks!

Accepted answer

AgaveJoe 28,536 Reputation points

2024-06-08T16:46:23.8033333+00:00
i would like to get the rule fixed before considering alternative approaches.

I tested the code and I believe the rule functions according your your use case. I used the wildcard pattern. Double check the port and web app name.

<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <rewrite> <rules> <clear /> <rule name="Port redirect path" enabled="true" patternSyntax="Wildcard" stopProcessing="true"> <match url="*/*" /> <conditions logicalGrouping="MatchAll" trackAllCaptures="false"> <add input="{R:1}" pattern="WebAppDemo" /> <add input="{HTTPS}" pattern="OFF" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}:9443/{R:1}/{R:2}" redirectType="Found" /> </rule> <rule name="Port redirect root" enabled="true" patternSyntax="Wildcard" stopProcessing="true"> <match url="*" /> <conditions logicalGrouping="MatchAll" trackAllCaptures="false"> <add input="{R:0}" pattern="WebAppDemo" /> <add input="{HTTPS}" pattern="OFF" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}:9443/{R:0}" redirectType="Found" /> </rule> </rules> </rewrite> <staticContent> <clientCache cacheControlMode="NoControl" /> </staticContent> </system.webServer> </configuration>

I used the following reference documentation.

https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/url-rewrite-module-configuration-reference

Edit: You're configuration is returning 301 (Moved Permanently). Your browser can/will cache the URL. If making rule changes does not seem to changes anything then clear your browser cache.
Please sign in to rate this answer.

1 person found this answer helpful.
techthiru 40 Reputation points

2024-06-08T21:01:50.53+00:00

@AgaveJoe
thanks for the response. Can you please clarify with a brief explanation of what these two rules do? I will need one of the above rules correct? or should i use both of them?

AgaveJoe 28,536 Reputation points

2024-06-08T21:33:40.8333333+00:00

Can you please clarify with a brief explanation of what these two rules do?

Rule1 - Match:

<rule name="Port redirect path" enabled="true" patternSyntax="Wildcard" stopProcessing="true"> <match url="*/*" />

The match is looking for a path that has [any number or character], a slash, and [any number or character]. The first asterisk captures the "WebAppDemo" application (your IIS configuration) in a back-reference. The second asterisk captures the rest of the URL.

Path => WebAppDemo/

{R:0} = WebAppDemo/

{R:1} = WebAppDemo

{R:2} = [Empty]

Path => WebAppDemo/mypage.aspx

{R:0} = WebAppDemo/mypage.aspx

{R:1} = WebAppDemo

{R:2} = mypage.aspx

Path => WebAppDemo/subfolder/mypage.aspx

{R:0} = WebAppDemo/subfolder/mypage.aspx

{R:1} = WebAppDemo

{R:2} = subfolder/mypage.aspx

Rule1 - Condition.

All conditions must be meet.

<conditions logicalGrouping="MatchAll" trackAllCaptures="false"> <add input="{R:1}" pattern="WebAppDemo" /> <add input="{HTTPS}" pattern="OFF" /> </conditions>

The first condition looks for "WebAppDemo" in {R:1}. If the match is meet then {R:1} contains the first directory in the path which in your case is the application.

The second condition looks for HTTPS being set to false. In other word not https.

Rule1 - Redirect

<action type="Redirect" url="https://{HTTP_HOST}:9443/{R:1}/{R:2}" redirectType="Found" />

The redirect rule build the redirect URL.

{HTTP_HOST} is the domain.

{R:1} is the first directory in the path

{R:2} is the rest of the URL.

The second rule handles request where the path starts with WebAppDemo but there is not ending slash.

Path => WebAppDemo

I will need one of the above rules correct? or should i use both of them?

I would use both rules in case there is a URL that does not end with a slash.

techthiru 40 Reputation points

2024-06-09T14:37:48.46+00:00

thanks for the explanation. I was not able to understand/get the back references correct. your solution works as per my requirements. thanks again!

techthiru 40 Reputation points

2024-06-11T19:15:10.8+00:00

@AgaveJoe

Just one more use case.

With the rules in place, when i browse http*s*://dev-abc-iis.myorg.com/WebAppDemo I get a response: This site can’t be reached. which is obvious coz no such binding exists.

But can i redirect this url to the new url despite this being a https: request already? if not insane!!

I added these rules to the top of the other rules but this does not seem to work. Might be doing something wrong..

<rule name="WebAppDemo https without port path" enabled="true" patternSyntax="Wildcard" stopProcessing="true"> <match url="*/*" /> <conditions logicalGrouping="MatchAll" trackAllCaptures="false"> <add input="{HTTP_HOST}" pattern="dev-abc-iis.myorg.com" /> <add input="{R:1}" pattern="WebAppDemo" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}:30443/{R:1}/{R:2}" redirectType="Found" /> </rule> <rule name="WebAppDemo https without port root" enabled="true" patternSyntax="Wildcard" stopProcessing="true"> <match url="*" /> <conditions logicalGrouping="MatchAll" trackAllCaptures="false"> <add input="{HTTP_HOST}" pattern="dev-abc-iis.myorg.com" /> <add input="{R:0}" pattern="WebAppDemo" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}:30443/{R:0}" redirectType="Found" /> </rule>

AgaveJoe 28,536 Reputation points

2024-06-11T22:39:14.5633333+00:00

Your current configuration does not filter out port 30443. The code gets stuck in an infinite redirect loop if the incoming port is 30443. Replace domain check with check the port.

Checks if the requested port is 443 (default https port)

<add input="{SERVER_PORT}" pattern="443" />

Checks if the requested port is not 30443.

<add input="{SERVER_PORT}" pattern="30443" negate="true" />
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

1 additional answer

AgaveJoe 28,536 Reputation points

2024-06-07T21:14:31.24+00:00
The easiest approach is adding redirect code in the global.asax file of the web application you wish to redirect from.

void Application_BeginRequest(Object source, EventArgs e) { Uri url = HttpContext.Current.Request.Url; if(url.Port == 443) { Response.Redirect("https://dev-abc-iis.myorg.com:9443/WebAppDemo/"); } }

The code above does a simple 443 port number check. However, the Uri type has a lot of properties which can be used to evaluate what URL the user requested to determine where to redirect the user's browser.
Please sign in to rate this answer.

1 person found this answer helpful.
techthiru 40 Reputation points

2024-06-08T13:43:13.2666667+00:00

Hello! thanks for the response first of all. Even though this is an alternative approach, i would like to fix the rule and make it work before i consider other alternatives. so i am still on the look out for solutions that can fix the rule.

techthiru 40 Reputation points

2024-06-08T13:45:21.8733333+00:00

Hello! thanks for the reply first. Though this is an alternative approach, i would like to get the rule fixed before considering alternative approaches. so i am still on the look out for solutions that can help me fix the rule and make it work according to the requirements stated in the post.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

URL Rewrite rule not working Http to Https Redirect IIS 10 - Asp.Net Framework 4.8 - aspx - Web Forms

URL Rewrite Rules

1 additional answer

Your answer