My website has a partnership with external sites for members that allows access. The only way our members can access the external site is first if they are authenticated on our site, and then if they visit the external site from a specific page. Such as:
Our partner/external site checks HTTP_REFERER and verifies that the user is coming from the exact URL above and then allows them access.
So, we are stuck with this URL unless we request the partner change the URL on their side as well, which is a long complicated process.
I would like to make this URL prettier, but allow the external site to view the correct or "true" URL when the do an HTTP_REFERER so that they can still allow access for authenticated users from our site.
Some notes on my specific situation:
I am running pages on an IIS 7 Server.
Pages are .asp pages and utilizing Classic ASP VB server-side language.
I do not have access
to change anything on the external server checking the HTTP_REFERER
location.
I have tried doing:
<% Server.Transfer("/mynewpage/") %>
and that works in the sense that it makes the URL prettier while keeping the page at the same location. But the external site also reads the page as coming from "www.example.org/mynewpage/", which "breaks" our authentication because it's not the predefined page they are looking for to check authentication.
Is there another way that I can "cloak" or "rename" my URL to make it prettier, while still allowing the external site to correctly read the "True" URL when they do an HTTP_REFERER?
If your host has the URL rewrite module installed (which they probably will) then you can put rewrite rules into the system.webserver section of web.config eg
<rewrite>
<rules>
<rule name="ArticleDetail" stopProcessing="true">
<match url="^article/([^/]+)/?$"/>
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true"/>
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true"/>
</conditions>
<action type="Rewrite" url="article.asp?id={R:1}"/>
</rule>
<rule name="Articles" stopProcessing="true">
<match url="^articles$"/>
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true"/>
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true"/>
</conditions>
<action type="Rewrite" url="articles.asp"/>
</rule>
</rules>
</rewrite>
This is for standard master/detail pages called articles.asp and article.asp. yoururl/articles will find articles.asp and yoururl/article/30 will find articles.asp?id=30
The alternative is to set up a custom 404 page and use server.transfer in that. You would also use web.config to define your 404 page, but the rewrite engine is easier IMO. Using either approach, both the "pretty" URL and the original url would find the page.
Note that if you have IIS installed on your own machine you can use the Rewrite rule creator in that. When you use it you'll find that it's added the rules it created to web.config
Related
http://www.iis.net/learn/extensions/url-rewrite-module/url-rewrite-module-configuration-reference
<rule name="AngularJS Routes" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
</conditions>
<action type="Rewrite" url="/index.html" />
</rule>
The above is a one of several url rewrite rules widely suggested for angular single page apps.
I understand the rule to mean "If the request is not for a physical file, rewrite the url to /index.html.
Excerpt from documentation link above: " This can be used to specify a condition that checks if the requested URL is NOT a file..."
In index.html I have this script reference:
<script src="lib/jquery/dist/jquery.min.js"></script>
This is a physical file and it does exist on the disk in the location specified.
The rewrite rule is picking up this request and rewriting it to /index.html.
Why is that occuring?
My web.config is located at the same level as wwwroot.
There are several threads on github related to url rewrites, not sure if this specific issue is covered:
https://github.com/aspnet/BasicMiddleware/issues/43
https://github.com/aspnet/IISIntegration/issues/164
https://github.com/aspnet/IISIntegration/issues/192
IsFile won't work because the file is not where IIS expects it to be. For an Asp.Net 4 app the index.html file would have been in the site root, but for an Asp.Net Core app the file is in a subdirectory.
Try using the new Rewrite middleware instead, it knows where the files are in the new Asp.Net Core layout.
https://github.com/aspnet/BasicMiddleware/blob/dev/samples/RewriteSample/Startup.cs#L16
I have been over the web hunting for solutions for this, but I can get only 1 and 2 to work.
http://www.example.com to https://www.example.com
www.example.com to https://www.example.com
http://example.com to https://www.example.com
https://example.com to https://www.example.com
https://example.com to https://www.example.com
example.com/page.aspx to https://www.example.com/page.aspx
Requirements:
All URLs to be HTTPS
All URLs without WWW in them to show WWW
All other redirects to work, query strings and params carried over etc.
So the main issue is that if no protocol is specified (http or https) then if I enter example.com/blah then it gets converted to www.example.com/blah but put a protocol (http or https) in front and it breaks the link.
As I don't currently have a rule to move non-WWW URLs to WWW, then I am not sure what is doing it, if I have to do it, how I can get it to work with HTTP to HTTPS.
I have tried putting the rules for HTTP to go to HTTPS together with a rule for non-WWW to WWW but it didn't work (first example you will see - bottom example is what I am using at the moment).
