I am using IIS 7.5 with the Url Rewrite module. Here is my rule.
<rule name="stash.domain.com" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://192.168.5.9:8080/{R:1}" logRewrittenUrl="true" />
<conditions>
<add input="{HTTP_HOST}" pattern="^stash.domain.com$" />
</conditions>
</rule>
Everything works as expected, except if the url contains and extension of ".cs", or if a "+" sign is in the url anywhere.
For example, these don't work
http://stash.domain.com/projects/MDX/repos/medxchange.library/browse/Src/MedXChange.Api/CoreServiceUrls.cs
http://stash.domain.com/projects/MDX/repos/medxchange.library/browse/Src/MedXChange.Api/CoreService+Urls
I get the following response from IIS with those urls.
404 - File or directory not found.
But, these will work, however, the proxy server will return a nice "file not found", which tells me the rule is processed and forwarding requests correctly.
http://stash.domain.com/projects/MDX/repos/medxchange.library/browse/Src/MedXChange.Api/CoreServiceUrls
I suspect the IIS has some top level filtering to either prevent certain file extensions from being served, or attempt to serve them nativelly within IIS, bypassing the rewrite rules. Also, I imagine there are more characters, aside from "+", that cause the rewrite rules to be ignored.
I had this problem too. It turns out the IIS is trying to be helpful and prevent remote users from downloading source code, which was exactly what I was trying to allow!
The fix was to go into Request Filtering and remove all the troublesome entries, although I skipped that and just put this in the web.config:
<system.webServer>
<security>
<requestFiltering>
<fileExtensions>
<clear />
</fileExtensions>
</requestFiltering>
</security>
</system.webServer>
Related
My website has a partnership with external sites for members that allows access. The only way our members can access the external site is first if they are authenticated on our site, and then if they visit the external site from a specific page. Such as:
Our partner/external site checks HTTP_REFERER and verifies that the user is coming from the exact URL above and then allows them access.
So, we are stuck with this URL unless we request the partner change the URL on their side as well, which is a long complicated process.
I would like to make this URL prettier, but allow the external site to view the correct or "true" URL when the do an HTTP_REFERER so that they can still allow access for authenticated users from our site.
Some notes on my specific situation:
I am running pages on an IIS 7 Server.
Pages are .asp pages and utilizing Classic ASP VB server-side language.
I do not have access
to change anything on the external server checking the HTTP_REFERER
location.
I have tried doing:
<% Server.Transfer("/mynewpage/") %>
and that works in the sense that it makes the URL prettier while keeping the page at the same location. But the external site also reads the page as coming from "www.example.org/mynewpage/", which "breaks" our authentication because it's not the predefined page they are looking for to check authentication.
Is there another way that I can "cloak" or "rename" my URL to make it prettier, while still allowing the external site to correctly read the "True" URL when they do an HTTP_REFERER?
If your host has the URL rewrite module installed (which they probably will) then you can put rewrite rules into the system.webserver section of web.config eg
<rewrite>
<rules>
<rule name="ArticleDetail" stopProcessing="true">
<match url="^article/([^/]+)/?$"/>
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true"/>
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true"/>
</conditions>
<action type="Rewrite" url="article.asp?id={R:1}"/>
</rule>
<rule name="Articles" stopProcessing="true">
<match url="^articles$"/>
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true"/>
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true"/>
</conditions>
<action type="Rewrite" url="articles.asp"/>
</rule>
</rules>
</rewrite>
This is for standard master/detail pages called articles.asp and article.asp. yoururl/articles will find articles.asp and yoururl/article/30 will find articles.asp?id=30
The alternative is to set up a custom 404 page and use server.transfer in that. You would also use web.config to define your 404 page, but the rewrite engine is easier IMO. Using either approach, both the "pretty" URL and the original url would find the page.
Note that if you have IIS installed on your own machine you can use the Rewrite rule creator in that. When you use it you'll find that it's added the rules it created to web.config
http://www.iis.net/learn/extensions/url-rewrite-module/url-rewrite-module-configuration-reference
<rule name="AngularJS Routes" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
</conditions>
<action type="Rewrite" url="/index.html" />
</rule>
The above is a one of several url rewrite rules widely suggested for angular single page apps.
