Solved

URL rewrite to redirect all URL variants to https://www.mydomain.com

Posted on 2016-10-14
11
53 Views
Last Modified: 2016-10-19
I have a URL and I have applied an SSL certificate to the www variant https://www.mydomain.com. I would like all variations of this domain to point to https://www.mydomain.com,

So for example the following domains should redirect to https://www.mydomain.com:


The website is hosted on a windows 2008 server running IIS7.5 and I have created some rules in the web.config file using URL Rewrite. However the following domains do not redirect:


Here are the rules I currently have:

<!-- Redirect http non www to https www -->
<rule name="Redirect http://mydomain.com to www" patternSyntax="Wildcard" stopProcessing="true">
  <match url="*" />
  <conditions>
	<add input="{HTTP_HOST}" pattern="mydomain.com" />
  </conditions>
  <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>

<!-- Redirect http to https -->
<rule name="Redirect http to https" enabled="true">
	<match url="(.*)" ignoreCase="false" />
	<conditions>
		<add input="{HTTPS}" pattern="off" />
	</conditions>
	<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>

Open in new window


I would appreciate some assistance in getting this to work using a URL rewrite. Ideally I would prefer to replace the above with a single rule.
0
Comment
Question by:mike99c
  • 6
  • 5
11 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 41844701
Probably you can try out this rule which quite similar to yours but they combine the condition and check for www too.

Besides the three tested Url, need to verify whether it suggested example can work for "https://mydomain.com" which we may want to change it with wildcard for the "www"

https://www.orderfactory.com/articles/IIS-URL-Rewrite-to-HTTPS.html
0
 

Author Comment

by:mike99c
ID: 41844740
Thanks btan for this. It has definitely improved. I tested it in Firefox after I cleared the cache of cookies and history. Previously when I typed mydomain.com it immediately redirected to https://mydomain.com which flagged the security warning. Now it redirects to https://www.mydomain.com which is what I want.

The problem remains however that if I type in https://mydomain.com it does not redirect at all and the security warning appears.
0
 
LVL 61

Expert Comment

by:btan
ID: 41844875
We may need to enforce prefix www. Pls see http://madskristensen.net/post/url-rewrite-and-the-www-subdomain
0
 

Author Comment

by:mike99c
ID: 41844898
I tried the enforce www rule and it still does not work. I tried it both before and after the http to https redirect rule and it fails for both cases.
0
 
LVL 61

Expert Comment

by:btan
ID: 41844901
I suggest you remove all the existing code and include only the https redirection for domain.com to www.domain.com.

I suspect it is due to the warning as the SSL Certificate is causing HTTPS not to match. For example, the SSL cert used for yiur webserver is only for www.domain.com but not domain.com. You can either have a wildcard *.domain.com cert or a cert with SAN to have the domains included.
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 

Author Comment

by:mike99c
ID: 41844911
Hi btan, it is true that the certificate is only set up for www.domain.com and not domain.com. I was hoping to avoid the extra expense of applying it to the non www hoping that the redirect would do the trick.

Is there any reason why the redirect cannot work in this case?
0
 
LVL 61

Expert Comment

by:btan
ID: 41844978
you can try access https://domain.com and see the SSL certificate presented if any from your browser. The SSL certificate subject may not be referring to domain.com but instead www.domain.com, hence SSL will not be completed. The rewrite will only kicked in after the HTTP connection is established.
I get in the SSL Server Test:
Prefix handling Not valid for "domain.com"   CONFUSING
 
Why is it confusing if a certificate is only valid for www.domain.com and not also in addition for domain.com?
 
Well, because your certificate does not include a SAN for domain.com, you cannot use this current SSL server certificate for securing https://domain.com, as no SSL client will trust this connection.
http://discussions.citrix.com/topic/366491-redirect-httpsdomaincom-to-httpswwwdomaincom/

also for SSL Server Certificate trust problems, try testing your SSL setup using https://www.ssllabs.com/ssltest/
0
 
LVL 61

Expert Comment

by:btan
ID: 41844981
another that I saw
For a safer rule that works for both Match Any and Match All situations, you can use the Rewrite Map solution....You can create a Rewrite Map called MapProtocol, you can use {MapProtocol:{HTTPS}} for the protocol within any rule action.

<rewrite>
  <rules>
    <rule name="Redirect to www" stopProcessing="true">
      <match url="(.*)" />
      <conditions trackAllCaptures="false">
        <add input="{HTTP_HOST}" pattern="^domain.com$" />
      </conditions>
      <action type="Redirect"
        url="{MapProtocol:{HTTPS}}://www.domain.com/{R:1}" />
    </rule>
  </rules>
  <rewriteMaps>
    <rewriteMap name="MapProtocol">
      <add key="on" value="https" />
      <add key="off" value="http" />
    </rewriteMap>
  </rewriteMaps>
</rewrite>
0
 

Author Comment

by:mike99c
ID: 41844990
Thanks btan, I tried the rewrite maps solution and it did not work. I had the same issue.

From your previous post, are you saying that if I applied the SSL certifictae to https://domain.com that the redirect rule would work?
0
 
LVL 61

Expert Comment

by:btan
ID: 41845024
You can try as I still suspect it is the ssl cert. Check your SSL cert subject name and SAN for any "domain.com" and if there is none, chances the rewrite will not work.
0
 

Author Closing Comment

by:mike99c
ID: 41850902
Works ok apart from the non www https.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
ASP.Net Session State alternatives 3 32
Creating csr file for SSL 4 17
active directory 3 27
shadow copy on 2012 OS server 3 9
OfficeMate Freezes on login or does not load after login credentials are input.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now