Rewriting URLs from https:// to http:// in IIS7

iis-7 https url-rewriting url-rewrite-module

71,656

Solution 1

Turns out that I had port :443 bound to a different website!

The above rewrite rules work fine for http:// to https:// rewriting and vice-versa -- though there might be more optimal or simple ways to do it.

Leaving this question here for future voyagers to find, as I didn't see many good examples of the https:// to http:// rewriting scenario on the web.

Solution 2

This post is a little old, but I wanted to answer. I am using ASP.Net MVC3, and Fabio's answer above didn't work for me. The easiest solution I came up with to handle the https redirect to http, while still allowing valid https pages to request secure content was just to add Whitelist rules above my https/http redirects:

    <rule name="WhiteList - content folder" stopProcessing="true">
      <match url="^content/"/>
      <conditions logicalGrouping="MatchAll" trackAllCaptures="false"/>
      <action type="None"/>
    </rule>
    <rule name="Redirect to HTTPS" stopProcessing="true">
      <match url="(.*)billing/(.*)" ignoreCase="true" />
      <conditions>
        <add input="{HTTPS}" pattern="^OFF$" />
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}/billing/" redirectType="SeeOther" />
    </rule>
    <rule name="ForceNonHttps" stopProcessing="true">
      <match url="(.*)billing/(.*)" ignoreCase="true" negate="true" />
      <conditions>
        <add input="{SERVER_PORT}" pattern="^443$" />
      </conditions>
      <action type="Redirect" redirectType="Found" url="http://{HTTP_HOST}{REQUEST_URI}" />
    </rule>

Solution 3

please first consider binding https to your website for making below redirect module to work is essential (so bind your web app with a self-signed or valid certificate)

final part in web.config to redirect https to http:

 <rewrite>
    <rules>
        <rule name="Force NonHTTPS" stopProcessing="true">
            <match url="(.*)" />
            <conditions>
               <add input="{HTTPS}" pattern="on" />
            </conditions>
            <action type="Redirect" url="http://{HTTP_HOST}/{REQUEST_URI}" />
        </rule>
    </rules>
</rewrite>

if you need the equivalent IIS GUI in rewrite module see below image

source: look tech-net for more detail and step by step guide.

Solution 4

Your solution work, but the problem is: your second instruction kill first instruction for any links is not (.)billing/(.), including your css, js, and images.

You can use this https to http rule:

<rule name="HTTPS to HTTP redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{RequiresSSL:{R:1}}" pattern="(.+)" negate="true" />
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
<add input="{REQUEST_URI}" pattern="^(.+)\.(?!aspx)" negate="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="http://{HTTP_HOST}/{R:1}" />
</rule>

View more solutions

71,656

Author by

Peter Burns

Stack Overflow Valued Associate #00001 Wondering how our software development process works? Take a look! Find me on twitter, or read my blog. Don't say I didn't warn you because I totally did. However, I no longer work at Stack Exchange, Inc. I'll miss you all. Well, some of you, anyway. :)

Updated on May 13, 2020

Comments

Peter Burns about 4 years

I'm trying to rewrite urls from the form:

https://example.com/about

to the form

http://example.com/about

using IIS7 URL rewriting:

<!-- http:// to https:// rule -->
<rule name="ForceHttpsBilling" stopProcessing="true">
  <match url="(.*)billing/(.*)" ignoreCase="true" />
  <conditions>
    <add input="{HTTPS}" pattern="off" ignoreCase="false" />
  </conditions>
  <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{REQUEST_URI}" />
</rule>

<!-- https:// to http:// rule -->    
<rule name="ForceNonHttps" stopProcessing="true">
  <match url="(.*)billing/(.*)" ignoreCase="true" negate="true" />
  <conditions>
      <add input="{SERVER_PORT}" pattern="^443$" />
  </conditions>
  <action type="Redirect" redirectType="Found" url="http://{HTTP_HOST}{REQUEST_URI}" />
</rule>

I'm at a loss; I've been browsing the web for examples and trying every syntax I can think of. The rewrite rules I specify simply don't appear to work at all for any https requests, as if all the https:// requests are flat out invisible to the rewrite engine.

rules work fine; see answer below.

Pat James over 13 years

I found that with the above https to http rule resulted in all of my css, javascript, and image resources on my https pages were being fetched as http. I dropped this rule and added an outbound rule to rewrite the a href tags on my secure pages to be http://{HTTP_HOST}/{R:0} to force the switch from https to http. Doesn't catch inadvertent manual navigation to non-secure pages using https but that's OK for me
StronglyTyped over 12 years

Pat James, I've having this issue too. Would you mind sharing your outbound rule?
Shehroz Ahmed about 7 years

Thanks you're a life saver. :))