IIS 7 URL rewrite not working to add www if omitted

I have having issues getting our URL rewrite to work. Our domain name is www.sbfoundation.org and it is running on2008R2 with IIS7.5. I have set up DNS records to allow the site to be accessed at sbfoundation.org but in order for our SSL certificate to function properly, I need to have sbfoundation.org rewrite or redirect to www.sbfoundation.org. I have tried configuring the URL Rewrite Module which created the following entry in the web.config file but this doesn't seem to be working

          <httpRedirect enabled="false" destination="http://www.google.com" exactDestination="true" httpResponseStatus="Permanent" />
        <rewrite>
            <rules>
                <rule name="CanonicalHostNameRule1" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTP_HOST}" pattern="^www\.sbfoundation\.org$" negate="true" />
                    </conditions>
                    <action type="Redirect" url="http://www.sbfoundation.org/{R:1}" />
                </rule>
            </rules>
        </rewrite>

I have also tried a few variations on the rule but I just don't seem to be able to get it to function. As best I understand it I believe I have all the bindings set up correctly but I am a little out of my depth here and hoping I have just made a simple mistake somewhere
sbfoundationAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan McFaddenSystems EngineerCommented:
I would adjust your rule like so:

<rewrite>
	<rules>
		<rule name="CanonicalHostNameRule1" stopProcessing="true">
			<match url="(.*)" />
			<conditions>
				<add input="{HTTP_HOST}" pattern="^sbfoundation\.org$" negate="true" />
			</conditions>
			<action type="Redirect" url="http://www.sbfoundation.org/{R:1}" redirectType="Permanent" />
		</rule>
	</rules>
</rewrite>

Open in new window


What was done:

1. Removed the Wildcard processing directive, basically default it to RgEx.
1a. You declared wildcard syntax processing with:  patternSyntax="Wildcard" but used a RegEx expression.  Probably the source of the issue
2. Removed the "www\." you included in the HTTP_HOST confidtion
2a.  you should be trying to match the domain without the www.  your condition was looking for www.sbfoundation.org
3. added the redirectType of Permanent.  This tells browsers that the redirect is forever.  It also helps crawlers to adjust their indexes when they scan your site.  They should remove the reference to the site without the www.

Dan
0
Dan McFaddenSystems EngineerCommented:
0
Steve BinkCommented:
A couple things:

1) Line 6 of Dan McFadden's recommendations is probably not going to work for you.  You can use it if you remove the negate attribute, but then it is only targeting sbfoundation.org.  As long as that's all you need, removing the negate should be fine.

2) The fact that your certificate does not cover www and non-www is a little strange - it has been an industry standard for quite some time to cover both names.  You may want to try addressing this with your certificate provider.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sbfoundationAuthor Commented:
Dan, Steve, thank you both for your input but unfortunately I have still not been able to get this to work. When I tried Dan's code I am unable to access our site at all (i just get a connection error) via sbfoundation.org or www.sbfoundation.org. When I remove the negate="true" portion I am able to access the site both with and without the www but sbfoundation.org still does not rewrite to www.sbfoundation.org.

Below is the full section of the code as I have it in now

  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
        <httpRedirect enabled="false" destination="http://www.sbfoundation.org" exactDestination="true" childOnly="true" httpResponseStatus="Permanent" />
  <rewrite>
      <rules>
            <rule name="CanonicalHostNameRule1" stopProcessing="true">
                  <match url="(.*)" />
                  <conditions>
                        <add input="{HTTP_HOST}" pattern="^sbfoundation\.org$" negate="true" />
                  </conditions>
                  <action type="Redirect" url="http://www.sbfoundation.org/{R:1}" redirectType="Permanent" />
            </rule>
      </rules>
</rewrite>

</system.webServer>

Steve, regarding your second comment, I believe I have explained the situation correctly as best I can understand the error message that I am encounting. When clicking on our Log In link at sbfoundation.org and being directed to a secure page, users get the following error message (this is from Chrome):

" This server could not prove that it is sbfoundation.org; its security certificate is from www.sbfoundation.org. This may be caused by a misconfiguration or an attacker intercepting your connection.
NET::ERR_CERT_COMMON_NAME_INVALID "

I will contact Symantec about this though to see if there is something they can advise.
0
Steve BinkCommented:
The error you are receiving is a valid error - it is the common name of the certificate that needs fixing.  When you buy certificates these days, *most* providers will include common names for the domain and the www subdomain.  Most certificates are used for web server identification, so that became an unofficial industry standard.  But, as demonstrated with yours, there is nothing that says a provider MUST do that.  As a result, users get the error you posted.

Also important - your users are likely to get that error regardless of your redirection configuration.  This is because the redirection happens after the SSL session has been initialized, which means after the offered certificate has gone through and failed validation.

The good news is that you can talk with your provider to correct and re-issue the certificate, if they are willing to cooperate.  If not,  you can always go somewhere else for your certificate needs.  If your site does not engage in e-commerce, try startssl.com - they offer free certificates for basic web service needs.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.