IIS rewrite rules work one time only, SSL error, Browser caching

Discussion in 'Site Programming, Development and Design' started by dotnetjam, Nov 20, 2015.

  1. Hello Gurus.

    Pretty long story in terms of what I have tried and I have spent the last 3/4 days scratching my head trying different config rules. What I am trying to achieve is a redirect of all traffic to https://euro-lets.com to satisfy the SSL cert so I don't see the privacy error that the cert is incorrect.

    Here's my current setup:

    • I have an MVC app that sits in a subdirectory of my root - /eurolets. This is setup as an application correctly and is working as expected.
    • I have an SSL certificate issued to euro-lets.com (note, not www.euro-lets.com)
    • I have two config rewrite rules, one that redirects to https://euro-lets.com from the pattern www.euro-lets.com or if HTTPS is turned off, and one that rewrites to the correct folder above.

    <rule name="rewrite to euro lets" enabled="true" stopProcessing="true">
    <match url="(.*)" />
    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
    <add input="{HTTP_HOST}" pattern="^euro-lets\.com$" />
    <add input="{PATH_INFO}" pattern="^/eurolets($|/)" negate="true" />
    <action type="Rewrite" url="\eurolets\{R:0}" />
    <rule name="Redirect to non-www https" enabled="true">
    <match url="(.*)"/>
    <conditions logicalGrouping="MatchAny">
    <add input="{HTTP_HOST}" pattern="^www.euro-lets\.com$" />
    <add input="{HTTPS}" pattern="^OFF$" />
    <action type="Redirect" url="https://euro-lets.com/{R:1}" redirectType="Temporary" />

    When I clear my cache in my browser (or fire up incognito), the first time www.euro-lets.com is loaded, it redirects correctly to https://euro-lets.com and the application starts correctly. However if I then change the address bar back to www.euro-lets.com, the redirect does not seem to take place correctly and I am presented with a security policy error because SSL cert does not match the common name with www.

    Seeing these results in Chrome, IE, and Safari on Mac but interestingly not on Edge, or Safari on Windows.

    After everything I have read and spoken with Winhost techs about, my feeling is that certain browsers are caching the redirects incorrectly. Something to do with recognising www and non-www addresses as the same when caching redirects.
    Is there a way in config or HTML or .net code or http headers (anywhere in the stack really) to force the browser to assess the rewrite rules every time the page loads?

    I've tried putting no-cache statements both in my config and on my layout pages, so they display in HTML on every page as follows:

    (NB: this is part of config.release so ignore the xslt stuff)
    <add name="Strict-Transport-Security" value="max-age=16070400; includeSubDomains" xdt:Transform="Insert" />
    <add name="Cache-Control" value="no-cache, no-store, must-revalidate" xdt:Transform="Insert" />
    <add name="Pragma" value="no-cache" xdt:Transform="Insert" />
    <add name="Expires" value="Tue, 01 Jan 1980 1:00:00 GMT" xdt:Transform="Insert" />

    And in my layout:
    <meta http-equiv="cache-control" content="max-age=0" />
    <meta http-equiv="cache-control" content="no-cache" />
    <meta http-equiv="expires" content="0" />
    <meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />
    <meta http-equiv="pragma" content="no-cache" />

    I've also tried separating the rules so all individual options are redirected e.g. http://www.euro-lets.com, https://www.euro-lets.com, http://euro-lets.com - all redirect to https://euro-lets.com.

    I've also tried switching the order around in every combination.

    Any thoughts on how to get around this? (without having to pay another $30 for another SSL for www.euro-lets.com)

    My other option would be not to use Winhost to issue the SSL next time and find an issuer that automatically registers both www and non-www addresses on the same certificate (my last issuer did this).



Share This Page