I have tried using {HTTP_HOST} instead of writing out my site's URL in the redirect part of the rule.
I have tried splitting the rules into 2, one for HTTP to HTTPS, and one for no-WWW to WWW.
However nothing seems to work.
At the moment I am just using my hosts file and practising, changing the rules in the web.config file for the site on Win 2012 box.
I have other rules as well e.g for www.example.com/plugins to go to the page (rewrite) underneath .aspx, but these don't work either if there is no www in the URL.
So it seems the redirection of non-WWW URLs to WWW is the issue and I don't know the best way to combine it with the HTTP to HTTPS rules.
I was trying a combo of the two rules which covers the HTTPS/WWW and works apart from no 4/5 (non-WWW to WWW) this is that rule.
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny" trackAllCaptures="false">
<add input="{HTTPS}" pattern="^OFF$" />
<add input="{HTTP_HOST}" pattern="^[^www]" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
The actual switching of logicalGrouping="MatchAny" to "MatchAll" doesn't seem to make a difference by the way.
As long as someone doesn't type the URL as http://example.com/plugins then it works fine and is redirected to https://www.example.com/plugins.
Not that I know many people who actually type the protocol in when entering links now (// works as well) but it's obviously the old search engines, and site embedded links I need to handle for duplicate content.
Can anyone think of a reason why this isn't working OR what I should try?
I have bindings set up for both port 80/443 for WWW and without.
I never find in answers to problems like these that people talk much about the IIS settings such as bindings and ports but I think they should as web.config is tied into the URL Redirect application and bindings are obviously required for your addresses.
I just find it weird that the example rule I put up earlier works just as well as this one which only mentions HTTP to HTTPS.
This is what I am currently using. Maybe IIS does something with www?
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
I even changed the order of the bindings so that non-WWW bindings went before the WWW bindings thinking that might have something to do with it.
I control my DNS and my A record is set like
DNSEntry - WWW
Type - A
Destination - MY IP
So I am a bit confused to what is actually forcing non-WWW URLs to go to WWW URLs. As the command I am currently using in web.config only mentions HTTPS.
I am thinking maybe there is something in IIS (I am not an IIS 8 expert) that has set something to do it or the setting of one of the values should have been a domain without WWW in it.
Any help would be much appreciated. I doubt there are many URLs about pointing to my site without the WWW in it anyway but it would be good to know for SEO that I could force them all to one place so I don't get caught on duplicate content.
Try below code:
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
How to force HTTPS using a web.config file
IIS 7.5 URL Redirect for specific patterns
Override an IIS rewrite rule for child site?
I am using IIS 7.5 with the Url Rewrite module. Here is my rule.
<rule name="stash.domain.com" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://192.168.5.9:8080/{R:1}" logRewrittenUrl="true" />
<conditions>
<add input="{HTTP_HOST}" pattern="^stash.domain.com$" />
</conditions>
</rule>
Everything works as expected, except if the url contains and extension of ".cs", or if a "+" sign is in the url anywhere.
For example, these don't work
http://stash.domain.com/projects/MDX/repos/medxchange.library/browse/Src/MedXChange.Api/CoreServiceUrls.cs
http://stash.domain.com/projects/MDX/repos/medxchange.library/browse/Src/MedXChange.Api/CoreService+Urls
I get the following response from IIS with those urls.
404 - File or directory not found.
But, these will work, however, the proxy server will return a nice "file not found", which tells me the rule is processed and forwarding requests correctly.
http://stash.domain.com/projects/MDX/repos/medxchange.library/browse/Src/MedXChange.Api/CoreServiceUrls
I suspect the IIS has some top level filtering to either prevent certain file extensions from being served, or attempt to serve them nativelly within IIS, bypassing the rewrite rules. Also, I imagine there are more characters, aside from "+", that cause the rewrite rules to be ignored.
I had this problem too. It turns out the IIS is trying to be helpful and prevent remote users from downloading source code, which was exactly what I was trying to allow!
The fix was to go into Request Filtering and remove all the troublesome entries, although I skipped that and just put this in the web.config:
<system.webServer>
<security>
<requestFiltering>
<fileExtensions>
<clear />
</fileExtensions>
</requestFiltering>
</security>
</system.webServer>
I'm having some trouble rewriting some things in IIS
Here is what I'm trying to achieve.
We have a bunch of clients that all need a subdomain. For example
http://clientA.mysite.com needs to be rewritten to http://mysite.com/clientArea/?clientID=1234
Then all content needs to be rewrriten to http://mysite.com/clientArea/XXX
so for example if someone requests http://clientA.mysite.com/example.css , that should be rewritten to http://mysite.com/clientArea/example.css
I cannot for the life of me get this working right.
