3

I have just setuped ssl for my dmain and host. I want to limit my site to https://www.example.com ONLY.

If the any user tried to open http://example.com, www.example.com, example.com or https://example.comhe must be redirected to https://www.example.com

The redirection must be for the domain name only. The rest of any URL would remains as is.

For example: if user opened example.com/dir1/page1.aspx he must be redirected to https://www.example.com/dir1/page1.aspx

I want to do it using IIS rewrite rules.

Shady Mohamed Sherif
  • 15,003
  • 4
  • 45
  • 54
  • 1
    If you are working in vs, in the App_Start folder of the project, open the FilterConfig.cs file and add this: filters.Add(new RequireHttpsAttribute()); That will make your entire site require ssl to do anything. – nocturns2 Nov 23 '15 at 23:16
  • @nocturns2 nice solution but I wouldn't solve the redirect from non www to www – Shady Mohamed Sherif Nov 23 '15 at 23:19
  • 1
    no it wouldn't. I'm glad you found a solution, which I hope you don't mind if I save it for future use. Thanks! – nocturns2 Nov 23 '15 at 23:28

2 Answers2

4

I solved this problem by adding this code to web.config file on the root directory of the domain.

  • First rule matches the url if it isn't starting with www what ever it is http or https

  • second rule matches the url if it is starting with www but it isn't https

    <system.webServer>
 <rewrite>
  <rules>

    <rule name="Redirect from non www" stopProcessing="true">
      <match url=".*" />
      <conditions>
        <add input="{HTTP_HOST}" pattern="^example.com$" />
      </conditions>
      <action type="Redirect" url="https://www.example.com/{R:0}" redirectType="Permanent" />
    </rule>

    <rule name="Redirect from non https" stopProcessing="true">
      <match url=".*" />
      <conditions>
        <add input="{HTTPS}" pattern="^OFF$" />
        <add input="{HTTP_HOST}" pattern="^www.example.com$" />
      </conditions>
      <action type="Redirect" url="https://www.example.com/{R:0}" redirectType="Permanent" />
    </rule>

  </rules> 
 </rewrite>
</system.webServer>
Curt
  • 5,518
  • 1
  • 21
  • 35
Shady Mohamed Sherif
  • 15,003
  • 4
  • 45
  • 54
  • 1
    IIS has Request Filtering where you can enter rules. I still need to test your solution, but I'm pretty sure it should work. In the past you had to add the url rewrite component to iis. – nocturns2 Nov 23 '15 at 23:37
  • 1
    what else needs to be added for redirects in the web.config to work? Putting this xml into the web.config just crashes IIS8 (500 error - no messages nor logs) – MC9000 Apr 20 '16 at 09:06
  • 1
    this requires URL Rewrite module – Thorarins Jan 26 '18 at 09:45
2

Add this in your global.asax file if you donot have control over iis or using a shared hosting where the hosting company doesnt allow u to change the settings.

protected void Application_BeginRequest(object sender, EventArgs e)
{
    if (HttpContext.Current.Request.IsSecureConnection.Equals(false) && HttpContext.Current.Request.IsLocal.Equals(false))
    {
        Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"] + HttpContext.Current.Request.RawUrl);
    }
}

EDITED:

For canonical tag (www.example.com) you dont need to make any changes in your code. there is a setting given for it in your plesk panel/odin panel (even in shared hosting) to select the default url for you application.

It will automatically redirect your site to www.example.com

The settings in under hosting settings of your website. select the preferred domain option to www

Hirav Sampat
  • 196
  • 1
  • 11
  • nice solution for those who don't have control over their iis ; but what about forwarding non www to www? could you make it complete – Shady Mohamed Sherif Nov 28 '15 at 18:15
  • @shadyshrif i have edited the answer for forwarding to www url. – Hirav Sampat Nov 30 '15 at 03:57
  • is this only for IIS7.x ? For some reason, IsSecureConnection is true even on http requests (so it never redirects to https). Not sure why it doesn't work right, perhaps there's a bug in IIS8 (keeping this value set to true even though it is not) ? – MC9000 Apr 20 '16 at 09:05
  • @MC9000 dont really know as i have not tested this on all versions of iis but i found this https://bytes.com/topic/asp-net/answers/302697-checking-secure-connection-rediecting – Hirav Sampat Apr 27 '16 at 13:37