I understand the rule to mean "If the request is not for a physical file, rewrite the url to /index.html.
Excerpt from documentation link above: " This can be used to specify a condition that checks if the requested URL is NOT a file..."
In index.html I have this script reference:
<script src="lib/jquery/dist/jquery.min.js"></script>
This is a physical file and it does exist on the disk in the location specified.
The rewrite rule is picking up this request and rewriting it to /index.html.
Why is that occuring?
My web.config is located at the same level as wwwroot.
There are several threads on github related to url rewrites, not sure if this specific issue is covered:
https://github.com/aspnet/BasicMiddleware/issues/43
https://github.com/aspnet/IISIntegration/issues/164
https://github.com/aspnet/IISIntegration/issues/192
IsFile won't work because the file is not where IIS expects it to be. For an Asp.Net 4 app the index.html file would have been in the site root, but for an Asp.Net Core app the file is in a subdirectory.
Try using the new Rewrite middleware instead, it knows where the files are in the new Asp.Net Core layout.
https://github.com/aspnet/BasicMiddleware/blob/dev/samples/RewriteSample/Startup.cs#L16
I have been over the web hunting for solutions for this, but I can get only 1 and 2 to work.
http://www.example.com to https://www.example.com
www.example.com to https://www.example.com
http://example.com to https://www.example.com
https://example.com to https://www.example.com
https://example.com to https://www.example.com
example.com/page.aspx to https://www.example.com/page.aspx
Requirements:
All URLs to be HTTPS
All URLs without WWW in them to show WWW
All other redirects to work, query strings and params carried over etc.
So the main issue is that if no protocol is specified (http or https) then if I enter example.com/blah then it gets converted to www.example.com/blah but put a protocol (http or https) in front and it breaks the link.
As I don't currently have a rule to move non-WWW URLs to WWW, then I am not sure what is doing it, if I have to do it, how I can get it to work with HTTP to HTTPS.
I have tried putting the rules for HTTP to go to HTTPS together with a rule for non-WWW to WWW but it didn't work (first example you will see - bottom example is what I am using at the moment).
I have tried using {HTTP_HOST} instead of writing out my site's URL in the redirect part of the rule.
I have tried splitting the rules into 2, one for HTTP to HTTPS, and one for no-WWW to WWW.
However nothing seems to work.
At the moment I am just using my hosts file and practising, changing the rules in the web.config file for the site on Win 2012 box.
I have other rules as well e.g for www.example.com/plugins to go to the page (rewrite) underneath .aspx, but these don't work either if there is no www in the URL.
So it seems the redirection of non-WWW URLs to WWW is the issue and I don't know the best way to combine it with the HTTP to HTTPS rules.
I was trying a combo of the two rules which covers the HTTPS/WWW and works apart from no 4/5 (non-WWW to WWW) this is that rule.
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny" trackAllCaptures="false">
<add input="{HTTPS}" pattern="^OFF$" />
<add input="{HTTP_HOST}" pattern="^[^www]" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
The actual switching of logicalGrouping="MatchAny" to "MatchAll" doesn't seem to make a difference by the way.
As long as someone doesn't type the URL as http://example.com/plugins then it works fine and is redirected to https://www.example.com/plugins.
Not that I know many people who actually type the protocol in when entering links now (// works as well) but it's obviously the old search engines, and site embedded links I need to handle for duplicate content.
Can anyone think of a reason why this isn't working OR what I should try?
I have bindings set up for both port 80/443 for WWW and without.
I never find in answers to problems like these that people talk much about the IIS settings such as bindings and ports but I think they should as web.config is tied into the URL Redirect application and bindings are obviously required for your addresses.
I just find it weird that the example rule I put up earlier works just as well as this one which only mentions HTTP to HTTPS.
This is what I am currently using. Maybe IIS does something with www?
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
I even changed the order of the bindings so that non-WWW bindings went before the WWW bindings thinking that might have something to do with it.
