IIS URL Rewrite Issue with SSL

Discussion in 'Windows 2012/IIS 8' started by djohnson87, Dec 1, 2015.

  1. Hi everyone:

    I am trying to get a URL rewrite rule to work completely. My site (we will call it example.com for brevity) is secured with an SSL certificate, and that certificate secures example.com, not www.example.com. I have a rule that successfully redirects (http://)www.example.com to https://example.com, but if I navigate to https://www.example.com I get a certificate mismatch warning because the rule doesn't strip the WWW in this case for whatever reason.

    I have another rule that redirects users from, let us say www.ex123.com, to https://example.com. This rule functions just fine.

    Here my rules in the web.config right now (edited only to reflect the domains above):

    Code:
    <rule name="redirect" enabled="true" stopProcessing="false">
      <match url="(.*)" ignoreCase="true"/>
      <conditions>
        <add input="{HTTP_HOST}" pattern="localhost" negate="true"/>
        <add input="{HTTP_HOST}" pattern="^(.*)?ex123.com"/>
      </conditions>
      <action type="Redirect" redirectType="Permanent" url="https://example.com/{R:0}" appendQueryString="true"/>
    </rule>
    <rule name="remove www" enabled="true" stopProcessing="false">
      <match url="(.*)$" ignoreCase="true"/>
      <conditions>
        <add input="{HTTP_HOST}" pattern="www\.(.+)$"/>
      </conditions>
      <action type="Redirect" redirectType="Permanent" url="https://{C:1}" appendQueryString="true"/>
    </rule>
    
    I tried adding {HTTPS} as an input condition, but that didn't get me any further.

    Can anyone help me out with this?

    Thanks!
     
  2. martino

    martino DiscountASP.NET Staff

    What happens if you try to use this instead?

    Code:
    <rule name="redirect" enabled="true" stopProcessing="false">
      <match url="(.*)" ignoreCase="true"/>
      <conditions>
        <add input="{HTTP_HOST}" pattern="localhost" negate="true"/>
        <add input="{HTTP_HOST}" pattern="^(.*)?ex123.com"/>
      </conditions>
      <action type="Redirect" redirectType="Permanent" url="https://example.com/{R:0}" appendQueryString="true"/>
    </rule>
    <rule name="remove www" enabled="true" stopProcessing="false">
      <match url="(.*)$" ignoreCase="true"/>
      <conditions>
        <add input="{HTTP_HOST}" pattern="www\.(.+)$"/>
      </conditions>
      <action type="Redirect" redirectType="Permanent" url="https://example.com/{R:0}" appendQueryString="true"/>
    </rule>
     
    RayH and mjp like this.
  3. Unfortunately I get the same error messages:

    Chrome: NET::ERR_CERT_COMMON_NAME_INVALID
    Firefox: ssl_error_bad_cert_domain
    IE/Edge: No error message visible, but stops navigation
    Opera: Gives a popup warning and stops navigation, but does not give an error message
     
  4. martino

    martino DiscountASP.NET Staff

    Sounds like your SSL Certificate is the issue you're having. Do you know the common name of the SSL Certificate? Is it the same as the URL you're redirecting to?
     
  5. The common name is example.com, so yes the same as the URL I am attempting to redirect to.

    Just for this instance, though, all I want to do is strip the www if a user happens to put https://www.example.com into their browser address bar. That is the only part of the URL rewriting that I have issues with.
     
  6. martino

    martino DiscountASP.NET Staff

    I found this web page article here: http://stackoverflow.com/questions/17110411/iis-url-redirect-http-to-non-www-https

    Code:
      <rewrite>
        <rules>
          <rule name="SecureRedirect" stopProcessing="true">
            <match url="^(.*)$" />
            <conditions>
              <add input="{HTTPS}" pattern="off" />
              <add input="{HTTP_HOST}" pattern="^(www\.)?(.*)$" />
            </conditions>
            <action type="Redirect" url="https://{C:2}" redirectType="Permanent" />
          </rule>
        </rules>
      </rewrite>
     
  7. Thanks martino:

    Again, unfortunately, this rule does not strip the WWW from the entered address https://www.example.com.
     
  8. martino

    martino DiscountASP.NET Staff

    What does the following do?

    Code:
      <rewrite>
        <rules>
          <rule name="SecureRedirect" stopProcessing="true">
            <match url="^(.*)$" />
            <conditions>
              <add input="{HTTPS}" pattern="off" />
              <add input="{HTTP_HOST}" pattern="^(www\.)?(.*)$" />
            </conditions>
            <action type="Redirect" url="https://example.com/{R:0}" redirectType="Permanent" />
          </rule>
        </rules>
      </rewrite>
     
  9. Same thing (well, technically nothing) unfortunately.
     
  10. martino

    martino DiscountASP.NET Staff

    What exact URLs are you testing when it doesn't work?

    Please provide us with what URL you're entering into the browser and what you're expecting the URL to turn into.

    Can you also PM me your domain name? I'll check out the stuff on our backend
     
  11. martino

    martino DiscountASP.NET Staff

    I got your PM. Thank you.

    My URL Redirect skills are limited so Sorry for the back and forth.

    I did some research on the internet and I found this URL Redirect here: http://jasonwatmore.com/post/2012/0...one-and-http-to-https-with-a-single-rule.aspx

    Can you first backup your web.config file. Keep it for safe keeping and then try to only use the following URL Rewrite rule?:

    Code:
    <rewrite>
        <rules>
            <rule name="Redirect everything to https://mydomain.com" patternSyntax="Wildcard" stopProcessing="true">
                <match url="*" />
                <conditions logicalGrouping="MatchAny">
                    <add input="{HTTP_HOST}" pattern="mydomain.com" negate="true" />
                    <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                </conditions>
                <action type="Redirect" url="https://mydomain.com/{R:0}" />
            </rule>
        </rules>
    </rewrite>
    According to the web page article. It redirects any domain name to the single domain name you wish to use. I'm not sure if it will work but it doesn't hurt to try it out.
     
  12. Sure thing, I just got home from work but will try this tomorrow and let you know what happens.

    Thanks again!
     
  13. Martino:

    This rule indeed was able to replace my other rules as an all-in-one handler, but unfortunately WWW is still not removed if it is explicitly put in with https://. I wonder if this is just an inherent problem with the certificate? For fun I checked out what google does: their rule(s) turn https://google.com to https://www.google.com.
     

Share This Page