Home > other >  IIS redirect HTTP to HTTPS causes duplicate url
IIS redirect HTTP to HTTPS causes duplicate url

Time:07-14

I am using IIS (10, Server 2019) with the URL Rewrite module as a reverse proxy in front of a node.js app. I am also using it to redirect HTTP to HTTPS. The reverse proxy part is working fine but redirecting HTTP to HTTPS is not. When I try to go to 'http://my.site.com' I end up at 'https://my.site.comhttps://my.site.com' which of course does not work.

Here are my rules:

<rules>
    <clear />
    <rule name="Rewrite for 8443" stopProcessing="false">
        <match url="(.*)" />
        <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
            <add input="{HTTP_HOST}" pattern="^my\.site\.com$" />
        </conditions>
        <serverVariables>
            <set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
            <set name="HTTP_ACCEPT_ENCODING" value="" />
        </serverVariables>
        <action type="Rewrite" url="https://{C:0}:8443{REQUEST_URI}" />
    </rule>
    <rule name="Rewrite for 3030" enabled="true" stopProcessing="false">
        <match url="(.*)" />
        <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
            <add input="{HTTP_HOST}" pattern="^(api\.)(my\.site\.com)$" />
        </conditions>
        <action type="Rewrite" url="https://{C:2}:3030{REQUEST_URI}" />
    </rule>
    <rule name="Redirect http to https" enabled="true" stopProcessing="true">
        <match url="(.*)" />
        <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
            <add input="{HTTPS}" pattern="^OFF$" />
        </conditions>
        <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" redirectType="Permanent" />
    </rule>
</rules>

Thanks.

CodePudding user response:

I figured it out, sort of. That is to say I fixed it, although I don't really understand the why of it all. The problem in my case seems to be the use of the variable REQUEST_URI in the action of my "Redirect http to https" rule. I think the fact that my redirect rule was used in combination with the other reverse proxy rewrite rules has something to do with why I was experiencing this issue. I know that the redirect rule I used works fine in other scenarios and it is a copy of what can be found on countless guides around the web. Anyway, I replaced {REQUEST_URI} with {HTTP_URL} and everything works fine now. The updated rule looks as follows.

<rule name="Redirect http to https" enabled="true" stopProcessing="true">
    <match url="(.*)" />
    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
        <add input="{HTTPS}" pattern="^OFF$" />
    </conditions>
    <action type="Redirect" url="https://{HTTP_HOST}{HTTP_URL}" appendQueryString="false" redirectType="Permanent" />
</rule>
  • Related