Web.config URL rewrite - force www prefix and https

Question

I'm trying to enforce https and a www prefix. However my rule doesn't fully work. Here is my rule:

<rewrite>
  <rules>
    <clear />             
    <rule name="Force https" stopProcessing="true">
      <match url="(.*)" />
      <conditions>
            <add input="{HTTPS}" pattern="off" ignoreCase="true" />
      </conditions>
      <action type="Redirect" url="https://www.mydomain.co.uk/{R:1}" redirectType="Permanent" />
    </rule>
    <rule name="Force www" stopProcessing="true">
      <match url="(.*)" />
      <conditions>
            <add input="{HTTP_HOST}" pattern="localhost" negate="true" />
            <add input="{HTTP_HOST}" pattern="www.mydomain.co.uk" negate="true" />
      </conditions>
      <action type="Redirect" url="https://www.mydomain.co.uk/{R:1}" redirectType="Permanent" />
    </rule>          
  </rules>
</rewrite>

It works for redirecting http to https.
it works if I go to https://mydomain.co.uk (redirects to https://www.mydomain.co.uk)
however it DOES NOT work if I go to https://mydomain.co.uk/blah/whatever

Please can somebody advise? Thanks.

VDWWD · Answer 1 · 2017-08-23T21:49:58.733

11

These are the rewrite rules that I use for that exact purpose. I've also added a rule to make the URL all lowercase and a rule to remove the trailing slash should one be present. This makes working with Analytics easier since it treats page.aspx and page.aspx/ as different url's. That is why I use ignoreCase=true because then it does not matter if someone uses upper case somewhere since it will be handled later on by the ToLowerCase rule

<rule name="ForceWWW" stopProcessing="true">
  <match url=".*" ignoreCase="true" />
  <conditions>
    <add input="{HTTP_HOST}" pattern="^yoursite.com" />
  </conditions>
  <action type="Redirect" url="https://www.yoursite.com/{R:0}" redirectType="Permanent" />
</rule>

<rule name="HTTPtoHTTPS" stopProcessing="true">
  <match url="(.*)" ignoreCase="false" />
  <conditions>
    <add input="{HTTPS}" pattern="off" />
  </conditions>
  <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>

<rule name="RemoveTrailingSlash">
  <match url="(.*)/$" />
  <conditions>
    <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
    <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
  </conditions>
  <action type="Redirect" redirectType="Permanent" url="{R:1}" />
</rule>

<rule name="ToLowerCase">
  <match url=".*[A-Z].*" ignoreCase="false" />
  <action type="Redirect" url="{ToLower:{R:0}}" redirectType="Permanent" />
  <conditions>
    <add input="{URL}" pattern="WebResource.axd" negate="true" />
    <add input="{URL}" pattern="ScriptResource.axd" negate="true" />
  </conditions>
</rule>

edited Aug 23 '17 at 21:49

answered Aug 23 '17 at 17:50

VDWWD

35,079
22
62
79

1

Thanks. Why use `stopProcessing="true"`? Doesn't that prevent the following rules from being processed? – Jonathan Wood Aug 23 '17 at 20:22
Yes it does. "_A rule may have the StopProcessing flag turned on. When this flag is turned on, it means that no more subsequent rules will be processed and the URL produced by this rule will be passed to the IIS request pipeline (if the rule matched). By default, this flag is turned off._" See https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/url-rewrite-module-configuration-reference – VDWWD Aug 23 '17 at 21:38
But that would mean if the request was missing both the WWW prefix and HTTPS protocol. The WWW prefix would be added but HTTPS would not because no more rules would be processed. – Jonathan Wood Aug 23 '17 at 21:42
Yes, but the first rule already sends it to the correct url with www and https. even if both of them were missing. Once you have `www` it skips the first rule anyway. And most of the time the redirects happen because of faulty user input. The next time a user visits the site the browser autofills it or they have bookmarked the correct url. And Google indexes the correct one also because of the redirect. You could remove stopProcessing from less important rules but that is depending of what the next ones are (if any) – VDWWD Aug 23 '17 at 21:52
I see. You specified HTTPS in the WWW rule. – Jonathan Wood Aug 23 '17 at 21:54
Hmmm... I'm still confused. Wouldn't you want the third and fourth rule to still be applied, regardless of the outcome of the first two? `stopProcessing="true"` will stop this from happening. – clayRay Aug 28 '18 at 05:56

Albert Einstein · Answer 2 · 2017-08-22T02:05:47.950

Here is an example of such web.config -- it will force HTTPS for ALL resources (using 301 Permanent Redirect):

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="HTTP Redirect to HTTPS" enabled="true" stopProcessing="true">
                   <match url="(.*)" ignoreCase="false" />
                       <conditions>
                           <add input="{HTTPS}" pattern="off" />
                       </conditions>
                       <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
              </rule>
          </rules>
    </rewrite>


   <rewrite>
       <rules>
          <rule name="Redirects to www.example.com" patternSyntax="ECMAScript" stopProcessing="true">
               <match url=".*" />
                   <conditions logicalGrouping="MatchAny">
                      <add input="{HTTP_HOST}" pattern="^example.com$" />
                   </conditions>
                   <action type="Redirect" url="https://www.example.com/{R:0}" />
               </rule>
          </rules>
      </rewrite>        
 </system.webServer>

Source: https://stackoverflow.com/a/9823208/5740382

For more Details: https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/url-rewrite-module-configuration-reference

Web.config URL rewrite - force www prefix and https

2 Answers2

Linked