I have a micro service built on .net core v3 and hosted in the ATIKA domain which is on a virtual machine of Azure. I want to access hosted API from the IVKLA domain only and other than this domain should get 400 status code.
So in allow host is taken care in the appsettings file
"AllowedHosts": "IVKLA.com"
Even with this setting, however, I am getting 400 status code from any Postman request made from IVKLA domain computers.
I have tried other forum posts but still did not got any proper answer.
The information below was last updated on October 21, 2022.
As suggested, I have tried using URL ReWrite in IIS server. I Was able to block the IP and getting 403 forbidden status.
But when I have try to white list an IP I am getting
"500URL Rewrite Module Error"
This is the URL rewrite from web.config
<rewrite>
<rewriteMaps>
<rewriteMap name="Authorized Admin IPs">
<add key="1.2.3.4" value="1" />
</rewriteMap>
</rewriteMaps>
<rules>
<rule name="Authorized admin" patternSyntax="Wildcard">
<match url="*" />
<conditions logicalGrouping="MatchAny">
<add input="{Authorized Admin IPs:{REMOTE_ADDR}}" pattern="1" />
<add input="{REMOTE_ADDR}" pattern="*.*.*.*" />
</conditions>
<serverVariables>
<set name="HTTP_X_AUTHORIZED_ADMIN" value="yes" />
</serverVariables>
<action type="None" />
</rule>
<rule name="un Authorized users" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern=".*" />
<add input="{HTTP_X_AUTHORIZED_ADMIN}" pattern="yes" />
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="forbidden" statusDescription="forbidden" />
</rule>
</rules>
</rewrite>
Related
I want to rewrite all images to a different folder. I'm using IIS and have configured a rule in the web.config to redirect all requests to a node.js file as follows:
<rewrite>
<rules>
<rule name="img">
<match url="\/(.*).img" />
<action type="Rewrite" url="/handlers/img.js" />
</rule>
</rules>
</rewrite>
All requests are now being sent to the img.js file, where based on a condition, I want to redirect to another image file. But IIS now sends that file to the img.js and it ends up as a loop. Is there any way out of this loop?
You could try the below thing to resolve the issue:
set the condition to do not match the pattern:
<conditions>
<add input="{REQUEST_URI}" pattern="\/(.*).img.js" negate="true" />
</conditions>
or set <rule name="img" stopProcessing="true">
<rule name="img" stopProcessing="true">
<match url="\/(.*).img" />
<conditions>
<add input="{REQUEST_URI}" pattern="\/(.*).img.js" negate="true" />
</conditions>
<serverVariables />
<action type="Rewrite" url="/handlers/img.js" logRewrittenUrl="true" />
</rule>
I have a site made in Asp.Net Core 3. When it is called via the url www.sitename.com/site it is redirected to my server IIS to myserver.com:8009.
Is it possible to configure IIS or Asp.Net Core to replace the name of port 8809 to name of site like myserver.com/site?
You can try redirecting www.sitename.com/site to myserver.com/site, and then rewrite myserver.com/site as myserver.com:8009.
Here is my tested code:
<rule name="redirect" stopProcessing="true">
<match url="^(.*)$" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www.sitename.com$" />
</conditions>
<action type="Redirect" url="http://myserver.com/{R:1}" />
</rule>
<rule name="rewrite2">
<match url="site" />
<action type="Rewrite" url="http://myserver.com:8009." />
</rule>
Assume my server ip address was : http://192.168.1.100 (NON SSL)
And my domain name was : https://helloserver.com (SSL)
If someone was to access my website via the domain helloserver.com the server should automcatically redirect it to HTTPS.
I've managed to get that done by applying the below rule
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Permanent"
url="https://{HTTP_HOST}/{R:1}" />
</rule>
But however if someone access the website from the IP Address itself, it'll give a certificate error because the ip address doesn't have a certificate.
How can i modify the below rule in away that when the IP Address is used to access the website it would use HTTP instead of the redirected HTTPS rule
I'm guessing it has something to do with <match url="" /> condition.
Any idea's?
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_HOST}" pattern="^helloserver.com$" />
</conditions>
<action type="Redirect" redirectType="Permanent"
url="https://{HTTP_HOST}/{R:1}" />
</rule>
What I want is that all requests that are non-https or don't have www prepended are redirected to: "https://www." + domain name + possible query string parameters.
I have this rewrite rule (found here):
<rule name="non-www to www https" enabled="true" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^[^\.]+\.[^\.]+$" />
<add input="{HTTPS}" pattern="on" />
</conditions>
<action type="Redirect" url="https://www.{HTTP_HOST}/{R:0}" />
</rule>
However, when typing the following domains in the browser address bar no redirect takes place (and I get a security certificate error since I don't have a wildcard DNS SSL certificate):
https://example.com/
http://example.com/
But example.com (without protocol), redirects correctly to https://www.example.com/
Also notice in the above rule that I'm matching the hostname dynamically and not just on "example.com" since I want this rule to work for multiple domain names.
