HowTo: Working with the IIS rewrite module - Part 1

Follow
    Applies to:
  • SecureAuth Identity Platform
  • Legacy SecureAuth IdP
Deployment model:
  • Cloud
  • Hybrid
  • On Premises
  • Version Affected:  All

    Description:  

    Internet Information Services (IIS) is Microsoft's web server software used to host websites and web services. This article will be a base article on how to write rewrite rules using RegEx.

     

    Cause:  

    Sometimes an administrator requires redirecting a client based on an item buried within the URL, browser string, IP address, or some other 'server variable' available to the server when a client connects to the web server.

    For more on Server Variables, please see HowTo: Viewing server variables available during a session connection

     

    Resolution:  

    The IIS rewrite module is a powerful option if an administrator requires manipulating data, URL's, strings, etc when a user connects to their webserver. Rules can be global, at the server level, site specific at the web site level, or even application specific at the virtual directory level.

     

    Rewrite rules can be as simple as sending a user to a new URL:

    Example 1

    <rule name="Redirect to NEW qa-test" patternSyntax="Wildcard" stopProcessing="true">
    <match url="test.domain.*" />
    <action type="Redirect" url="https://qa-test.domain.com" />

    The above will just look for test.domain.<anything> and redirect the user to qa-test.domain.com.

     

    Rewrite rules can be more complex, so it manipulates the URL string:

    Example 2

    <rule name="Remove Username from URL" stopProcessing="true">
    <match url="(.*)" />
    <action type="Redirect" url="{R:0}?{C:1}{C:3}" appendQueryString="false" logRewrittenUrl="true" redirectType="Temporary" />
    <conditions logicalGrouping="MatchAny">
    <add input="{QUERY_STRING}" pattern="(.*)(&amp;username=[aA-zZ0-9._%+-]+%40[aA-zZ0-9.-]+\.[aA-zZ]{2,})(.*)" />
    </conditions>

     

    Rules are found in the configuration files and can be found at the following locations:

    • Global: C:\Windows\system32\inetsrv\Config\applicationHost.config
    • Site: D:\Inetpub\wwwroot\web.config
    • Application: %application_path%\web.config

    This is what a site configuration looks like in the web.config file:

    In the examples above one should notice the main difference in the url= directives. In Example 2, the URL is created using a set of R and C values. R values are used when using just Pattern searching via the rewrite module, as shown here:

    Whereas C values are created using Conditional rules, as shown here:

    This article is a starter for further discussions about the URL Rewrite module for IIS.

     

     

    Special Considerations (optional as needed):  

    RegEx searching can be tested via the IIS management console while creating Rewrite Rules.

     

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.