I have a website on an EC2 service from AWS. The web domain was purchased on Namecheap with SSL protection. I was investigating how to activate this ssl protection. The first thing I did was to generate the CSR code from my EC2 instance. Then I went to Namecheap to use this code and activate the SSL Protection. I complete the DCV validation using the "HTTP-based validation". Now in my Namecheap main panel the SSL certificate says to be active. But when wanting to go to my website, it still does not appear. Is there something I need to do? Thank you all for your time!
Yes, you will need to install the certificate and private key on your web server. You will also need to setup / enable HTTPS on your web server.
https://www.namecheap.com/support/knowledgebase/article.aspx/795/14/how-to-install-ssl-certificates
I can't understand your question clearly but try this and see if it helps - add this to your web config file
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"
redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
Related
I have the following rule which is working well for redirecting my www requests to the root.
However I can't seem to turn it off for localhost. Here is what I have now:
<rule name="CanonicalHostNameRule1">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^example\.com$" negate="true" />
</conditions>
<action type="Redirect" url="https://example.com/{R:1}" />
</rule>
I've tried many things including things like:
<rule name="CanonicalHostNameRule1">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^localhost$" negate="true" />
<add input="{HTTP_HOST}" pattern="^example\.com$" negate="true" />
</conditions>
<action type="Redirect" url="https://example.com/{R:1}" />
</rule>
Could you help? Regexes are my weakness alas
How about using a condition to only match requests that start with www. instead of trying to negate when you don't want the rule to apply? This avoids the need to negate localhost because localhost never matches in the conditions:
<rule name="Strip WWW" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\.(.*)" />
</conditions>
<action type="Redirect" url="https://{C:1}/{URL}" />
</rule>
However, your example of the rule you tried (your second code block) also works for me in testing with IIS on a Windows 10 VM. I can browse to localhost without a redirect. Perhaps there is another issue here.
I would not mix the rules of different hosting environments; localhost (for local development) and www, your live environment.
If you keep them separate, you don't have to enable and disable rules depending on the environment.
The rules section has a configSource attribute via which you can point to an other separate file, eg. RewriteRules.config.
Doing so, web.config will look like here below.
<configuration>
<!-- Other settings go here. -->
<system.webServer>
<!-- other settings go here --->
<rewrite>
<rules configSource="RewriteRules.config">
</rewrite>
</system.webServer>
</configuration>
The RewriteRules.config file contains the rules.
<rules>
<rule name="CanonicalHostNameRule1">
<!-- Rule details go here -->
</rule>
</rules>
You make a separte version of this RewriteRules.configfile per environment, containing only the appropriate rules and deploy it to the concerned webserver.
This has many benefits.
Only the rules for the concerned environment are being evaluated, which is better for performance.
It is more flexible if you have other environments like QA (http://qa. ...) and dev (http://dev. ...).
You don't have to worry (and test) whether the rules of one environment will interfere with the ones of an other one, here: local vs live.
The deployment of the RewriteRules.config file can be included in a deployment automation.
I'm setting up an API on Azure as a web service. I want it to force HTTPS for all the HTTP verbs (GET, POST, DELETE, etc.)
The blog post here tells to add a rule in the web.config file (towards the bottom of the blog post, it's quite lengthy.) Here is the rule:
<!-- BEGIN rule TAG FOR HTTPS REDIRECT -->
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
<!-- END rule TAG FOR HTTPS REDIRECT -->
I tried doing that and it works okay for GET requests. However, when I try for POST requests, the web service now somehow interprets that request as GET request.
Any pointers on how to set up the rule for remaining verbs as well?
GETs are enabled by default,
you have to enable the other http verbs.
Shortest Version is the "Enable HTTP Verbs" section in the
azure cheat sheet:
http://microsoftazurewebsitescheatsheet.info
I have my website in Azure named
djangoproj.azurewebsites.net
When I request homepage it goes to http://djangoproj.azurewebsites.net. I know all projects in azure are SSL protected and when i type https://djangoproj.azurewebsites.net, it works fine ! I can access the site via https. But how do i make it to default https in azure? because when i call the homepage, it gives http response by default until i forcibly specify https.
How do i make default https in azurewebsite ?
The setting SECURE_SSL_REDIRECT will redirect all traffic to https when set to True.
Relevent section in the docs
In your web.config (for example, web.3.4.config in your repository root), append the following rule to the rules section:
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
I have this in production on a django 1.9 app on Azure App service.
I have an IIS Site with Rewrite Rule to redirect all requests to HTTPS.
I have a internal web service which works with HTTP but rewrite rule modify "http" request to a "https". When happens is the web service returns an error "Object Moved". I tried use "AllowAutoRedirect" with true value but it doesn't work.
How to create a EXCEPT Rewrite Rule to access this web service? how to make web service work with HTTPS protocol?
One way is to add the rule before the "global redirect" and make sure to use stopProcessing="true" so that the next rule is not executed, for example the following rule will allow HTTP only on requests to the segment "foo/", everything else will redirect to SSL:
<rewrite>
<rules>
<rule name="Allow requests to the folder foo over non-https" stopProcessing="true">
<match url="^foo/.*" />
<action type="None" />
</rule>
<!-- Else redirect ALL request to HTTPS -->
<rule name="Redirect to https">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="Off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
My website was accessible by both HTTP and HTTPS until the SEO gents said we should go with one or the other (to avoid duplicate content). We've implemented an HTTPS -> HTTP redirect for all content on the site to do this which was set up via the web.config file.
However, now I need to open access of one file to HTTPS to load it properly in an HTTPS environment. Any assistance would be awesome.
Here is the redirect code:
<rule name="Redirect HTTPS to HTTP" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^on$" ignoreCase="true"/>
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{R:1}" redirectType="Found" />
</rule>
Edit: After thinking about it a bit more, what if I just wanted to allow images (.jpg, .gif, .png) to be accessed via HTTPS? I suppose what I'd need then is an inverse regex. like: match url="!((.jpg)(.gif)(.png))"
solved by adding a rule that didn't redirect to HTTP for .jpg files:
<rule name="allow jpg to use https" stopProcessing="true">
<match url="(.*)(jpg)" />
<conditions>
<add input="{HTTPS}" pattern="^on$" ignoreCase="true"/>
</conditions>
</rule>