Response.Redirect converts absolute URL to relative

Question

I have an asp.net website (.net 4.7.2) which uses Response.Redirect to redirect to some external resources. E.g. https://mypage.com/link?id=1 calls

HttpContext.Current.Response.Redirect("https://anotherpage.com/article.html", false);
HttpContext.Current.ApplicationInstance.CompleteRequest();

This website runs on multiple environments (servers) and on some of them the redirect works correctly, but on some the Location header appended to response is broken - its value is https://mypage.com/article.html. So the final URL is a combination of current hostname with the relative path of the reidrect URL. I can't figure out why this happens.

I tried setting the header like this - this didn't make a difference:

HttpContext.Current.Response.StatusCode = 302;
HttpContext.Current.Response.AddHeader("Location", redirectLink);

I want to avoid any client-side hacks like rendering javascript redirect code.

My question is similar to this one: Response.Redirect() is dealing an Absolute URL as an relative URL but I am not using any custom protocols and I am redirecting to simple, properly formatted URLs.

One more note: actually this code worked for last few years and seems that it came up after installing latest April Windows Updates (Windows Server 2016, kb5001347, kb5001402, kb5001649) - but suprisingly after reverting these updates this problem still occurs on these affected environments.

See https://referencesource.microsoft.com/#System.Web/HttpResponse.cs,3308 — haim770, May 06 '21 at 13:05
If the above is indeed related, make sure the `` is set on all involved machines. — haim770, May 06 '21 at 13:11
Thx for hint @haim. AFAIK this flag is false by default. Adding it explicitly in web config didn't help unf. — andy250, May 06 '21 at 14:06

andy250 · Accepted Answer · 2021-05-10T08:14:29.643

It turned out to be not related to IIS or the asp.net app. I failed to mention in the question that the website runs behind ARR. It turns out ARR settings got out of sync between environments. The hostname is replaced by ARR when the setting reverseRewriteHostInResponseHeaders is set to true. To disable this setting in ARR:

Open %WINDIR%\system32\inetsrv\config\applicationHost.config and apply this:

<system.webServer>
  ...
  <proxy enabled="true" reverseRewriteHostInResponseHeaders="false" />
  ...
</system.webServer>

Or via ARR GUI in inetmgr.exe:

Also related topic that I found after fixing this: https://serverfault.com/questions/807012/iis-rewriting-location-header-before-arr

Response.Redirect converts absolute URL to relative

1 Answers1