IIS URL Rewrite Multi-tenancy enforce HTTPS www to non www
Question
TLDR: I just need this one condition: https://www.example.com -> https://example.com
I have rewrite rules which are working to Force HTTPS. I also need to enforce www to non-www (or figure out if there is a way to change the binding so that https://www also works). I am dynamically installing and binding multiple SSL's for multiple domains to the site using Server Name Indication (SNI) when IIS starts. Therefore, I don't know what the URL is going to be. I believe I have figured out how to use the condition callbacks to capture the authority part {example.com} and drop the www.
However, if the user types https://www.example.com , I can't get that to match. Using the pattern matching tool in the IIS url rewrite module on the server, the https://www.example.com pattern does seem to match, but it isn't actually triggering the rule in the browser. Something about the https in the browser is throwing it off? Or is it my bindings?
<rewrite>
<rules>
<rule name="Rewrite http www to https">
<match url="(.*)" ignoreCase="true" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" matchType="Pattern" pattern="www" />
<add input="{HTTP_HOST}" matchType="Pattern" pattern="^(www\.)(.*)$" />
</conditions>
<action type="Redirect" url="https://{C:2}/{R:1}" appendQueryString="true" redirectType="Found" />
</rule>
<!-- This rule is not working. It never seems to match. -->
<rule name="Rewrite https www to https">
<match url="(.*)" ignoreCase="true" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" matchType="Pattern" pattern="www" />
<add input="{HTTP_HOST}" matchType="Pattern" pattern="^(https://)(www\.)(.*)$" />
</conditions>
<action type="Redirect" url="https://{C:3}/{R:1}" appendQueryString="true" redirectType="Found" />
</rule>
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="true" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Found" />
</rule>
</rules>
</rewrite>
So, to recap, currently the rules do this:
http://example.com -> https://example.com (good)
https://example.com -> https://example.com (good)
http://www.example.com -> https://example.com (good)
https://www.example.com -> https://www.example.com !!! (should be https://example.com )
My bindings are currently:
type - host name - port - ip address
http - blank - 80 - 10.0.0.53
https - example.com - 443 - *
https - example2.com - 443 - *
2 answers
solution1
1 2015-07-01 08:14:59
My answer is that you shouldn't use url rewrites to get https and www.
I put [RequireHttps] on the controller classes that should use https (or the method if you have methods in that controller that should respond to plain http requests).
Doing so will solve the problems with non-www and www with http and https.
Then as for your additional comment that you only want to use www, I usually just set that up with CNAME and A record with the DNS provider but that is another question.
solution2
1 ACCPTED 2015-07-02 01:39:04
The answer ended up being incredibly simple... My bindings at the end of the post had to be changed.
type - host name - port - ip address
http - blank - 80 - 10.0.0.53
https - example.com - 443 - *
https - example2.com - 443 - *
https - www.example.com - 443 - *
https - www.example2.com - 443 - *
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.