Link to home
Start Free TrialLog in
Avatar of sbfoundation
sbfoundation

asked on

IIS 7 URL rewrite not working to add www if omitted

I have having issues getting our URL rewrite to work. Our domain name is www.sbfoundation.org and it is running on2008R2 with IIS7.5. I have set up DNS records to allow the site to be accessed at sbfoundation.org but in order for our SSL certificate to function properly, I need to have sbfoundation.org rewrite or redirect to www.sbfoundation.org. I have tried configuring the URL Rewrite Module which created the following entry in the web.config file but this doesn't seem to be working

          <httpRedirect enabled="false" destination="http://www.google.com" exactDestination="true" httpResponseStatus="Permanent" />
        <rewrite>
            <rules>
                <rule name="CanonicalHostNameRule1" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTP_HOST}" pattern="^www\.sbfoundation\.org$" negate="true" />
                    </conditions>
                    <action type="Redirect" url="http://www.sbfoundation.org/{R:1}" />
                </rule>
            </rules>
        </rewrite>

I have also tried a few variations on the rule but I just don't seem to be able to get it to function. As best I understand it I believe I have all the bindings set up correctly but I am a little out of my depth here and hoping I have just made a simple mistake somewhere
Avatar of Dan McFadden
Dan McFadden
Flag of United States of America image

I would adjust your rule like so:

<rewrite>
	<rules>
		<rule name="CanonicalHostNameRule1" stopProcessing="true">
			<match url="(.*)" />
			<conditions>
				<add input="{HTTP_HOST}" pattern="^sbfoundation\.org$" negate="true" />
			</conditions>
			<action type="Redirect" url="http://www.sbfoundation.org/{R:1}" redirectType="Permanent" />
		</rule>
	</rules>
</rewrite>

Open in new window


What was done:

1. Removed the Wildcard processing directive, basically default it to RgEx.
1a. You declared wildcard syntax processing with:  patternSyntax="Wildcard" but used a RegEx expression.  Probably the source of the issue
2. Removed the "www\." you included in the HTTP_HOST confidtion
2a.  you should be trying to match the domain without the www.  your condition was looking for www.sbfoundation.org
3. added the redirectType of Permanent.  This tells browsers that the redirect is forever.  It also helps crawlers to adjust their indexes when they scan your site.  They should remove the reference to the site without the www.

Dan
ASKER CERTIFIED SOLUTION
Avatar of Steve Bink
Steve Bink
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sbfoundation
sbfoundation

ASKER

Dan, Steve, thank you both for your input but unfortunately I have still not been able to get this to work. When I tried Dan's code I am unable to access our site at all (i just get a connection error) via sbfoundation.org or www.sbfoundation.org. When I remove the negate="true" portion I am able to access the site both with and without the www but sbfoundation.org still does not rewrite to www.sbfoundation.org.

Below is the full section of the code as I have it in now

  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
        <httpRedirect enabled="false" destination="http://www.sbfoundation.org" exactDestination="true" childOnly="true" httpResponseStatus="Permanent" />
  <rewrite>
      <rules>
            <rule name="CanonicalHostNameRule1" stopProcessing="true">
                  <match url="(.*)" />
                  <conditions>
                        <add input="{HTTP_HOST}" pattern="^sbfoundation\.org$" negate="true" />
                  </conditions>
                  <action type="Redirect" url="http://www.sbfoundation.org/{R:1}" redirectType="Permanent" />
            </rule>
      </rules>
</rewrite>

</system.webServer>

Steve, regarding your second comment, I believe I have explained the situation correctly as best I can understand the error message that I am encounting. When clicking on our Log In link at sbfoundation.org and being directed to a secure page, users get the following error message (this is from Chrome):

" This server could not prove that it is sbfoundation.org; its security certificate is from www.sbfoundation.org. This may be caused by a misconfiguration or an attacker intercepting your connection.
NET::ERR_CERT_COMMON_NAME_INVALID "

I will contact Symantec about this though to see if there is something they can advise.
The error you are receiving is a valid error - it is the common name of the certificate that needs fixing.  When you buy certificates these days, *most* providers will include common names for the domain and the www subdomain.  Most certificates are used for web server identification, so that became an unofficial industry standard.  But, as demonstrated with yours, there is nothing that says a provider MUST do that.  As a result, users get the error you posted.

Also important - your users are likely to get that error regardless of your redirection configuration.  This is because the redirection happens after the SSL session has been initialized, which means after the offered certificate has gone through and failed validation.

The good news is that you can talk with your provider to correct and re-issue the certificate, if they are willing to cooperate.  If not,  you can always go somewhere else for your certificate needs.  If your site does not engage in e-commerce, try startssl.com - they offer free certificates for basic web service needs.