0

ASP .Net website. Visual Studio 2013. Windows Server 2012 R2 + updates

I am attempting to redirect SOME pages as https i.e. login and payment pages AND pages under those directories. So far in IIS i have

<system.webServer>
    <rewrite>
        <rules>
            <rule name="Redirect to HTTPS" stopProcessing="true">
                <match url=".*" />
                <conditions>
                    <add input="{HTTPS}" pattern="^OFF$" />
                    <add input="{HTTP_HOST}" pattern="^.example\.com$" />
                    <add input="{HttpsRedirects:{REQUEST_URI}}" pattern="(.+)" />
                </conditions>
                <action type="Redirect" url="https://{HTTP_HOST}/{C:1}" appendQueryString="false" redirectType="SeeOther" />
            </rule>
        </rules>
        <rewriteMaps>
            <rewriteMap name="HttpsRedirects">
                <add key="/user/login/" value="/user/login/" />
                <add key="/user/payment/" value="/user/payment/" />
            </rewriteMap>
        </rewriteMaps>
    </rewrite>
</system.webServer>

I have changed pattern="^www.example.com$" to pattern="^.example.com$" as the site's main domain name is example.com (without www).

The problem i have is it doesnt seem to add https to all pages below these directories i.e. all pages under the login and payment directories?

IF I manually add https then it also applies it to image files (im seeing images not looking correct).

How could i amend the above code to exclude images (file extension or directories) and ensure when the user reaches these pages they are using https?

Computer
  • 2,149
  • 7
  • 34
  • 71
  • 1
    Why not serve everything via HTTPS? – mason Apr 04 '17 at 20:15
  • IMHO, the issue "images not looking correct" _is_ the issue that needs figuring out. If you do what I think you are saying, "excluding" images, then you will have **mixed secure and insecure content** - which, depending on browser, will notify end user of such discrepancy, or worse, not even display/request the insecure content (including scripts, styles). – EdSF Apr 05 '17 at 02:56
  • The site is has been upgraded and moved to Win Server 2012 and I was following the existing structure. Would making it fully https damage existing SEO, links etc? – Computer Apr 05 '17 at 05:23
  • I would just add a redirect for any incoming HTTP URL's to be converted to HTTPS URL's. I'm no SEO expert by any means, but I hear HTTPS is preferred over HTTP. It's better for everyone that it be all HTTPS anyways. – mason Apr 05 '17 at 12:21
  • Thats what ive done now. Hopefully no issues, feel free to add it as an answer and i will accept – Computer Apr 06 '17 at 09:58

0 Answers0