IIS 7 URL rewrite module issues

I am using the url rewrite module 2.0 in IIS7 to redirect all http requests to https requests.

<rule name="http to https" enabled="false" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}:{R:1}" />
</rule>

It works great but now it doesnt work for old static links.  For example, the url:  http://mywebsite.com/findme  used to work but with the rule it doesnt redirect it to https://mywebsite.com/findme   What is the best way to fix this for static links?  Do i tweak my current redirect rule or should a create a new rule and give it higher priority. IF so what should the new rule look like. I have taken many guesses with no luck.
Blake WeaverIT DirectorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Greg HejlPrincipal ConsultantCommented:
Here is the rule that works for me:

                <rule name="Force HTTPS" stopProcessing="true">
                    <match url="(.*)" ignoreCase="false" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
                </rule>
Blake WeaverIT DirectorAuthor Commented:
Hey Greg, thanks for your response but the only different from your rule and mine is for pattern you had "off" instead of "^OFF$"
I tried it with just "OFF" and it still doesn't work when adding the /find in the http url.  Here is a screenshot of my IIS if that helps.
iisrewrite.PNG
Greg HejlPrincipal ConsultantCommented:
is your IIS set to restart on config changes? if not, you need to restart app pool, site, or server to read changes out of the config file

My rule only has off - looks like the only thing different between the two.
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Blake WeaverIT DirectorAuthor Commented:
I restarted IIS, and app pool. Still doesnt work with just "off"  Like i said in my original post, it works fine when you type in base url.  http://mywebsite.com forwards to https://mywebsite.com  but when you add the static link /find it doesnt work.  http://mywebsite.com/find says page cannot be displayed.

I even reset my browser caching.
Greg HejlPrincipal ConsultantCommented:
My Https rule is in %system%\inetserv\applicationhostconfig

If you turn off that rule does it work with /find appended?

Do you have failed request logging enabled?

What's the http error you are getting?
Blake WeaverIT DirectorAuthor Commented:
i am configuring it from the IIS icon.  Downloaded the extension from http://www.iis.net/downloads/microsoft/url-rewrite
 
see attachment

i dont see anything in my iis logs except this:
2016-01-06 05:17:06 10.1.101.155 GET /find - 80 - 108.64.192.171 Mozilla/5.0+(Windows+NT+6.3;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko 301 0 0 62
iisrewrite2.PNG
Dan McFaddenSystems EngineerCommented:
@Blake... I use the same http to https forced redirect config.

I noticed that you have the "enabled" option set to FALSE.  I would remove the attribute  'enabled-"false" ' from your setup.

Just for show purposes, below is the redirect that I use:

<rewrite>
    <rules>
        <rule name="redirect to https" stopProcessing="true">
            <match url="(.*)" />
            <conditions>
                <add input="{HTTPS}" pattern="^OFF$" />
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
        </rule>
    </rules>
</rewrite>

Open in new window


And the pattern match should be "^OFF$"

Dan

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Greg HejlPrincipal ConsultantCommented:
Failed request tracing isn't enabled on your system. it's in programs and features. 'Tracing'

applicationhost.config is global config file for webserver.  when you are on the control panel for the webserver, these setting get saved to that file.

as this rule works, the /find issue is in another place.
Dan McFaddenSystems EngineerCommented:
You should never place a URL Redirect in the applicationhost.config file!

Any changes made to this file will affect every website running on the server.  Unless you know specifically what you are doing, meaning a very good and deep understanding of IIS, I would stay away from making changes to this file.

Any URL Redirects should be placed in the specific web.config associated with the website where you want the redirect to run.

The rewrite rule(s) should be placed in the <system.webServer> element in the site's (not the server's) web.config.

Dan
Blake WeaverIT DirectorAuthor Commented:
Thanks Dan, yes i agree with your comments and that is where the rule is in my environment(web.config).  I had it set to false on purpose since it wasnt working but when enabled the link isn't forwarding properly and we are already in production so i didn't want to have a dead page so i have temporarily turned off HTTPS forcing until i can fix it.  Any other suggestions?
Greg HejlPrincipal ConsultantCommented:
Dan, I would be interested to know why you wouldn't want the url redirect in applicationhost.config?
All of the sites on my webservers need this rule.  set it once and forget it.

Blake,

does your appended /find work without https redirect?

have you enabled failed request tracing yet?
Dan McFaddenSystems EngineerCommented:
Because site redirect are specific to sites.  I would consider your situation a special case.  In most cases, not every website will have an SSL Certificate, therefore rendering a rewrite rule in a global configuration an extra step to processing a request.

In a situation where you have a small number of sites completely under your control, then it could be safe.  But in situations where you have large numbers of site in operation, I would not recommend dropping a rewrite in the applicationhost.config file.

Plus, from a troubleshooting viewpoint, you now have to look at, not only the web site config but now the server configuration in order to isolate a potential issue.

Again, this is only my recommendation.  I have a large number of sites in operation... some on the Internet, some not.  In neither situation would I put a "set and forget" URL rewrite rule in the applicationhost file.

Dan
Dan McFaddenSystems EngineerCommented:
@Blake,  have you specifically tried the rewrite rule provided or are you just comparing and saying it looks the same?

I would suggest removing your rule and using the ones suggested.

I understand this is production, but if you have the chance...  Or try it on a test server with a copy of production running.

Dan
Blake WeaverIT DirectorAuthor Commented:
@Dan, i am ashamned to say when copying and pasting your rule in the web config it worked.  My rule, although looked the same, was generated by the IIS URL rewrite module extension.  Blows my mind how it would be different.  Thanks!  One more question, what about removing the www's from the url so we can get better tracking and not have both https://www.mywebsite.com and https://mywebsite.com

@Greg when i enabled failed request tracing nothing showed up in the error log even though i would get page cannot be displayed in my browser.
Greg HejlPrincipal ConsultantCommented:
there are two steps to enable Failed request tracing.

enable at the server level, configure at the site level

you'll love this for dev and troubleshooting
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.