URL Rewrite to remove www and redirect to https using web-config (c# .net)

Question

I have the following code in my web-config to be able to redirect both the URLs with the prefix "www" and non-SSL requests to the https:// mydomain.com because the SSL certificate is registered to the domain without the www

<rewrite>
  <rules>
    <rule name="Remove WWW prefix and redirect to https" >
      <match url="(.*)" ignoreCase="true" />
      <conditions logicalGrouping="MatchAny">
        <add input="{HTTP_HOST}" pattern="^(www\.)(.*)$" ignoreCase="true" />
        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
      </conditions>
      <action type="Redirect" redirectType="Permanent" url="https://mydomain.com/{R:1}" />
    </rule>
  </rules>
</rewrite>

This is the result:

1) http:// mydomain.com/something --> https:// mydomain.com/something (Correct)

2) http:// www.mydomain.com/something --> https:// mydomain.com/something (Correct)

3) https:// www.mydomain.com/something --> Shows certificate error (There is a problem with this website's security certificate.)

When you select "Continue to this website (not recommended)." on the certificate error page, the url is rewritten correctly (https:// mydomain.com/something)

How can I make sure the certificate error does not show?

Thank you

Answer 1

One way to solve it is to register two separate rules:

1. Remove www.

2. Force HTTPS.

    <rule name="Remove www" stopProcessing="true"> <match url="(.*)" negate="false"></match> <conditions> <add input="{HTTP_HOST}" pattern="^www\\.(.*)$" /> </conditions> <action type="Redirect" url="https://{C:1}/{R:1}" appendQueryString="true" redirectType="Permanent" /> </rule> <rule name="Force HTTPS" enabled="true"> <match url="(.*)" ignoreCase="false" /> <conditions> <add input="{HTTPS}" pattern="off" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" /> </rule>

Answer 2

so we use this in our projects, and this works.

Let me know it that helps:

<rewrite>
  <rules>
    <rule name="Redirect to https">
      <match url="(.*)"/>
      <conditions>
        <add input="{HTTPS}" pattern="Off"/>
        <add input="{REQUEST_METHOD}" pattern="^get$|^head$" />
        <add input="{HTTP_HOST}" pattern="localhost" negate="true"/>
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"/>
    </rule>
  </rules>
</rewrite>

It also ignores the request when you access the site on your local machine.

Answer 3

I'm not sure about this as I don't have too much experience with url-rewriting but trying to help wont hurt.
You can try this

<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://mydomain.com/{R:1}" redirectType="Permanent" />

I googled quite a lot and found this but it might not do what you meant to.

Answer 4

This problem cannot be solved by using rewrite rules: the problem is that the certificate is verified at the time the connection to the server is set up. As your server does not have a valid certificate for the www. variant, the certificate is invalid and the browser will notify its user.

Only after the user agrees to continue, the request is sent to the server and the rewrite rules kick in.

Answer 5

I'm seeing the same problem. Because the domain doesn't have an SSL certificate for www, the web.config code doesn't remove the www when the URL includes https. The result is using http with or without the www, correctly redirects it to https://domain, but if it starts with https: and www, it's stuck.

So can this be resolved at the DNS level so that www isn't defined as a CNAME and is just redirected there? Google Domains seems to have synthetic records for this. Has anyone used it successfully?