IIS 7 URL rewrite module issues

Blake Weaver
Blake Weaver used Ask the Experts™
on
I am using the url rewrite module 2.0 in IIS7 to redirect all http requests to https requests.

<rule name="http to https" enabled="false" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}:{R:1}" />
</rule>

It works great but now it doesnt work for old static links.  For example, the url:  http://mywebsite.com/findme  used to work but with the rule it doesnt redirect it to https://mywebsite.com/findme   What is the best way to fix this for static links?  Do i tweak my current redirect rule or should a create a new rule and give it higher priority. IF so what should the new rule look like. I have taken many guesses with no luck.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Greg HejlPrincipal Consultant

Commented:
Here is the rule that works for me:

                <rule name="Force HTTPS" stopProcessing="true">
                    <match url="(.*)" ignoreCase="false" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
                </rule>
Blake WeaverIT Director

Author

Commented:
Hey Greg, thanks for your response but the only different from your rule and mine is for pattern you had "off" instead of "^OFF$"
I tried it with just "OFF" and it still doesn't work when adding the /find in the http url.  Here is a screenshot of my IIS if that helps.
iisrewrite.PNG
Greg HejlPrincipal Consultant

Commented:
is your IIS set to restart on config changes? if not, you need to restart app pool, site, or server to read changes out of the config file

My rule only has off - looks like the only thing different between the two.
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

Blake WeaverIT Director

Author

Commented:
I restarted IIS, and app pool. Still doesnt work with just "off"  Like i said in my original post, it works fine when you type in base url.  http://mywebsite.com forwards to https://mywebsite.com  but when you add the static link /find it doesnt work.  http://mywebsite.com/find says page cannot be displayed.

I even reset my browser caching.
Greg HejlPrincipal Consultant

Commented:
My Https rule is in %system%\inetserv\applicationhostconfig

If you turn off that rule does it work with /find appended?

Do you have failed request logging enabled?

What's the http error you are getting?
Blake WeaverIT Director

Author

Commented:
i am configuring it from the IIS icon.  Downloaded the extension from http://www.iis.net/downloads/microsoft/url-rewrite
 
see attachment

i dont see anything in my iis logs except this:
2016-01-06 05:17:06 10.1.101.155 GET /find - 80 - 108.64.192.171 Mozilla/5.0+(Windows+NT+6.3;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko 301 0 0 62
iisrewrite2.PNG
Systems Engineer
Commented:
@Blake... I use the same http to https forced redirect config.

I noticed that you have the "enabled" option set to FALSE.  I would remove the attribute  'enabled-"false" ' from your setup.

Just for show purposes, below is the redirect that I use:

<rewrite>
    <rules>
        <rule name="redirect to https" stopProcessing="true">
            <match url="(.*)" />
            <conditions>
                <add input="{HTTPS}" pattern="^OFF$" />
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
        </rule>
    </rules>
</rewrite>

Open in new window


And the pattern match should be "^OFF$"

Dan
Greg HejlPrincipal Consultant

Commented:
Failed request tracing isn't enabled on your system. it's in programs and features. 'Tracing'

applicationhost.config is global config file for webserver.  when you are on the control panel for the webserver, these setting get saved to that file.

as this rule works, the /find issue is in another place.
Dan McFaddenSystems Engineer

Commented:
You should never place a URL Redirect in the applicationhost.config file!

Any changes made to this file will affect every website running on the server.  Unless you know specifically what you are doing, meaning a very good and deep understanding of IIS, I would stay away from making changes to this file.

Any URL Redirects should be placed in the specific web.config associated with the website where you want the redirect to run.

The rewrite rule(s) should be placed in the <system.webServer> element in the site's (not the server's) web.config.

Dan
Blake WeaverIT Director

Author

Commented:
Thanks Dan, yes i agree with your comments and that is where the rule is in my environment(web.config).  I had it set to false on purpose since it wasnt working but when enabled the link isn't forwarding properly and we are already in production so i didn't want to have a dead page so i have temporarily turned off HTTPS forcing until i can fix it.  Any other suggestions?
Greg HejlPrincipal Consultant

Commented:
Dan, I would be interested to know why you wouldn't want the url redirect in applicationhost.config?
All of the sites on my webservers need this rule.  set it once and forget it.

Blake,

does your appended /find work without https redirect?

have you enabled failed request tracing yet?
Dan McFaddenSystems Engineer

Commented:
Because site redirect are specific to sites.  I would consider your situation a special case.  In most cases, not every website will have an SSL Certificate, therefore rendering a rewrite rule in a global configuration an extra step to processing a request.

In a situation where you have a small number of sites completely under your control, then it could be safe.  But in situations where you have large numbers of site in operation, I would not recommend dropping a rewrite in the applicationhost.config file.

Plus, from a troubleshooting viewpoint, you now have to look at, not only the web site config but now the server configuration in order to isolate a potential issue.

Again, this is only my recommendation.  I have a large number of sites in operation... some on the Internet, some not.  In neither situation would I put a "set and forget" URL rewrite rule in the applicationhost file.

Dan
Dan McFaddenSystems Engineer
Commented:
@Blake,  have you specifically tried the rewrite rule provided or are you just comparing and saying it looks the same?

I would suggest removing your rule and using the ones suggested.

I understand this is production, but if you have the chance...  Or try it on a test server with a copy of production running.

Dan
Blake WeaverIT Director

Author

Commented:
@Dan, i am ashamned to say when copying and pasting your rule in the web config it worked.  My rule, although looked the same, was generated by the IIS URL rewrite module extension.  Blows my mind how it would be different.  Thanks!  One more question, what about removing the www's from the url so we can get better tracking and not have both https://www.mywebsite.com and https://mywebsite.com

@Greg when i enabled failed request tracing nothing showed up in the error log even though i would get page cannot be displayed in my browser.
Greg HejlPrincipal Consultant

Commented:
there are two steps to enable Failed request tracing.

enable at the server level, configure at the site level

you'll love this for dev and troubleshooting

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial