• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 211
  • Last Modified:

URL rewrite to redirect all URL variants to https://www.mydomain.com

I have a URL and I have applied an SSL certificate to the www variant https://www.mydomain.com. I would like all variations of this domain to point to https://www.mydomain.com,

So for example the following domains should redirect to https://www.mydomain.com:

  • http://www.mydomain.com
  • http://mydomain.com
  • https://mydomain.com

The website is hosted on a windows 2008 server running IIS7.5 and I have created some rules in the web.config file using URL Rewrite. However the following domains do not redirect:

  • http://mydomain.com
  • https://mydomain.com

Here are the rules I currently have:

<!-- Redirect http non www to https www -->
<rule name="Redirect http://mydomain.com to www" patternSyntax="Wildcard" stopProcessing="true">
  <match url="*" />
  <conditions>
	<add input="{HTTP_HOST}" pattern="mydomain.com" />
  </conditions>
  <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>

<!-- Redirect http to https -->
<rule name="Redirect http to https" enabled="true">
	<match url="(.*)" ignoreCase="false" />
	<conditions>
		<add input="{HTTPS}" pattern="off" />
	</conditions>
	<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>

Open in new window


I would appreciate some assistance in getting this to work using a URL rewrite. Ideally I would prefer to replace the above with a single rule.
0
mike99c
Asked:
mike99c
  • 6
  • 5
1 Solution
 
btanExec ConsultantCommented:
Probably you can try out this rule which quite similar to yours but they combine the condition and check for www too.

Besides the three tested Url, need to verify whether it suggested example can work for "https://mydomain.com" which we may want to change it with wildcard for the "www"

https://www.orderfactory.com/articles/IIS-URL-Rewrite-to-HTTPS.html
0
 
mike99cAuthor Commented:
Thanks btan for this. It has definitely improved. I tested it in Firefox after I cleared the cache of cookies and history. Previously when I typed mydomain.com it immediately redirected to https://mydomain.com which flagged the security warning. Now it redirects to https://www.mydomain.com which is what I want.

The problem remains however that if I type in https://mydomain.com it does not redirect at all and the security warning appears.
0
 
btanExec ConsultantCommented:
We may need to enforce prefix www. Pls see http://madskristensen.net/post/url-rewrite-and-the-www-subdomain
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
mike99cAuthor Commented:
I tried the enforce www rule and it still does not work. I tried it both before and after the http to https redirect rule and it fails for both cases.
0
 
btanExec ConsultantCommented:
I suggest you remove all the existing code and include only the https redirection for domain.com to www.domain.com.

I suspect it is due to the warning as the SSL Certificate is causing HTTPS not to match. For example, the SSL cert used for yiur webserver is only for www.domain.com but not domain.com. You can either have a wildcard *.domain.com cert or a cert with SAN to have the domains included.
0
 
mike99cAuthor Commented:
Hi btan, it is true that the certificate is only set up for www.domain.com and not domain.com. I was hoping to avoid the extra expense of applying it to the non www hoping that the redirect would do the trick.

Is there any reason why the redirect cannot work in this case?
0
 
btanExec ConsultantCommented:
you can try access https://domain.com and see the SSL certificate presented if any from your browser. The SSL certificate subject may not be referring to domain.com but instead www.domain.com, hence SSL will not be completed. The rewrite will only kicked in after the HTTP connection is established.
I get in the SSL Server Test:
Prefix handling Not valid for "domain.com"   CONFUSING
 
Why is it confusing if a certificate is only valid for www.domain.com and not also in addition for domain.com?
 
Well, because your certificate does not include a SAN for domain.com, you cannot use this current SSL server certificate for securing https://domain.com, as no SSL client will trust this connection.
http://discussions.citrix.com/topic/366491-redirect-httpsdomaincom-to-httpswwwdomaincom/

also for SSL Server Certificate trust problems, try testing your SSL setup using https://www.ssllabs.com/ssltest/
0
 
btanExec ConsultantCommented:
another that I saw
For a safer rule that works for both Match Any and Match All situations, you can use the Rewrite Map solution....You can create a Rewrite Map called MapProtocol, you can use {MapProtocol:{HTTPS}} for the protocol within any rule action.

<rewrite>
  <rules>
    <rule name="Redirect to www" stopProcessing="true">
      <match url="(.*)" />
      <conditions trackAllCaptures="false">
        <add input="{HTTP_HOST}" pattern="^domain.com$" />
      </conditions>
      <action type="Redirect"
        url="{MapProtocol:{HTTPS}}://www.domain.com/{R:1}" />
    </rule>
  </rules>
  <rewriteMaps>
    <rewriteMap name="MapProtocol">
      <add key="on" value="https" />
      <add key="off" value="http" />
    </rewriteMap>
  </rewriteMaps>
</rewrite>
0
 
mike99cAuthor Commented:
Thanks btan, I tried the rewrite maps solution and it did not work. I had the same issue.

From your previous post, are you saying that if I applied the SSL certifictae to https://domain.com that the redirect rule would work?
0
 
btanExec ConsultantCommented:
You can try as I still suspect it is the ssl cert. Check your SSL cert subject name and SAN for any "domain.com" and if there is none, chances the rewrite will not work.
0
 
mike99cAuthor Commented:
Works ok apart from the non www https.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now