0

I'm trying to redirect all insecure HTTP or HTTPS requests on my IIS Server(e.g. http://example.com/file/file1.txt) to FILE (file:////example.com/file/file.txt).

Is it possible to do this somehow?

I tried through IIS Rewrite, but Chrome writes an error - UNSAFE_REDIRECT and does not redirect.

Empty Nescoffe
  • 1

1 Answers1

0

I am not sure how you distinguish insecure HTTP/ HTTPS requests.

Generally, using of file:// protocol is not recommended due to security reasons while giving the response for the request that comes to your site which is hosted on the webserver.

If you redirect the request on your system using the file:// protocol then it could leak confidential data and someone could misuse it. They could try accessing other files on your systems and it could also lead to other unwanted issues.

By default, Chromium browsers will not allow using File:// protocol from your site and it will give you errors.

Please refer to this helpful answer.

As a workaround, you could create a virtual directory in the IIS and map the folder with it. Then you could access it using the HTTP or HTTPS protocol.

For more information, please refer to this answer.

Deepak-MSFT
  • 10,379
  • 1
  • 12
  • 19
  • The site is designed to only redirect all requests from HTTP to file:// . Website is empty. The files are also located on the local network and are not accessible from the Internet. The problem is that there are various Internet services and you can only use HTTP and HTTPS links there, but I need to insert links to my internal files located on a network drive. These links will only open for me. Unfortunately, I cannot create IIS virtual directories for some files, but if this is the only way, then you will have to use it. – Empty Nescoffe Feb 16 '22 at 08:36
  • The idea is that using any service on the Internet, you can leave a link like - http://my-empty-site.com/href/text.txt and open the file on my repository - file:////shared_server/shared_folder.text.txt . I repeat - I do not need links to open from others. Just me – Empty Nescoffe Feb 16 '22 at 08:36
  • I understand your requirement. From a security perspective, it is best to use HTTP/ HTTPS protocols. If you are available with the IE browser then you could test with it. As the IE browser will soon go out of support, you could test the same thing in [IE-mode](https://learn.microsoft.com/en-us/deployedge/edge-ie-mode) of the Edge browser. If the issue persists, I would suggest creating the IIS Virtual directory. – Deepak-MSFT Feb 16 '22 at 09:42