3

IIS 7 on Windows Server 2008 R2 SP1

I have added the following rule to my web.config to redirect all incoming request to HTTPS

<rule name="HTTP to HTTPS redirect" stopProcessing="true">
  <match url="(.*)" />
  <conditions>
    <add input="{HTTPS}" pattern="off" ignoreCase="true" />
  </conditions>
  <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>

It fails when ampersands (&) are present in the URL or file name. I've looked at some of the solutions offered and am not interested in allowing special characters through the registry. Is there a way to perform a rewrite to encode the ampersand to & or %26 prior to the redirect rule? Does the HTTPS redirect rule use the original URL or the newly rewritten/encoded version?

David Buell
  • 31
  • 2
  • tried adding a rewrite map for & to & and placing a rule to apply it before the HTTPS redirect but it did not help. Is it possible to rewrite and redirect in the same rule? – David Buell Dec 04 '14 at 20:41
  • I'm using ASP.NET 4.5 and found some posts saying it was ok to allow special characters in the URL in this case, and to disable validateRequest for pages. I'm leaving this question open in case someone wants to tell me that's a bad idea. I'm not outputting any content being passed in the querystring. – David Buell Dec 04 '14 at 22:02

1 Answers1

0

You need to use the [NE] parameter

<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" [NE] />

zman
  • 633
  • 6
  • 14