Rewriting URLs from https:// to http:// in IIS7
Solution 1
Turns out that I had port :443 bound to a different website!
The above rewrite rules work fine for http:// to https:// rewriting and vice-versa -- though there might be more optimal or simple ways to do it.
Leaving this question here for future voyagers to find, as I didn't see many good examples of the https:// to http:// rewriting scenario on the web.
Solution 2
This post is a little old, but I wanted to answer. I am using ASP.Net MVC3, and Fabio's answer above didn't work for me. The easiest solution I came up with to handle the https redirect to http, while still allowing valid https pages to request secure content was just to add Whitelist rules above my https/http redirects:
<rule name="WhiteList - content folder" stopProcessing="true">
<match url="^content/"/>
<conditions logicalGrouping="MatchAll" trackAllCaptures="false"/>
<action type="None"/>
</rule>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)billing/(.*)" ignoreCase="true" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/billing/" redirectType="SeeOther" />
</rule>
<rule name="ForceNonHttps" stopProcessing="true">
<match url="(.*)billing/(.*)" ignoreCase="true" negate="true" />
<conditions>
<add input="{SERVER_PORT}" pattern="^443$" />
</conditions>
<action type="Redirect" redirectType="Found" url="http://{HTTP_HOST}{REQUEST_URI}" />
</rule>
Solution 3
please first consider binding https to your website for making below redirect module to work is essential (so bind your web app with a self-signed or valid certificate)
final part in web.config to redirect https to http:
<rewrite>
<rules>
<rule name="Force NonHTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="on" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{REQUEST_URI}" />
</rule>
</rules>
</rewrite>
if you need the equivalent IIS GUI in rewrite module see below image
source: look tech-net for more detail and step by step guide.
Solution 4
Your solution work, but the problem is: your second instruction kill first instruction for any links is not (.)billing/(.), including your css, js, and images.
You can use this https to http rule:
<rule name="HTTPS to HTTP redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{RequiresSSL:{R:1}}" pattern="(.+)" negate="true" />
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
<add input="{REQUEST_URI}" pattern="^(.+)\.(?!aspx)" negate="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="http://{HTTP_HOST}/{R:1}" />
</rule>
Peter Burns
Stack Overflow Valued Associate #00001 Wondering how our software development process works? Take a look! Find me on twitter, or read my blog. Don't say I didn't warn you because I totally did. However, I no longer work at Stack Exchange, Inc. I'll miss you all. Well, some of you, anyway. :)
Updated on May 13, 2020Comments
-
Peter Burns about 4 years
I'm trying to rewrite urls from the form:
https://example.com/about
to the form
http://example.com/about
using IIS7 URL rewriting:
<!-- http:// to https:// rule --> <rule name="ForceHttpsBilling" stopProcessing="true"> <match url="(.*)billing/(.*)" ignoreCase="true" /> <conditions> <add input="{HTTPS}" pattern="off" ignoreCase="false" /> </conditions> <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{REQUEST_URI}" /> </rule> <!-- https:// to http:// rule --> <rule name="ForceNonHttps" stopProcessing="true"> <match url="(.*)billing/(.*)" ignoreCase="true" negate="true" /> <conditions> <add input="{SERVER_PORT}" pattern="^443$" /> </conditions> <action type="Redirect" redirectType="Found" url="http://{HTTP_HOST}{REQUEST_URI}" /> </rule>
I'm at a loss; I've been browsing the web for examples and trying every syntax I can think of. The rewrite rules I specify simply don't appear to work at all for any https requests, as if all thehttps://
requests are flat out invisible to the rewrite engine.rules work fine; see answer below.
-
Pat James over 13 yearsI found that with the above https to http rule resulted in all of my css, javascript, and image resources on my https pages were being fetched as http. I dropped this rule and added an outbound rule to rewrite the a href tags on my secure pages to be http://{HTTP_HOST}/{R:0} to force the switch from https to http. Doesn't catch inadvertent manual navigation to non-secure pages using https but that's OK for me
-
StronglyTyped over 12 yearsPat James, I've having this issue too. Would you mind sharing your outbound rule?
-
Shehroz Ahmed about 7 yearsThanks you're a life saver. :))