How to redirect a URL in IIS to fully qualified domain name and https

Tom Grindrod
Tom Grindrod used Ask the Experts™
on
I'm trying to use the URL Rewrite module in IIS to redirect the four urls below. All but one are working but I can't figure out what is wrong.

1.) http://site1.company.com/web1  ->>   user is redirected correctly to:     https://site1.company.com/web1
2.) http://site1/web1  ->> user is redirected correctly to:    https://site1.company.com/web1
3.) https://site1.company.com/web1  ->> user goes to this site, no redirect needed
4.) https://site1/web1   ->>  This should redirect to https://site1.company.com/web1 but it does not work.  In the browser we get the ssl error that connection not valid.

Number 4 is not working. The same rule that sets the url in #2 should also do the job in #4. What am I missing?

Here are my two rules. I first add .company.com if it's not there and then add https if needed.

---- Here i the rule to add the FQDN:
<rule name="Redirect site1 to FQDN" enabled="true" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                        <add input="{HTTP_HOST}" pattern="^site1\.company\.com$" negate="true" />
                    </conditions>
                    <action type="Redirect" url="http://{HTTP_HOST}.company.com/{R:1}" redirectType="Permanent" />
                </rule>

----Here is the rule to change http to https:
                <rule name="Redirect Http to Https" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
                </rule>

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Dan McFaddenSystems Engineer

Commented:
I would set the action on the http to https rule to the following:

This line:
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />

Should be:
<action type="Redirect" url="https://{HTTP_HOST}.company.com/{R:1}" />

Open in new window


What I think the issue is, is that the SSL Cert uses the FQDN of the host (hostname,domain.ext).  The original setting is only using the hostname, which would tend to throw an SSL error indicating that there is a FQDN mismatch between the cert and URL.

HTTP_HOST is not the FQDN of the site.

Dan

Author

Commented:
The http to https rule is already working for me. If I change it as you suggest, when the URL is http://site1.company.com/web1  I get https://site1.company.com.company.com/web1  which breaks things. Like I said I already have http to https working anyway.

My problem is with the first rule. When the address comes in as
https://site1/web1  I need it to redirect to  https://https://site1.company.com/web1. This is not happening.

However http://site1/web1  is redirecting to https://site1.company.com/web1 

So the rule adding .company.com works for the http site but not the https site. This is what I can't figure out.
Dan McFaddenSystems Engineer

Commented:
You are getting double tapped by the top rule.

Or, change the rule that takes the hostname (http://site1/web1) only and push it to http not https, then let the other rule push to https.   And place the http to https rule 2nd in the list, so the rewrite rules are processed in a more logical order.

Dan
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

I changed the top rule, the one that adds the .company.com, to redirect to http instead of https but that didn't change anything. My second rule is already the http to https rule so I didn't need to  change that .  However http://site1/web1  is still redirecting to https://site1.company.com/web1 but the https version of this same url is still not redirecting at all.
Dan McFaddenSystems Engineer

Commented:
One more try:

on the FQDN rule:  remove the stopProcessing="true", this will allow the rule to process any additional rewrite rules on the site.

Dan

Author

Commented:
Thanks. I'll give this a shot off hours tonight and see if there is a change.
Dan McFaddenSystems Engineer

Commented:
Any additional info or feedback for this question?

Dan
Dan McFaddenSystems Engineer

Commented:
Any more info for the question?  Did this help?

Dan
Nope. Didn't help. I think it's a bug. I ended up putting it behind the proxy and using that to write that URL. I think this was just a MS defect.

Author

Commented:
We didn't see any other way to get around this.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial