I am trying to write some rewrite rules in the <system.webServer> section of the web.config file.
My goal is that any URL that is not in the www section will be rewritten as www.myurl.com . I believe this should be a 301 redirect? To add to this, I also want to make sure that I use SSL with HSTS.
I need to make sure that I do not correct this rule for one domain, for example, it should work for foo.com and bar.com along with any others that I can choose in the future (maybe quite a lot when I start looking at specific ones countries).
Here is what I still have:
<system.webServer> <rewrite> <rules> <rule name="HTTP to HTTPS redirect" enabled="true" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="off" ignoreCase="true" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" /> </rule> <rule name="Non WWW redirect" enabled="true" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTP_HOST}" pattern="^(www|office365|bdf01)\." negate="true" ignoreCase="true" /> </conditions> <action type="Redirect" url="https://www.{HTTP_HOST}/{R:1}" redirectType="Permanent" /> </rule> </rules> <outboundRules> <rule name="Add Strict-Transport-Security when HTTPS" enabled="true"> <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" /> <conditions> <add input="{HTTPS}" pattern="on" ignoreCase="true" /> </conditions> <action type="Rewrite" value="max-age=31536000" /> </rule> </outboundRules> </rewrite> </system.webServer>
The above has 3 rules: - HTTP to HTTPS - Non-WWW for WWW - HSTS
It looks like my HTTP-HTTPS rule is working fine, but this is the only one.
Non-www redirects should be able to allow specific subdomains. In the above example, www should not be added. to office365.foo.com or bdf01.foo.com This part does not work . See example 1.
I'm not sure how best to test HSTS, but I use a website called woorank to view the website and it says that HSTS is not enabled. Not sure if this works, but not displayed
I'm not quite sure how pattern matching works within these rules, so it would be more than happy for links to resources that can help me better understand this part. Any help would be greatly appreciated.
Example 1
When I go to the http://foo.com homepage, I should be transferred to https://www.foo.com , instead I will go to https://foo.com . Similarly, if I go to http://office365.foo.com , I should get https://office365.foo.com , but I still get the same http:// address.
redirect ssl web-config iis iis-7
David hamilton
source share