I have an IIS Site with Rewrite Rule to redirect all requests to HTTPS.
I have a internal web service which works with HTTP but rewrite rule modify "http" request to a "https". When happens is the web service returns an error "Object Moved". I tried use "AllowAutoRedirect" with true value but it doesn't work.
How to create a EXCEPT Rewrite Rule to access this web service? how to make web service work with HTTPS protocol?
One way is to add the rule before the "global redirect" and make sure to use stopProcessing="true" so that the next rule is not executed, for example the following rule will allow HTTP only on requests to the segment "foo/", everything else will redirect to SSL:
<rewrite>
<rules>
<rule name="Allow requests to the folder foo over non-https" stopProcessing="true">
<match url="^foo/.*" />
<action type="None" />
</rule>
<!-- Else redirect ALL request to HTTPS -->
<rule name="Redirect to https">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="Off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
Related
I'm using the code below to create a redirect rule in my web.config file in the root directory of a site hosted in a Windows server:
<rewrite>
<rules>
<clear />
<rule name="Redirect https" enabled="true" stopProcessing="true" patternSyntax="ECMAScript">
<match url=".*cashpreview\\.com\\.br.*" ignoreCase ="true" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
The rule works for the address http://www.cashpreview.com.br/cashpreview/cashbr.htm but not for
http://www.cashpreview.com.br/cashpreview/janelas.htm . If I try to access the first address, the "https" replace the "http", but the same doesn't occurs for the second address. I need to write the domain in the regular expression because I have multiple domains sharing the same web directory and only this has SSL installed for it. Does somebody knows what could be causing this strange behaviour of the rule?
Now, I've discovered my errors. I was not aware that the parameter url of the match element contains only the part of the url relative to the directory where the web.config file is located. So, the domain never is part of the url. As I have multiple domains sharing the same web directory, I added a new condition checking the {HTTP_HOST} for the only domain for which I've installed SSL. As I have asp files in the site and I used {REQUEST_URI} that include de querystring, I turned off the appendquerystring attribute. My code now is like below:
<rewrite>
<rules>
<clear />
<rule name="Redirect https" enabled="true" stopProcessing="true" patternSyntax="ECMAScript">
<match url=".*" ignoreCase ="true"/>
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_HOST}" pattern=".*cashpreview\.com\.br" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false"/>
</rule>
</rules>
</rewrite>
That case where sometimes the things go right was only for data cached in my browser. Using a proxy, that case didn't worked the way I was doing before too.
I'm setting up an API on Azure as a web service. I want it to force HTTPS for all the HTTP verbs (GET, POST, DELETE, etc.)
The blog post here tells to add a rule in the web.config file (towards the bottom of the blog post, it's quite lengthy.) Here is the rule:
<!-- BEGIN rule TAG FOR HTTPS REDIRECT -->
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
<!-- END rule TAG FOR HTTPS REDIRECT -->
I tried doing that and it works okay for GET requests. However, when I try for POST requests, the web service now somehow interprets that request as GET request.
Any pointers on how to set up the rule for remaining verbs as well?
GETs are enabled by default,
you have to enable the other http verbs.
Shortest Version is the "Enable HTTP Verbs" section in the
azure cheat sheet:
http://microsoftazurewebsitescheatsheet.info
I have my website in Azure named
djangoproj.azurewebsites.net
When I request homepage it goes to http://djangoproj.azurewebsites.net. I know all projects in azure are SSL protected and when i type https://djangoproj.azurewebsites.net, it works fine ! I can access the site via https. But how do i make it to default https in azure? because when i call the homepage, it gives http response by default until i forcibly specify https.
How do i make default https in azurewebsite ?
The setting SECURE_SSL_REDIRECT will redirect all traffic to https when set to True.
Relevent section in the docs
In your web.config (for example, web.3.4.config in your repository root), append the following rule to the rules section:
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
I have this in production on a django 1.9 app on Azure App service.
My website was accessible by both HTTP and HTTPS until the SEO gents said we should go with one or the other (to avoid duplicate content). We've implemented an HTTPS -> HTTP redirect for all content on the site to do this which was set up via the web.config file.
However, now I need to open access of one file to HTTPS to load it properly in an HTTPS environment. Any assistance would be awesome.
Here is the redirect code:
<rule name="Redirect HTTPS to HTTP" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^on$" ignoreCase="true"/>
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{R:1}" redirectType="Found" />
</rule>
Edit: After thinking about it a bit more, what if I just wanted to allow images (.jpg, .gif, .png) to be accessed via HTTPS? I suppose what I'd need then is an inverse regex. like: match url="!((.jpg)(.gif)(.png))"
solved by adding a rule that didn't redirect to HTTP for .jpg files:
<rule name="allow jpg to use https" stopProcessing="true">
<match url="(.*)(jpg)" />
<conditions>
<add input="{HTTPS}" pattern="^on$" ignoreCase="true"/>
</conditions>
</rule>
I have this rewrite rule in web.config on our Azure app to ensure the users always use HTTPS:
<rule name="HTTP to HTTPS redirect"
stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}"
pattern="off" />
<add input="{REQUEST_URI}"
pattern="^clientaccesspolicy\.xml$"
negate="true" />
<add input="{REQUEST_URI}"
pattern="^crossdomain\.xml$"
negate="true" />
</conditions>
<action type="Redirect"
redirectType="Found"
url="https://{HTTP_HOST}/{R:1}" />
</rule>
It works fine. The users always hit the site using a subdomain of our company URL and we have a wildcard certificate.
But when the app is staging I would like to use it without https (but still not allow http acccess to the standard cloudapp subdomain).
so for example this would work over http:
http://f9eccd6a9a044270b5ce97ae614c9ee1.cloudapp.net
But this wouldn't:
http://myazuresubdomain.cloudapp.net
My Regex skills are minimal and my url rewrite skils are limited to copying the above from SO. So could someone help me with the rule that will help me acheive the above? Perhaps a negate for a url that has exactly 32 chracters then .cloudapp.net?
Thanks
Mark
The following rule should match what you're after. Placing it first will skip the https redirect due to the 'stopProcessing' attribute.
<rule name="Staging CloudApp" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="([0-9a-f]{32})\.cloudapp\.net" />
</conditions>
<action type="None" />
</rule>