I control my DNS and my A record is set like
DNSEntry - WWW
Type - A
Destination - MY IP
So I am a bit confused to what is actually forcing non-WWW URLs to go to WWW URLs. As the command I am currently using in web.config only mentions HTTPS.
I am thinking maybe there is something in IIS (I am not an IIS 8 expert) that has set something to do it or the setting of one of the values should have been a domain without WWW in it.
Any help would be much appreciated. I doubt there are many URLs about pointing to my site without the WWW in it anyway but it would be good to know for SEO that I could force them all to one place so I don't get caught on duplicate content.
Try below code:
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
How to force HTTPS using a web.config file
IIS 7.5 URL Redirect for specific patterns
Override an IIS rewrite rule for child site?
We have modified our file structure a bit since we've found an issue with the result in my other thread and we now we're back where we've started. I have checked out this thread but there is no answer to that question either.
We want the URL to show: https://devbox.mysite.com/kb/article/test-article-1 on the browser.
Below is my URL Rewrite:
<rule name="Article-rewrite" enabled="true">
<match url=".com/kb/article/(.*)$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="https://devbox.mysite.com/kb/article/?artID={R:1}" appendQueryString="false" />
</rule>
I have enabled Failed Request Tracing to trace rewrite rules on the IIS but when I added the rules I do not see the Rewrite as an option even though this instruction showed that it's there. This is my settings and it's not showing option. Anyway, this is just a side issue to diagnose my url rewrite issue.
Okay, so I finally figured out the answer to my question. The match URL will match the folder kb/artitcle/ and the a-ZA-Z- will only allow word and dash. In my situation, there will only be one parameter being passed so I intentionally ignoring the ampersand character because in CommonSpot CMS it adds a &cs_pgIsInLView=1 to the end of the URL which causes the rewrite rule to break. So by ignoring this ampersand, it works in my situation. The query_string pattern 1 will ignore rewrite when I tried to login to the page with the url https://devbox.mysite.com/index.cfm?login=1. I'm guess there may be other better ways than this one but for now, this will have to do.
<rule name="Article-rewrite" enabled="true">
<match url="^kb/article/([a-zA-Z\-]+)$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{QUERY_STRING}" pattern="1" negate="true" />
</conditions>
<action type="Rewrite" url="kb/article/?artID={R:1}" appendQueryString="false" />
</rule>
I'm having some trouble rewriting some things in IIS
Here is what I'm trying to achieve.
We have a bunch of clients that all need a subdomain. For example
http://clientA.mysite.com needs to be rewritten to http://mysite.com/clientArea/?clientID=1234
Then all content needs to be rewrriten to http://mysite.com/clientArea/XXX
so for example if someone requests http://clientA.mysite.com/example.css , that should be rewritten to http://mysite.com/clientArea/example.css
I cannot for the life of me get this working right.
I think I have to to do this in 2 rules. I think I have the first rule working kindof (page looks whack because it can't get the JS files or CSS files to make it look right)
Here is my first rule to rewrite http://clientA.mysite.com to http://mysite.com/clientArea/?clientID=1234
<rule name="Rewrite Subdomain" stopProcessing="true">
<match url="()" />
<conditions>
<add input="{HTTP_HOST}" pattern="^(?!www)clientA\.mysite\.com$" />
</conditions>
<action type="Rewrite" url="clientArea/?clientID=1234" appendQueryString="true" logRewrittenUrl="true" />
</rule>
My second rule, however, I cannot get to work, so any help with this would be great
<rule name="Rewrite Everything Else after subdomain">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^(?!www)clientA\.mysite\.com$" />
</conditions>
<action type="Rewrite" url="{R:0}" />
</rule>
Requesting things like http://clientA.mysite.com/example.js returns a 404 error.
Thanks for the time,
Kyle
If you have dedicated IP number for your site, you can add empty http binding to your site in IIS (right click on your site in IIS > Edit bindings > Add). Then add DNS 'A' record with value: * in your DNS configuration. As a result, every call to your IP will be maintained by your site.
You use a combination in inbound and outbound rewritting rules along with the Application Request Routing Module.
Inbound rule proxies the subfolder to the subdomain content. Outbound rule examines the response and replaces all instances of the subdomain in the response with your subfolder path.