IIS URL重写:强制规范主机名和HTTP到HTTPS重定向
[英]IIS URL Rewriting: Enforce canonical hostname & HTTP to HTTPS redirect
问题描述
I'm using these two rules in my web.config file: 
我在web.config文件中使用这两个规则:
<rule name="Enforce canonical hostname" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" negate="true" pattern="^www\.example\.com$" />
</conditions>
<action type="Redirect" url="https://www.example.com/{R:1}" redirectType="Permanent" />
</rule>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
With these two rules I get the following Redirect to work : 通过这两个规则,我得到以下重定向工作:
- http://www.example.com ---> https://www.example.com http://www.example.com ---> https://www.example.com
- http://example.com--- > https://www.example.com http://example.com--- > https://www.example.com
- https://example.com ---> this fails to redirect to https://www.example.com ... Why? https://example.com --->这无法重定向到https://www.example.com ...为什么?
2 个解决方案
解决方案1
24 已采纳 2012-04-27 02:26:05
Not sure if you're still seeking an answer but here goes. 不确定你是否还在寻找答案,但现在就去了。 After some searching, and trial and error, I found success with the following rules. 经过一些搜索和反复试验后,我发现了以下规则的成功。 Most examples I've encountered are unnecessarily complex with regards to pattern matching and introduce other variables that prevent the rules from working as intended. 我遇到的大多数示例在模式匹配方面都不必要地复杂,并引入了阻止规则按预期工作的其他变量。 The rules below can be applied to any website, and nothing is hard-coded so it should always be a straight copy-and-paste job: 以下规则可以应用于任何网站,没有任何硬编码,因此它应该始终是一个直接的复制粘贴工作:
<rule name="Redirect to WWW" stopProcessing="true" >
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\." negate="true"/>
</conditions>
<action type="Redirect" url="https://www.{HTTP_HOST}{HTTP_URL}" redirectType="Permanent" appendQueryString="false" />
</rule>
<rule name="Redirect to HTTPS">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="OFF"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{HTTP_URL}" redirectType="Permanent" appendQueryString="false" />
</rule>
Two things to note: redirectType="Permanent" will will result in the rule being applied until the browser's history / cache are emptied; 有两点需要注意:redirectType =“Permanent”将导致规则被应用,直到浏览器的历史记录/缓存被清空为止; this should be a good thing as the browser would do the work going forward. 这应该是一件好事,因为浏览器将继续进行工作。 Also, appendQueryString="false" is necessary as the {HTTP_URL} server variable already includes the full querystring; 此外,appendQueryString =“false”是必要的,因为{HTTP_URL}服务器变量已经包含完整的查询字符串; by default the option is "true" and would result in duplicate querystrings here. 默认情况下,该选项为“true”,这将导致重复的查询字符串。
解决方案2
6 2014-11-18 19:59:47
If it's for anyone's benefit, here's the same thing obtained with only one rule: 如果这是为了任何人的利益,这里只有一条规则获得同样的东西:
<rule name="Redirect HTTP to HTTPS and non-WWW to WWW" stopProcessing="true">
<match url="(.*)"/>
<conditions trackAllCaptures="false" logicalGrouping="MatchAny"> <!-- match non-HTTPS or non-WWW -->
<add input="{HTTPS}" pattern="^OFF$"/> <!-- if connection not secure -->
<add input="{HTTP_HOST}" matchType="Pattern" ignoreCase="true" pattern="^example\.com$" /><!-- domain is not canonical -->
</conditions>
<action type="Redirect" url="https://www.example.com{HTTP_URL}" redirectType="Permanent" appendQueryString="false"/>
</rule>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.