Solved

Two URL's pointing to 1 Website - Redirect URL1 to URL2

Posted on 2014-03-28
11
374 Views
Last Modified: 2014-04-03
I've just published a site to the web which staff access using https://URL-1.acme.com and it's working fine. When users access the site internally they use https://URL-2.acme.com.

To make things simpler for staff I'd like them to be able to access the site internally using either URL-1 or URL-2. I've created an internal DNS record for URL-1 to point to the web server and users can browse to the site.

The issue is the site internally is https://URL-2.acme.com with an SSL Cert of the same name bound to it and when a user browses internally using URL-1 they're getting an SSL warning due to mismatched address.

Ideally what i'd like is when a user browses to URL-1 internally it's automatically redirected to URL-2 but I've poked around and can't find anything obvious so hoping someone here can help before I break things.

Hopefully that makes sense and let me know if you need me to provide more info. Thanks in advance.
0
Comment
Question by:misfit139
  • 5
  • 5
11 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 39963044
URL Rewrite would be  your best bet here:
More info on URL rewrite :
http://www.surfingsuccess.com/asp/iis-url-rewrite.html


An example for you would be:
http_host matches url1 and {REMOTE_ADDR}  matches your internal ips
0
 
LVL 58

Assisted Solution

by:Gary
Gary earned 150 total points
ID: 39963048
Quick and dirty way is to have an index.html that just contains this to redirect to the main url.

<META http-equiv="refresh" content="0;URL=http://main-site">
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 350 total points
ID: 39963051
Here is a much clearer walkthrough on using URL rewrite to accomplish what you need:
https://docs.gosecureauth.com/display/docs/URL+Rewrite+-+IP+Restrictions


I am assuming here you want anyone who is not internal to still be able to access URL1 ?
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 1

Author Comment

by:misfit139
ID: 39963266
Thanks for the responses guys and sorry for not getting back to you sooner. I tried the quick and dirty way suggested by Gary but you still get the Cert Warning and then when you click continue it does change the URL.

I've also installed the URL Rewrite module, rebooted the server and tried following the walkthrough but not having any luck. I have tried "redirect" and "rewrite" I've tried it from the top level of IIS and from the Website but nothing happens.

Not sure where i'm going wrong and yes becraig I still want URL-1 to be accessible to external users.
Redirect2.JPG
Redirect.JPG
0
 
LVL 29

Expert Comment

by:becraig
ID: 39963325
Ok so here is what you need to do

1.  This first pattern is good *
2. Logical grouping should be {REMOTE_ADDR}  (This should be your internal IP address, e.g. 192.168.1.*)

Then you do the redirect URL

Send it to URL2 etc



IIsreset and test.
0
 
LVL 1

Author Comment

by:misfit139
ID: 39963448
Hi Becraig, thanks for your reply. I've tried as you suggested but now I'm getting Page cannot be displayed, I disabled the rule and I'm then go back to getting the Cert error.

Tested from two PC's both on 192.168.160.x subnet.
Redirect3.JPG
0
 
LVL 29

Expert Comment

by:becraig
ID: 39963542
Ok so first issue

Please double check the destination URL in the rule since the page cannot be displayed sounds like a DNS resolution error.

It is obvious the redirect based on ip works since you get a different result in the browser, please ensure you can resolve the redirect URL ;

Nslookup site2 from a command prompt.  

Second.

You will get the cert error since you are loading a site different to the one requested.
0
 
LVL 1

Author Comment

by:misfit139
ID: 39963590
Disabled URL Rewrite rule retsart IIS
Checked the redirect URL, copied and pasted in to a browser and works.
Nslookup returns the correct IP for both URL from the same PC I tested on.
I can browse to both URL's

Enable URL Rewrite rule Restart IIS
From test PC browse to URL-1 get Cert error, click on continue and stay on URL-1 "Page cannot be displayed.
From test PC browse to URL-2 no cert error straight to Page cannot be displayed.
Nslookup still returns the IP of the Webserver on both URL's and can ping that IP.

Here is the code from the Web.config file

<rules>
                <rule name="URL-1 to URL-2" enabled="true" stopProcessing="true">
                    <match url=".*" />
                    <conditions logicalGrouping="MatchAny">
                        <add input="{REMOTE_ADDR}" pattern="192.168.*.*" />
                    </conditions>
                    <action type="Redirect" url="https://URL-2.acme.com/{R:0}" appendQueryString="true" />


Also you said "It is obvious the redirect based on ip works since you get a different result in the browser"

I actually don't think it is working, when I browse to URL-1 it remains on URL-1 after clicking on continue on Cert error page. That is with the Rule enabled or disabled, the only difference being the page is displayed when the rule is disabled.
0
 
LVL 1

Accepted Solution

by:
misfit139 earned 0 total points
ID: 39963794
Doing some reading and it appears it's not possible to do it the way we are trying. A redirection by URL Rewrite will only happen once the SSL connection is established. It would be getting an error though as the URL i'm connecting to is not covered by the Certificate bound to 443.

So what I've done is added a second IP and bound it to 443 with the URL-1 Certificate. Now it just works on both URL's and i can play around with URL Rewrite later if I want.

A more efficient way of doing it would be to get a Cert that allowed multiple SAN entries and remove the need for a second IP.

Thanks for all your efforts Becraig and thank you Gary for your post as well.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39963871
Your problem here as indicated above is the SSL redirect.  

There are ways to resolve that, which will allow URL rewrite to work.
0
 
LVL 1

Author Closing Comment

by:misfit139
ID: 39974505
If like me you are trying to redirect one SSL URL to a second SSL URL and the second URL is the only SAN valid on the Certificate. Then URL Rewrite doesn't work because the SSL connection fails to establish due to the Certificate mismatch. In a different situation both the other guys answers would be more beneficial.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to silent print from safari browser 6 199
Stupid git question 2 87
What language/protocol is the Angular Chat? 2 76
Randomize in Owl Carousel v1.3.2 6 44
Introduction A frequently used term in Object-Oriented design is "SOLID" which is a mnemonic acronym that covers five principles of OO design.  These principles do not stand alone; there is interplay among them.  And they are not laws, merely princ…
SASS allows you to treat your CSS code in a more OOP way. Let's have a look on how you can structure your code in order for it to be easily maintained and reused.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question