IIS url rewrite role except some urls

Question

I got this rule in URL rewrite that rewrites every request to the site using HTTP to HTTPS

<rule name="Force HTTPS" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
                </rule>

I need another rule or exception in this role to rewrite back or redirect specific urls to HTTP.

Is that possible?

score 94 · Accepted Answer · answered Nov 10 '12 at 09:34

94

You can add the exceptions for which you don't want to perform the redirect to HTTPS as extra conditions (not equal to that URL), like so:

<rule name="Force HTTPS" stopProcessing="true">
    <match url="(.*)" />
    <conditions logicalGrouping="MatchAll">
        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
        <add input="{REQUEST_URI}" negate="true" pattern="^/noredirect/forthis/page\.aspx$" ignoreCase="true" />
        <add input="{REQUEST_URI}" negate="true" pattern="^/noredirect/forthis/page-as-well\.aspx$" ignoreCase="true" />
        <add input="{REQUEST_URI}" negate="true" pattern="^/noredirect/forthis/page-as-well-too\.aspx$" ignoreCase="true" />
    </conditions>
    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>

answered Nov 10 '12 at 09:34

Marco Miltenburg

6,123
1
29
29

its gonna be like this >> , ?thanks for reply – dotmido Nov 11 '12 at 07:16
3

As long as domain.com is a directory in the root directory of you website, then yes, that will work. Note that you should use `domain\.com` in the regular expression to literally match domain.com otherwise the dot will make the regular expression accept any character there. You can not use this if you intend to match against domain.com as a domain name because the domain name is not included in the `{REQUEST_URI}` variable. – Marco Miltenburg Nov 12 '12 at 09:04
2

I used the IIS Wizard to exclude a specific domain from the URL writing and it turned out to create a line like this: in the condition node. While SubStringOfURL is a sub string of the URL I want to exclude. – Ronen Festinger May 20 '16 at 20:31
Also try taking `negate="true"` off the tag... that worked for me – Serj Sagan Jul 15 '19 at 06:04
So happy this is a thing. – WhiteleyJ Nov 18 '19 at 17:11

score 1 · Answer 2 · answered Nov 04 '21 at 03:41

Exception rule in Web.config, to not redirect the "NotSecurePage.ashx" to https:

<system.webServer>
<rewrite>
  <rules>
    <rule name="HTTP to HTTPS redirect" stopProcessing="true">
      <match url="(.*)" />
      <conditions>
        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
        <add input="{REQUEST_URI}" matchType="Pattern" pattern="\bNotSecurePage.ashx\b" ignoreCase="true" negate="true" /> <!-- Crystal não suporta imagens https.. Criando exceção para imagens de barcode, utilizadas no crystal -->
      </conditions>
      <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
    </rule>
  </rules>
</rewrite>
</system.webServer>

IIS url rewrite role except some urls

2 Answers2

Linked