IIS URL Rewrite : 403 - Forbidden: Access is denied

Question

I installed IIS URL Rewrite 2.0 and add a rule to redirect all http links to https. Here is my Web.Config Code:

 <rewrite>
        <rules>
            <rule name="REdirect To HTTPS" stopProcessing="true">
                <match url="(.*)" />
                <conditions>
                    <add input="{HTTPS}" pattern="^OFF$" />
                </conditions>
                <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
            </rule>
        </rules>
    </rewrite>

Everything looks fine. But when I access my website using http, it throws 403 error.

403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.

TLS 1.0 is enabled with IIS 7.5.

Where I can get more info on exactly what type of 403 error it is?

you may also try this http://stackoverflow.com/questions/10428357/iis-7-5-url-redirect-for-specific-patterns — techspider, Jun 03 '16 at 13:44

score 32 · Accepted Answer · answered Jun 09 '16 at 08:39

32

SSL was enabled in IIS. I just read somewhere that in SSL Settings Require SSL need to be unchecked when using URL Rewrite 2.0.

I deselect the Require SSL and click Apply. Its working fine now.

answered Jun 09 '16 at 08:39

Abdul

2,002
7
31
65

3

This was it for me. I can't believe how much time I wasted with this. I thought it was something complicated and would've never thought it was something so simple. Thanks Abdul! – AbeyMarquez Mar 01 '18 at 21:16
"somewhere" link broke, but interesting fix for Force SSL. – JoshYates1980 Mar 28 '18 at 20:22
I recommend following these steps: https://blogs.technet.microsoft.com/dawiese/2016/06/07/redirect-from-http-to-https-using-the-iis-url-rewrite-module/ – JoshYates1980 Mar 29 '18 at 15:23
it really helped me – SalmanShariati Aug 13 '18 at 13:44
I did this by selecting the website that i was targeting with the rewrite, selecting "SSL Settings", and unchecking the Require SSL checkbox. I had checked it in my previous attempts and forcing SSL – hanzolo Dec 12 '18 at 05:53

score 8 · Answer 2 · answered Jul 27 '20 at 16:05

I was getting the same error; here was my solution, in case it helps others.

My rule was rewriting URLs coming in to the Default Web Site's root application ("/") to "/public", but I was getting a 403 error. The "/public" application worked fine if I requested it directly, and it also worked fine if I disabled the rewrite rule, so permissions there were not the issue.

"Require SSL" was not checked, as noted in an earlier answer.

Looking at the IIS log file, I found that the specific flavor of error was 403.18 - "Cannot execute requested URL in the current application pool".

The web site's root application needs to be assigned the same application pool as the application you're sending the request to.

score 0 · Answer 3 · answered Jun 14 '16 at 10:14

0

Its not sure if this will help but I see your rule is not enabled

<rule name="Redirect to https" enabled="false" stopProcessing="true">

answered Jun 14 '16 at 10:14

Codeone

1,173
2
15
40

1

Rule was enabled @Codeone. The problem was with SSL Settings. – Abdul Jun 14 '16 at 11:19

IIS URL Rewrite : 403 - Forbidden: Access is denied

3 Answers3