URL Rewrite on IIS (from HTTP to HTTPS)

Topics: Developer Forum, User Forum
Jul 23, 2007 at 2:04 PM
Dear All,

I basically want to transparently switch the users of the site between http:// to https:// and vice versa. We could change the application's code to do this, but at lot of places "http://" was hardcoded into the code. Going this way, it would take us lot of time to get this running on https. Instead of that I proposed that we use URL rewriting to switch users.

I have downloaded latest version of Ionics URL Rewrite module and installed it on IIS 6 running on windows 2003 server. I configured Ionics dll in the ISAPI filter in the IIS. The filter got registered fine and shows the green arrow also. I also added Ionics URL rewriting module to web server's extension list and set that to allowed mode.

I added few mappings in IsapiRewrite4.ini which look like this:

RewriteCond %HTTPS (?!on).*
RewriteCond Host: (.*)
RewriteRule (.*) https://test/$1 R

This does not seem to be working. What I want to do is this. When users enter http://www.test.com/default-home.aspx - I want to redirect them to https://www.test.com/default-home.aspx. It should basically prefix https:// to any URL which comes up with http://

Can somebody please help me here?

Regards,
Rohit

Jul 24, 2007 at 3:14 AM
I basically need to do the same thing, so any help is much appreciated. Thanks!

Regards,
kwgainey
Jul 24, 2007 at 4:25 AM
Can anyone help please?


peyyetir wrote:
Dear All,

I basically want to transparently switch the users of the site between http:// to https:// and vice versa. We could change the application's code to do this, but at lot of places "http://" was hardcoded into the code. Going this way, it would take us lot of time to get this running on https. Instead of that I proposed that we use URL rewriting to switch users.

I have downloaded latest version of Ionics URL Rewrite module and installed it on IIS 6 running on windows 2003 server. I configured Ionics dll in the ISAPI filter in the IIS. The filter got registered fine and shows the green arrow also. I also added Ionics URL rewriting module to web server's extension list and set that to allowed mode.

I added few mappings in IsapiRewrite4.ini which look like this:

RewriteCond %HTTPS (?!on).*
RewriteCond Host: (.*)
RewriteRule (.*) https://test/$1 R

This does not seem to be working. What I want to do is this. When users enter http://www.test.com/default-home.aspx - I want to redirect them to https://www.test.com/default-home.aspx. It should basically prefix https:// to any URL which comes up with http://

Can somebody please help me here?

Regards,
Rohit



Jul 27, 2007 at 8:21 PM
Why don't you put your rules in double curly brackets so some can read them?
Aug 29, 2007 at 8:11 AM
The syntax of IIRF is very similar to the mod_rewrite for Apache. Googling for "RewriteRule AND https" retrieved some valuable samples and tutorials:
http://www.whoopis.com/howtos/apache-rewrite.html
http://wiki.apache.org/httpd/RewriteHTTPToHTTPS
http://www.karkomaonline.com/article.php/2005080614195334


This is my first set of rules and I'm sure there are better ways. However, this should provide a good start.


Make sure the folder exists and set logging to max while debugging.
------- 8< ------- >8 -------
RewriteLog c:\temp\iirfLog.out
RewriteLogLevel 5
------- 8< ------- >8 -------



These are the rules I use on our dev box called "PEER". Some of the apps require the full server and domain name.
These sets of rules expand the name from "PEER" to the complete domain "peer.dev.us.company.com".
Since I'm not an expert on regex I use the logical OR to concatenate the rules.

------- 8< ------- >8 -------
RewriteCond %{HTTPS} on
#RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{HTTP_HOST} ^peer$ I,OR
RewriteCond %{HTTP_HOST} ^peer\:0-9*$ I,OR
RewriteCond %{HTTP_HOST} ^peer.dev.us.company.com\:0-9*$ I
RewriteRule ^/(.*)$ https://peer.dev.us.company.com/$1 R
------- 8< ------- >8 -------

#tests to see if the connection is already HTTPS
RewriteCond %{HTTPS} on

#since we only have one https site, I ignore this. Useful for more than one site.
#RewriteCond %{SERVER_PORT} ^443$

#was the server typed in as just "PEER". I - ignore case, OR - logical OR with the rule below
RewriteCond %{HTTP_HOST} ^peer$ I,OR

#was the server typed in as "PEER" plus some port? I - ignore case, OR - logical OR with the rule below
RewriteCond %{HTTP_HOST} ^peer\:0-9*$ I,OR

#was the server typed in as "peer.dev.us.company.com" plus some port? I - ignore case, OR - logical OR with the rule below
RewriteCond %{HTTP_HOST} ^peer.dev.us.company.com\:0-9*$ I

#Redirect to the https site with the fully qualified name.
#Keep the path the user specified. So if a user types in "http://peer/reports" they are redirected to "http://peer.dev.us.company.com/reports"
RewriteRule ^/(.*)$ https://peer.dev.us.company.com/$1 R





This rule redirects all port 80 requests to the https site. I've seen the rule written as "^!443$", which means all connections on
ports other than 443 are redirected to the https site. I used port 80, because we have test sites on other ports which don't require SSL.

------- 8< ------- >8 -------
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^/(.*)$ https://www.company.com/$1 R
------- 8< ------- >8 -------



Thanks,
Carlos Klapp