I think I have to to do this in 2 rules. I think I have the first rule working kindof (page looks whack because it can't get the JS files or CSS files to make it look right)
Here is my first rule to rewrite http://clientA.mysite.com to http://mysite.com/clientArea/?clientID=1234
<rule name="Rewrite Subdomain" stopProcessing="true">
<match url="()" />
<conditions>
<add input="{HTTP_HOST}" pattern="^(?!www)clientA\.mysite\.com$" />
</conditions>
<action type="Rewrite" url="clientArea/?clientID=1234" appendQueryString="true" logRewrittenUrl="true" />
</rule>
My second rule, however, I cannot get to work, so any help with this would be great
<rule name="Rewrite Everything Else after subdomain">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^(?!www)clientA\.mysite\.com$" />
</conditions>
<action type="Rewrite" url="{R:0}" />
</rule>
Requesting things like http://clientA.mysite.com/example.js returns a 404 error.
Thanks for the time,
Kyle
If you have dedicated IP number for your site, you can add empty http binding to your site in IIS (right click on your site in IIS > Edit bindings > Add). Then add DNS 'A' record with value: * in your DNS configuration. As a result, every call to your IP will be maintained by your site.
You use a combination in inbound and outbound rewritting rules along with the Application Request Routing Module.
Inbound rule proxies the subfolder to the subdomain content. Outbound rule examines the response and replaces all instances of the subdomain in the response with your subfolder path.
I'm working on one multi-tenancy application, where each tenant will have access to 1 or more "sub applications" (different ASP.NET MVC websites).
http://v1.app1.domain.com
http://v1.app2.domain.com
http://v1.app3.domain.com
Later in time, I'll have new versions for each sub application and I will end with:
http://v1.app1.domain.com
http://v2.app1.domain.com
http://v3.app1.domain.com
http://v1.app2.domain.com
http://v2.app2.domain.com
http://v1.app3.domain.com
Some tenants will want to have access to the latest versions, and some will still be using old ones.
This is what I've done.
Now I would like to keep "the subdomain versions" hidden for them. They will only access the domain: app1.domain.com
This "internal smart proxy" will have the core to know which version this tenant has access.
Anyone knows how I can do this? In a way that all my internal urls (links, images, JS, css, etc...), AJAX,etc, will work correcly?
Or point me to some tutorials/blog/forums where i can find that can help me?
Thank you very much.
What you are trying to build is in essence an HTTP proxy. The difference to most other proxies is just that the actual URL is built on the server side.
There many different ways to do this. I'd choose one of the following:
Create an HTTP handler, in which case you could use this code project article as a starting point.
Use ASP.NET MVC. Create a "catch all" route and pipe that through one single action method.
Either way, you will have to
Analyze the HttpContext.Current.Request object and build a suitable outgoing URL
Use a HttpWebRequest to fetch the data from the actual website. Remember to mimic the original request header plus request content (usually POST parameters) if applicable.
Output the Response Header from the server and then output the data you just fetched.
Application Request Routing (ARR) could be a workable solution if you are using IIS 7 or 7.5.
You would have an additional web site defined in IIS acting as the proxy, which would be separate to the web site(s) your application uses.
The rules about which tenant is on which version would have to be written to a web.config for ARR to read. Is this acceptable? If you have a small number of tenants changing infrequently, you may be happy to edit this file by hand. If you need more automation, you could programatically generate this web.config file. Because this web.config is only for your ARR proxy site, editing it will not cause your application sites to restart.
A sample configuration might use the following IIS Sites:
proxy - binding for your public IP address. *.domain.com resolves to this address
v1app - binding for 127.0.0.101
v2app - binding for 127.0.0.102
IIS server-level settings: ARR cache -> Server Proxy Settings -> enable proxy. (Set the timeout here if your app needs long timeouts.)
And in your "proxy" site's web.config, the following rewrite rules:
<rewrite>
<rules>
<rule name="V1 tenants" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://127.0.0.101/{R:1}" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="app1.domain.com" />
<add input="{HTTP_HOST}" pattern="app3.domain.com" />
</conditions>
</rule>
<rule name="V2 tenants" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://127.0.0.102/{R:1}" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="app2.domain.com" />
</conditions>
</rule>
</rules>
</rewrite>
When a request comes in, it will hit your proxy site, then those rules will look at the hostname and redirect to the appropriate internal site.
If your ARR site is running on the same server as your content sites, you may want to remove the line
<add name="ApplicationRequestRouting" />
from C:\windows\system32\inetsrv\config\applicationHost.config, and add it as a module in your proxy site's web.config. This will apply ARR only to your proxy site, instead of the whole server.