0

I had an url rewrite rule configured at IIS Root (ApplicationHost.config) that redirects www.example.com to HTTPS. The URL Rewrite configuration is setup on an IIS Instance behind a Public Load Balancer of our hosting where our SSL is installed by our hosting provider. The Load Balancer provides us with X-Forwarded-Proto header that sets to http if the original request is in HTTP and https if the original request is in HTTPS.

The Url Rewrite is configured this way:

 Pattern: .* Conditions: Match All Input |Type |Pattern ------------------------------------------------------------- {HTTP_HOST} |Matches the Pattern |www.example.com {HTTP_X_Forwarded_Proto}|Matches the Pattern |^http$ Action: Redirect to URL: https://{HTTP_HOST}{REQUEST_PATH} Redirect Type : 302

The problem is, we had a powershell script that installed in the web server itself to check whether the website is available or not using [System.Net.WebRequest]::Create($siteUrl). The script reports HTTP 200 (OK) most of the time, but sometimes it fails with 404 HTTP Error. Since the PowerShell script is locally executed, it should not have the X-Forwarded-Proto header and never get 404 by IIS.

Is it possible in any way, that URL Rewrite fired when it should not?

Improve this question

1 Answer 1

Reset to default
0

I recommend to enable Failed Request Tracing as it’s a powerful tool to see how modules, including the URL Rewrite module, handles the request. Without it, it’s a guess from me at this point.

Here’s my guess: This depends on the hosts files and/or the DNS server configured on the IIS server itself. However, even when running locally, www.example.com could be resolving back to the load balancer’s IP and the request could be coming back in through the load balancer and therefore have the X-Forwarded-Proto header. We would be able to see if the header is present with Failed Request Tracing.

Note (mostly from my OCD): I would recommend to change the pattern from www.example.com to www(backslash).example(backslash).com in order to tell URL rewrite that the dot (.) is a literal dot and not the wild character dot. Replace (backslash) with the actual character. It seems SO is cleaning up the character for me.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.