I'm trying to rewrite all my URL's to HTTPS but getting this error, not sure what am I doing wrong:
Config Error
This configuration section cannot be used at this path. This happens
when the section is locked at a parent level. Locking is either by
default (overrideModeDefault="Deny"), or set explicitly by a location
tag with overrideMode="Deny" or the legacy allowOverride="false".
web.config:
<rewrite>
<allowedServerVariables>
<add name="HTTPS" />
<add name="X-FORWARDED-PROTO" />
</allowedServerVariables>
<rules>
<rule name="HTTPS_AlwaysOn" patternSyntax="Wildcard">
<match url="*" />
<serverVariables>
<set name="HTTPS" value="on" />
</serverVariables>
<action type="None" />
<conditions>
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" />
</conditions>
</rule>
</rules>
</rewrite>
I have also installed Rewrite module and ARR on Docker container
# Install Url Rewrite
ADD https://download.microsoft.com/download/1/2/8/128E2E22-C1B9-44A4-BE2A-5859ED1D4592/rewrite_amd64_en-US.msi /install/rewrite_amd64_en-US.msi
RUN msiexec.exe /i c:\install\rewrite_amd64_en-US.msi /passive
ADD https://download.microsoft.com/download/A/D/C/ADC4BAF8-A094-47B5-A6F6-CE4C5ED18BF8/ARRv3_setup_amd64_en-us.EXE /install/ARRv3_setup_amd64_en-us.exe
RUN c:\install\ARRv3_setup_amd64_en-us.exe /Q
Build a normal IIS 10 machine for testing first and you should notice the same error, as that allowedServerVariables cannot be in web.config.
Reference
To enable SSL Rewrite simply add this inside:
<rules>
<rule name="SSL Redirect" enabled="true" stopProcessing="true">
<match url="(.*)"/>
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTPS}" pattern="off"/>
<add input="{HTTP_HOST}" pattern="localhost" negate="true"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}"/>
</rule>
</rules>
Related
I'm trying to use the URL Rewrite module for IIS 8 to make sure all connections are https. What I cannot figure out is how to maintain the full path for the rule. I am new to using this so hopefully this is a simple fix.
I will go to a page like this : https://xyz.domain.com/mypath/default.aspx.
After removing the 's' from 'https', I get redirected to https://xyz.domain.com/default.aspx and the mypath path is gone. I need to maintain this.
Here is the webconfig entry:
<rewrite>
<rules>
<rule name="Force http to https" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
I encountered the same issue after following an example online. I changed the redirect url to be https://{HTTP_HOST}/{REQUEST_URI}, and it preserved the full URL in the redirected request.
For reference, see the online docs URL Rewrite Module Configuration Reference.
Try this instead:
<!-- Require HTTPS -->
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
I have a rewrite rule that redirect to mobile sites. Redirection is working properly but I want to exclude one folder say ~/Content . I am stuck in rewriting the rules to exclude one folder. Below is the rule which does the redirection to mobile site
<rule name="Mobile Rewrite" patternSyntax="ECMAScript" stopProcessing="true">
<match url=".*" ignoreCase="true" negate="false" />
<conditions logicalGrouping="MatchAny" trackAllCaptures="false">
<add input="{HTTP_USER_AGENT}" pattern="android|blackberry|googlebot-mobile|iphone|ipod|opera mobile|palmos|webos" />
<add input="{HTTP_X-Device-User-Agent}" pattern="midp|mobile|phone" />
<add input="{HTTP_X-OperaMini-Phone-UA}" pattern="midp|mobile|phone" />
</conditions>
<action type="Redirect" url="http://localhost/" appendQueryString="false" redirectType="Found" />
</rule>
I have an asp.net application, which must run under SSL, and it has some rewrite rules defined in web.config to accomplish this.
<!--file web.config -->
....
</system.webServer>
<rewrite>
<rules configSource="webrewrite.config" />
</rewrite>
</system.webServer>
<!--file web.config -->
<rules>
....
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
....
</rules>
However, in development mode (with local web server or IIS Express) I don't want to use SSL.
So I would like to be able to use web.config transformations to remove one or more rewrite rules (but not all)
If you want to remove the Entire Section for your Dev Configuration use
<system.webServer>
<rewrite xdt:Transform="Remove" >
</rewrite>
</system.webServer>
I solved the problem, by using Remove transform, as shown below
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
....
<system.webServer>
<rewrite>
<rules>
<rule name="RulaNameToRemove"
xdt:Transform="Remove"
xdt:Locator="Match(name)" >
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Please write below code web.Debug and web.Release config file. Web.Debug will delete rewrite rules and web.Release insert rewrite rules.
Web.Debug.config
<system.webServer>
<rewrite>
<rules>
<rule name="RulaNameToRemove"
xdt:Transform="Remove"
xdt:Locator="Match(name)" >
</rule>
</rewrite>
</system.webServer>
</configuration>
Web.Release.config
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true" xdt:Transform="Insert">
<match url=".*"/>
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true"/>
</conditions>
<action type="Redirect" url="https://{SERVER_NAME}" redirectType="Permanent"/>
</rule>
</rules>
</rewrite>
</system.webServer>
You can move release settings to web.config.release file
I have a problem. On IIS I got a web-site with two ports 80 and 443(https). I want to redirect all the http requests from user to https. I also added Rewrite rule to https, but when I enter in browser http://localhost/site it gives me the same page. I need to redirect user to httpS://localhost/site.
