IIS rewrite rule to redirect https to http not working

4
votes

There's lots of questions here about redirecting http to https so I figured it would be easy to reverse the process. However, everything I've tried hasn't worked.

I'm trying to combine the rule with my canonical host name rule (it's the first rule, at the top of the rewrite rules):

<rule name="CanonicalHostName" stopProcessing="true">
  <match url="(.*)" />
  <conditions logicalGrouping="MatchAny">
    <add input="{HTTPS}" pattern="^ON$" />
    <add input="{HTTP_HOST}" negate="true" pattern="^www\.example\.com|example-staging\.azurewebsites\.net$" />
  </conditions>
  <action type="Redirect" url="http://www.example.com/{R:1}" redirectType="Permanent" />
</rule>

The site is hosted on Azure and DNS is with CloudFlare if that makes any difference, I'm sure it shouldn't.

Any ideas what I'm doing wrong / might be preventing the https to http part of the rule working? (the host name part works fine)

2
asp.netiisurl-rewritingweb-config
Is the app MVC? Do you maybe have a RequireHttpsAttribute either in the global filters or on a controller itself? - bgs264
Yes, this is an MVC web application, but no RequireHttpsAttribute's anywhere. - Gavin

2 Answers

6
votes

CloudFlare

It seems the reason you cannot redirect away from SSL is because you are using CloudFlare. CloudFlare at a minimum uses flexible SSL. This means that the end user, browser shows the SSL lock but your server doesn't need SSL. See documentation here: https://www.cloudflare.com/ssl

Without CloudFlare the following example should work.

No CloudFlare

The following rule should work. You could still add your negate in if you want.

<rule name="HTTPS to HTTP redirect" stopProcessing="true">
    <match url="(.*)" />
    <conditions>
        <add input="{HTTPS}" pattern="on" ignoreCase="true" />
    </conditions>
    <action type="Redirect" redirectType="Found" url="http://{HTTP_HOST}/{R:1}" />
</rule>

Full rewrite section for my working demo site.

<rewrite>
    <rules>
        <rule name="CanonicalHostNameRule1">
            <match url="(.*)" />
            <conditions>
                <add input="{HTTP_HOST}" pattern="^www\.ashleymedway\.com$" negate="true" />
            </conditions>
            <action type="Redirect" url="http://www.ashleymedway.com/{R:1}" />
        </rule>
        <rule name="HTTPS to HTTP redirect" stopProcessing="true">
            <match url="(.*)" />
            <conditions>
                <add input="{HTTPS}" pattern="on" />
            </conditions>
            <action type="Redirect" url="http://{HTTP_HOST}/{R:1}" redirectType="Found" />
        </rule>
    </rules>
</rewrite>
-1
votes

Your redirect is still http:

url="http://www.example.com/{R:1}"

You can follow these instructions: Click Here

Additional information: Here