I then also checked this post, which has a neat rule:
<rule name="Force WWW and SSL" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^[^www]" />
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://www.zzz.com/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
I think this does exactly what I want, but how would I make the domain name in this example dynamic and preserve that in the redirect (like the first code sample does)? (the original poster has not logged in in the last 6 months so that's why I am asking here)
Furthermore I also checked this post, which also seems a good candidate:
<rule name="Redirect top domains with non-www to www" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern=".*localhost.*" negate="true" />
<add input="{HTTP_HOST}" pattern=".*stage\..*" negate="true" />
<add input="{HTTP_HOST}" pattern=".*dev\..*" negate="true" />
<add input="{HTTP_HOST}" pattern="^([^\.]+)\.([^\.]+)$" />
</conditions>
<action type="Redirect" url="https://www.{HTTP_HOST}/{R:1}" redirectType="Permanent" />
<serverVariables>
<set name="Redirect" value="false" />
</serverVariables>
</rule>
<rule name="Force HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern=".*localhost.*" negate="true" />
<add input="{HTTP_HOST}" pattern=".*stage\..*" negate="true" />
<add input="{HTTP_HOST}" pattern=".*dev\..*" negate="true" />
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
But then http://example.com redirects to https://example.com and I still get the security exception.
First, I strongly recommend you to obtain a new SSL certificate that supports both example.com and www.example.com. That kind of certificates are actually pretty standard with most SSL providers, it does not have to be a wildcard certificate. Otherwise you will not be able to handle requests to https://example.com as it is now, and that's a problem I think.
Your top two rules should be like the ones below.
P.S. 301 redirects are cached for a while by the browsers. Google clear 301 redirect cache for your browser before testing the new rules.
<rule name="All HTTP to HTTPS+WWW" stopProcessing="true">
<match url=".*" />
<conditions trackAllCaptures="true">
<add input="{SERVER_PORT_SECURE}" pattern="0" />
<add input="{HTTP_HOST}" pattern="(?:localhost|stage\.|dev\.)" negate="true" />
<!-- here with this 3rd condition we capture the host name without "www." prefix into {C:1} variable to use in redirect action -->
<add input="{HTTP_HOST}" pattern="^(?:www\.)?(.+)" />
</conditions>
<action type="Redirect" url="https://www.{C:1}/{R:0}" appendQueryString="true" redirectType="Permanent" />
</rule>
<rule name="All HTTPS With No WWW to HTTPS+WWW" stopProcessing="true">
<match url=".*" />
<conditions trackAllCaptures="false">
<add input="{SERVER_PORT_SECURE}" pattern="1" />
<add input="{HTTP_HOST}" pattern="(?:localhost|stage\.|dev\.)" negate="true" />
<add input="{HTTP_HOST}" pattern="^www\." negate="true" />
</conditions>
<action type="Redirect" url="https://www.{HTTP_HOST}/{R:0}" appendQueryString="true" redirectType="Permanent" />
</rule>
I have multiple websites pointing to a central folder (IIS 7.5)
company1.domain.com/wo pointing to D:\inetpub\wo
company2.domain.com/wo pointing to D:\inetpub\wo
company3.domain.com/wo pointing to D:\inetpub\wo
All the websites work for both HTTP and HTTPS (if typed manually). However, the sites have to connect via HTTPS. I want to setup automatic SSL redirect to but am having issues. I created URL Rewrite rule but since this is only one webconfig file the URL redirects to only one website (not maintaining the URL).
How do I setup SSL redirect so that the URLs are preserved and all websites point to the same folder?
Any assistance will be greatly appreciated.
Thanks
You should include the host header when checking if HTTPS is enabled and then redirect to the https URL for the appropriate domain.
Here's an example:
<rewrite>
<rules>
<clear />
<rule name="Force HTTPS - www.domain1.com" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" negate="true" pattern="^ON$" />
<add input="{HTTP_HOST}" pattern="\.domain1\.com$" />
</conditions>
<action type="Redirect" url="https://www.domain1.com{REQUEST_URI}" appendQueryString="false" redirectType="Permanent" />
</rule>
<rule name="Force HTTPS - www.domain2.com" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" negate="true" pattern="^ON$" />
<add input="{HTTP_HOST}" pattern="\.domain2\.com$" />
</conditions>
<action type="Redirect" url="https://www.domain2.com{REQUEST_URI}" appendQueryString="false" redirectType="Permanent" />
</rule>
<!-- add more rules for other domains if needed -->
</rule>
</rules>
</rewrite>
You can add as many rules for domain names as you want.
EDIT: Sorry, I misread your question. In that case it's even simpler:
<rewrite>
<rules>
<clear />
<rule name="Force HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" negate="true" pattern="^ON$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
No need to check for the host header, just include the host name in the redirect. You only have to make sure that you have SSL certificates for all domain names.