Maybe this is because of my local configurations?
And I disable Require SSL on IIS.
The rule is:
<rewrite>
<rules>
<rule name="HTTPS Redirect">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="false" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{REQUEST_URI}" />
</rule>
</rules>
</rewrite>
Thank you.
Below is the exact rule we use on a production IIS 7 site to redirect all request from HTTP to HTTPS
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Found" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
There are some minor differences between what you have posted and what we use. Also, since you are running on local host, you wouldn't be using the built-in web server with visual studio would you? I don't think it will process IIS rewrite rules.
I realize this may not be your issue, however I had a similar debacle that was cause by a different problem.
I had enabled Require SSL and that caused the site to continually return a 403. So to use this method it appears you must disable SSL Settings -> Require SSL.
Hope this helps someone.
Also, if you have more than one rule, order could matter. Be sure to add the redirect rule before other rules or redirect may not fire.
Here is an example that is using SPA that required the rule order.
<rules>
// Adding this as last rule will cause it to not redirect
<rule name="HTTP/S to HTTPS Redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{SERVER_PORT_SECURE}" pattern="^0$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
<rule name="static dist files" stopProcessing="true">
<match url="^(.+)" />
<conditions>
<add input="{APPL_PHYSICAL_PATH}app\{R:1}" matchType="IsFile" />
</conditions>
<action type="Rewrite" url="/app/{R:1}" />
</rule>
<rule name="index.html as document root" stopProcessing="true">
<match url="^$" />
<action type="Rewrite" url="/app/" />
</rule>
<rule name="SPA Routes" stopProcessing="true">
<match url=".*|.*/.*$" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
<add input="{REQUEST_URI}" pattern="^/(api)" negate="true" />
</conditions>
<action type="Rewrite" url="/app/" />
</rule>
</rules>
It works for me in IIS 8.5
redirect
Three points:
Use single word OFF rather than ^OFF$
Use url="https://{HTTP_HOST}/{REQUEST_URI}"
Use redirectType=Permanent rather than Found although both are working but preferable Permanent type in this case
The webconfig code
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="OFF" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
you can add this to your pages. to force redirection.
if (!Request.IsSecureConnection)
{
Uri uri = new Uri(Request.Url, Request.RawUrl);
Response.Redirect(string.Format("https://{0}{1}{2}", uri.Host.StartsWith("www.x.com") ? uri.Host : "www.x.com", uri.AbsolutePath, uri.Query));
}
I just seen your tag of mvc
add this attribute to your actions. or controllers.
[RequireHttps]
I have a rewrite rule, which changes a server variable with the value of a subdomain.
This works on subdomain.mydomain.nl/somethinghere but not on subdomain.mydomain.nl
<rule name="Change code" enabled="true" patternSyntax="ECMAScript" stopProcessing="false">
<match url=".*" ignoreCase="true" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<add input="{SERVER_NAME}" pattern="(www\.)?(\w+)\.mydomain\.nl" />
<add input="{SERVER_NAME}" pattern="^www.mydomain.nl.*" negate="true" />
<add input="{SERVER_NAME}" pattern="^mydomain.nl.*" negate="true" />
</conditions>
<serverVariables>
<set name="MYVARIABLE" value="{C:2}" />
</serverVariables>
<action type="None" />
</rule>
I have tested 2 urls:
1: subdomain.mydomain.nl/somethinghere
2: subdomain.mydomain.nl
I retrieve the variable in PHP with the following code:
echo $_SERVER['MYVARIABLE'];
In case of URL 1, the output of this is "subdomain".
In case of URL 2, the output of this is "".
The output of URL 1 is correct, but the output of URL 2 should be "subdomain" too.
I have run a trace of both requests, and they both show that the rule is being matched and executed.
Can anyone help me?
When you set a custom server variable, you should start it with HTTP_. When you add your own header, it should start with HTTP_X_ to add a host header starting with an X.
To be honest, I can't really explain why it works without HTTP_ in some scenarios, but with HTTP_ it works in all scenarios and that's also how it's documented.
<rules>
<rule name="Change code" enabled="true" patternSyntax="ECMAScript" stopProcessing="false">
<match url=".*" ignoreCase="true" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<add input="{SERVER_NAME}" pattern="(www\.)?(\w+)\.testsite\.nl" />
<add input="{SERVER_NAME}" pattern="^www\.testsite\.nl$" negate="true" />
<add input="{SERVER_NAME}" pattern="^testsite\.nl$" negate="true" />
</conditions>
<serverVariables>
<set name="HTTP_X_MYVARIABLE" value="{C:2}" />
</serverVariables>
<action type="None" />
</rule>
</rules>
You can now get the subdomain name with echo $_SERVER["HTTP_X_MYVARIABLE"];.
I've also cleaned up your conditional regular expressions to escape the .s and also added a $ to make it truly match the exact domain names.