IIS 7.0: unwanted automatic redirect to HTTPS

httpsiisredirect

Situation:

WinServer 2008 R2 with IIS 7.0
Default Web Site with the following bindings: HTTP on port 80 for www.<domain>.com and HTTP on port for <domain>.com, as well as HTTPS on port 443
No redirects (only a wordpress URL rewirte to get rid of 'index.php')
No sites require SSL as of yet (will later be changed for single pages / applications)

Problem: Every time I enter <domain>.com as the URL in any browser, I get redirected to https://www.<domain>.com [<– note the 'S'] (bad). When I enter www.<domain>.com, it stays as it is (good).

I double checked the settings a hundred times and cannot find any reason for that behavior. Any ideas?

Best Answer

IIS won't do that kind of redirect with a simple configuration, it's much more likely whatever is the first page answering the connection sending the redirect - Wordpress or a plugin, perhaps?

Install FireFox with the TamperData plugin on your client, and watch the web request to http://domain.com and see what is sent to the server, and see how the redirect comes back and at what stage - is anything served first, what headers does it come with. Maybe that will shed some light on it?

Correct way in new versions of nginx

Turn out my first answer to this question was correct at certain time, but it turned into another pitfall - to stay up to date please check Taxing rewrite pitfalls

I have been corrected by many SE users, so the credit goes to them, but more importantly, here is the correct code:

server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;
       # add Strict-Transport-Security to prevent man in the middle attacks
       add_header Strict-Transport-Security "max-age=31536000" always; 

       [....]
}

IIS URL Rewrite HTTP to HTTPS with Port

Even though the question was answered awhile ago, this is the rule that I used.

<rule name="Redirect to HTTP on different port" enabled="true" stopProcessing="true">
      <match url="(.*)"/>
      <conditions>
        <add input="{HTTPS}" pattern="ON"/>
      </conditions>
      <!-- Cannot Use {HTTP_HOST} as it contains both the {SERVER_NAME}{SERVER_PORT} -->
      <action type="Redirect" url="http://{SERVER_NAME}:1000{HTTP_URL}" redirectType="Found" appendQueryString="false"/>
    </rule>

Best Answer

Related Solutions

NGINX Redirect – How to Rewrite All HTTP Requests to HTTPS While Maintaining Sub-Domain

Correct way in new versions of nginx

IIS URL Rewrite HTTP to HTTPS with Port

Related Topic