IIS URL Rewrite - Redirect any HTTPS traffic to sub-domain

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by uniquelau on Server Fault See other posts from Server Fault or by uniquelau
Published on 2014-08-06T12:10:43Z Indexed on 2014/08/20 4:23 UTC
Read the original article Hit count: 426

Filed under:
|
|

We have an interesting hosting environment that dictates all secure traffic must travel over a specific sub domain. E.g. http://secure.domain.com/my-page

I'd like to handle this switch using URL Rewrite, i.e. at server level, rather than application level.

My cases are:

https://secure.domain.com/page => NO CHANGE, remains the same
https://domain.com/page => sub-domain inserted, https://secure.domain.com/page
https://www.domain.com/page => remove 'www', insert sub-domain

In my mind the logic is:

INPUT = Full Url = http://www.domain.com/page

If INPUT contains HTTPS Then check Full URL, does it contain 'secure'? If YES do nothing, if no add 'secure' If INPUT contains 'www' remove 'www'

The certificate is not a wild card (e.g. top level domain) and is issues to:

https://secure.domain.com/

The website could also be hosted in a staging environment. E.g.

https://secure.environment.domain.com/

I do not have control over 'environment' or 'domain' or the 'tld'.

Laurence

-

Update 1, 19th August

So as mentioned below, the trick here is to avoid a redirect loop that could drive anyone well loopy.

This is what I propose:

One rule to force certain traffic to the secure domain:

<rule name="Force 'Umbraco' to secure" stopProcessing="true">
    <conditions logicalGrouping="MatchAll">
        <add input="{REQUEST_URI}" pattern="^/umbraco/(.+)$" ignoreCase="true" />
        <add input="{HTTP_HOST}" negate="true" pattern="^secure\.(.+)$" />
    </conditions>
    <action type="Redirect" url="https://secure.{HTTP_HOST}/{R:0}" redirectType="Permanent" />
</rule>

Another rule, that then removes the secure domain, expect for traffic on the secure domain.

<rule name="Remove secure, expect for Umbraco" stopProcessing="true">
    <match url="(.*)" ignoreCase="true" />
    <conditions logicalGrouping="MatchAll">
        <add input="{HTTP_HOST}" pattern="^secure\.(.+)$" />
        <add input="{REQUEST_URI}" negate="true" pattern="^/umbraco/(.+)$" ignoreCase="true" />
    </conditions>
    <!-- Set Domain to match environment -->
    <action type="Redirect" url="http://staging.domain.com/{R:0}" appendQueryString="true" redirectType="Permanent" />
</rule>

This works for a single directory or group of files, however I've been unable to add additional logic into those two rules. For example you might have 3 folders that need to be secure, I tried adding these as Negate records, but then no redirection happens at all.

Hmmm! L

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about iis

Related posts about rewrite

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle