简体   繁体   English

IIS上的URL重写:HTTP到HTTPS规则也包括非www到www重定向

[英]URL Rewrite on IIS: HTTP to HTTPS rule to also include non-www to www redirect

How would I modify this rule to include non-www to www redirect? 我将如何修改此规则以包括非www到www重定向?

    <rule name="Force Https" stopProcessing="true">
      <match url="healthcheck.html" negate="true" />
      <conditions>
        <add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" negate="true" />
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
    </rule>

Is there a better way to force HTTPS sitewide? 是否有更好的方法在整个站点范围内强制使用HTTPS? I am using ASP.NET MVC 5 on IIS 8.5 我在IIS 8.5使用ASP.NET MVC 5

I think you just need to add another rule where it checks if the HTTP_HOST variable just contains your host without the www. 我认为您只需要添加另一条规则,即可检查HTTP_HOST变量是否仅包含主机而不包含www. prefix, and redirect if so: 前缀,如果是,则重定向:

<!-- You first rule. Note stopProcessing is now false. -->
<rule name="Force Https" stopProcessing="false">
  <match url="healthcheck.html" negate="true" />
  <conditions>
    <add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" negate="true" />
  </conditions>
  <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>

<!-- Additional rule. -->
<rule name="Force WWW" stopProcessing="true">
  <match url="healthcheck.html" negate="true" />
  <conditions>
    <add input="{HTTP_HOST}" pattern="^yourdomain\.com"/>
  </conditions>
  <action type="Redirect" redirectType="Permanent" url="https://www.{HTTP_HOST}{REQUEST_URI}" />
</rule>

Just change yourdomain.com above to your actual host domain name. 只需将上方的yourdomain.com更改为您的实际主机域名。

To answer your other question, I think URL redirect (through URL Rewrite) is the simplest way to force HTTPS without returning a 403 to your users who still try to access your site via HTTP. 为了回答您的其他问题,我认为URL重定向(通过URL重写)是强制HTTPS而不将403返回给仍然尝试通过HTTP访问您的网站的用户的最简单方法。

UPDATE 更新

In response to your comment regarding the double 301, you could try this single rule. 根据您对Double 301的评论,您可以尝试使用此单一规则。 I do not have my laptop at home to verify, but I think this will work: 我没有手提电脑在家中进行验证,但是我认为这可以工作:

<!-- This rule will capture any http request regardless of the 'www.' prefix in the URL -->
<rule name="Force Https" stopProcessing="true"> 
  <match url="healthcheck.html" negate="true" />
  <conditions>
    <add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" />
  </conditions>
  <action type="Redirect" url="https://www.yourdomain.com{REQUEST_URI}" redirectType="Permanent" />
</rule>
<!-- This rule will capture https request that does not have the 'www.' prefix in the URL -->
<rule name="Force WWW Prefix" stopProcessing="true">
  <match url="healthcheck.html" negate="true" />
  <conditions logicalGrouping="MatchAll">
    <add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" />
    <add input="{HTTP_HOST}" pattern="^yourdomain\.com$"/>
  </conditions>
  <action type="Redirect" url="https://www.yourdomain.com{REQUEST_URI}" redirectType="Permanent" />
</rule>

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM