Compartilhar via


HOWTO: Common URL Redirection Techniques for IIS, Summary

For the next several entries, I am focusing on this frequently asked topic:

How do I rewrite / redirect / forward / mask requests from one URL to another with IIS?

Common questions that fall into this topic include:

  • Redirect requests from https://server to https://server (i.e. SSL-only site, Exchange/OWA login)
  • Redirect requests from https://external to https://internal and back (i.e. expose internal server to outside)
  • Redirect requests from /app/username/bob to /app.asp?username=bob (i.e. courtesy/pretty URLs)
  • Do any of the above either transparently (client URL/location bar does not change) or explicitly

I see these and similar questions asked over, and... over, and... over, and then some, and I rewrite my explanation again and again... and the MS newsgroup reader periodically sweeps my replies away, over and over. Hmm... sense any frustrating pattern here? ;-)

Hey, it may be the first time you asked the question, but it is not the first time I have answered it... so pardon me for being a little terse; I get that way when I am tired. This is my attempt at giving you the full, cogent details, hopefully once and for all. :-)

My main goals are to:

  1. Establish a "redirection taxonomy" to help you recognize and classify the type of redirection you want to perform.
  2. Show how to implement (or give reasons why it is not possible) each type of redirection using either built-in IIS "core" feature, custom ISAPI Filter DLLs, custom ISAPI Extension DLLs, or custom ASP script pages (I consider ASP as an arbitrary ISAPI Extension DLL which allows script code to make underlying IIS function calls).
  3. Along the way, explain any random, related tidbits that have been asked before.

As expected, the more sophisticated types of redirection require custom code installed as add-ons to IIS, but we are all grown-ups here who can either purchase binaries or copy/paste/compile code, right? Good! Now, I plan to show you how to do all these things without purchasing any add-on modules, but through explanation you should also rapidly see WHY you would want to purchase an existing solution - anyone mention SUPPORTABILITY!?!

Basic Types of Redirection

In my taxonomy, the web server can perform three types of redirection to handle any given request from the client:

  1. Client-Side Redirection - The server sends a "302 Redirect" response with a Location: header containing the new URL, and the client makes another request to the new URL.
  2. Server-Side Redirection  - The server transparently rewrites the request URL to another URL which remains on the same website as the original.
  3. Server-Side Forwarding - The server transparently rewrites the request URL to another URL which does NOT remain on the same website as the original. Note the new website can be on another machine, but not necessarily.

Before reading any further, I advise you to take a good look at the above classification and determine which type your question falls under. In particular, Server-Side Redirection/Forward have been described by people using colorful phrases such as:

  • Courtesy/Pretty URL
  • URL shadowing
  • URL masking
  • Publishing/Exporting internal website to be accessible externally
  • Redirecting URL on one web server to be handled by another web server
  • One web server reverse-proxying another server
  • Force HTTP requests to HTTPS/SSL
  • Etc...

In any case, I believe they all fall into exactly one of the three buckets in my taxonomy. If your desired redirection does NOT fall under exactly one of the three buckets or does not fall under ANY of my three buckets... feel free to add a Comment or post a private Contact email to me. I am open to suggestions/change. Really. :-P

Some Subtle Points

Some people distinguish redirections by whether the URL location/address bar changes in the client. This classification is problematic because:

  • HTML Frames can give the illusion of a non-changing URL location/address bar because web browsers usually only display the parent frame's URL, but anyone can browse the HTML to determine where the content is really coming from. After all, the user must have download the HTML in plain text in order for the browser to display it. Thus, the non-changing URL location/address bar hides absolutely nothing and achieves no security.
  • Server-Side Redirection/Forwarding also change the response without changing the client's URL location/address bar, and both are very different things from HTML Frames.

Some people are surprised that POST requests do not have transparent Client-Side Redirection. Well, let us pretend we are the browser and look at things from its perspective, and you tell me whether Client-Side Redirection should be transparent or not:

  • I just sent this large 4GB entity body to the server and got this 302 Redirect back. Should I go ahead and automatically POST the the 4GB entity body to the new URL? What if I am on a dial-up?
  • I just sent my username/password with a form over SSL and got this 302 Redirect back. Should I send it again over UNENCRYPTED HTTP to the new URL?

Other Subtle Point

Now, another common user statement which frequently follows the question about how to rewrite URLs on IIS is that: "Apache has had these three types of redirection built in forever, so why is IIS so far behind?" Well, let us look at the situation objectively, apples-to-apples.

Actually, Apache "core" does NOT perform ANY sort of redirection. You need to install and configure add-on modules like mod_redirect to get Client-Side Redirection, mod_rewrite to get Server-Side Redirection, and mod_proxy to get Server-Side Forwarding. So, the ability to redirect is NOT built-in; the modules happen to be in common distros and configuration is baked into httpd.config and .htaccess, so it appears built-in when you are really talking about availability of add-on modules bundled with Apache core.

Now, IIS "core" performs Client-Side redirection, configurable via the HttpRedirect property... so IIS "core" is not really behind feature-wise. Also, you need to install add-on modules to get Server-Side Redirection and Server-Side Forwarding behavior, so IIS is not really behind Apache in extensibility, either.

Where things differ is availability. No one seems to provide modules to do Server-Side Redirection or Server-Side Forwarding on IIS for free. At least, I am not aware of any free/open-source add-on IIS modules which implement those Server-Side behaviors; I only know of for-fee modules like ISAPIRewrite.

So, before you come barging into IIS forums/newsgroups asking for free code and complaining about the lack of free modules - consider contributing to the common cause if you can - because only then can you help improve the availability of public modules for IIS. I know that many people have written their own versions to perferm Server-Side Redirection/Forwarding, but none have donated their code for public use. It is all locked up on internal servers owned by private companies.

HOWTO Implement Redirections, Index

Ok, that is enough preface for now. Here are all the redirection possibilities that I can think of right now, categorized by the type of redirection performed, technology used to perform the redirection, and amount of coding involved. Get ready for this index to be updated with links...

  • Client-Side Redirection using:
    • IIS "Core" (no code) - HttpRedirect
    • IIS "Core" (script code) - HttpErrors and ASP
    • ASP (script code) - Response.Redirect
    • ISAPI Filter (compiled code) - SF_REQ_SEND_RESPONSE_HEADER
    • ISAPI Extension (compiled code) - HSE_REQ_SEND_RESPONSE_HEADER, HSE_REQ_SEND_URL, HSE_REQ_SEND_URL_REDIRECT_RESP
  • Server-Side Redirection using:
    • IIS "Core" (no code involved) - IIsWebFile and ScriptMaps
    • ASP (some code involved) - Server.Transfer and Server.Execute (ASP only)
    • ISAPI Filter (compiled code) - SetHeader( "url" ) in SF_NOTIFY_PREPROC_HEADERS or SF_NOTIFY_AUTH_COMPLETE
    • ISAPI Extension (compiled code) - HSE_REQ_EXEC_URL and HSE_REQ_EXEC_UNICODE_URL and Wildcard Application Mapping
  • Server-Side Forwarding using:
    • ISAPI Filter (compilied code) - Using WinHttp
    • ISAPI Extension (compiled code) - Using WinHttp and Wildcard Application Mapping

//David

Comments

  • Anonymous
    August 02, 2005
    Can you update this article with a HOWTO on exposing http://internal via http://external by ISAPI proxy?

  • Anonymous
    August 02, 2005
    http://internal via http://external is already included by Server-Side Forwarding, which I will eventually get to (see that entire list...).

  • Anonymous
    August 13, 2005
    Hi David,

    I am waiting to read this article and am particularly interested in Core IIS Serverside redirects.

    When do you plan to update this?

    Could you please point me to some other resources in the meantime as I need to configure an installation just now.

    Rahul (rahulkorlipara@gmail.com)

  • Anonymous
    August 14, 2005
    ISAPI Rewrite would be an example of a commercial implementation of an ISAPI Filter that does Server-Side Redirection and Server-Side Forwarding.

    http://www.isapirewrite.com

    Now, I do not plan on disturbing anyone's business model with my blog entry samples. I am only going to show the basics of how things work and help those that are curious.

    //David

  • Anonymous
    August 15, 2005
    URL Rewrite for MS IIS
    http://www.smalig.com/url_rewrite/

  • Anonymous
    October 27, 2005
    You know,

    Usually "how to's" are articles that show "how to" actually do something. Yours is sort of a let's define the terminology around the "how to" in question.

    I've already spent about an hour bumming around the web looking for a redirect in the following simple situation.

    I have lots of domain names. My business model calls for just a few (3) websites (the "Big Three") which cover everything I'm interested in. I would like to have it set up so that the cheapo businesscard domains (not the "Big Three") have a "click to enter" spot. That "click to enter" causes their browser to go to one of my "Big Three." When their browser arrives there, I want the local client side html code to note which cheapo businesscard site they came from, and to automatuically redirect them to the appropriate subdirectory. Is that really so difficult ?

    I enjoyed your somewhat pompous but thorough layout of the problems of redirection, although it did not seem to cover this possibility. I was told that this was do-able. Is it not do-able on a IIS, even if I wish to buy a solution ? If it is buyable, where or how should I look for this snippet of code ??

    thanks,

    Doug Keachie

  • Anonymous
    October 27, 2005
    The comment has been removed

  • Anonymous
    October 28, 2005
    OK,

    As it turns out, and cannot make a "Click to Enter" button on the business card site. I'll literally have to instruct them there on how to cut and paste the addy into their browser bar.

    "Please highlite the following address, then copy it (CTRL-C), and then find the address bar in your browser, and paste it there (CTRL-v) to see complete details."

    http//:www.swland.org


    I could of course add on all the subdirectory information at this point, for each instance, but it would look "complicated" or "tricky" (dangerous) and so I'm hoping to send them immediately to the appropriate subdir when they hit the main site, www.swland.org, based on the business card site of origin.

    Is this possible to do this redirection with client side html or other code that is pretty much universally recognized ? I'll settle for just Windows compatible, if necessary.

    thanks,

    Doug

  • Anonymous
    October 28, 2005
    How to redirect 401.1 using IIS? It used to work but have recently heard it doesn't in some new release configurations, apparently some kind of security lockdown default? Others eg 401.3 redirect fine.

  • Anonymous
    October 31, 2005
    Paul - please define the type of redirection you wanted to accomplish for 401.1, noting that the only ways for you to know a 401.1 happened are:
    1. FILE type CustomError of 401.1 is sent
    2. SF_NOTIFY_ACCESS_DENIED ISAPI filter

    And neither allow any sort of server-side redirection.

    Plus, 401.1 means that IIS does not have a valid user token to use for request proceossing, so Server-side redirection/forwarding cannot reasonably expect to work.

    So, please clarify what you are asking.

    //David

  • Anonymous
    October 31, 2005
    Doug - I still do not understand why you insist on doing things your way because it doesn't seem easy nor does it seem to work. You do not want people to copy/paste anything (in general, you cannot expect users to do the right thing much less follow instructions).

    I see no reason why you cannot implement something platform agnostic and that works for all browsers given what I had described earlier, and you have not given a reason why it does not work.

    I certainly cannot do it for you; I will only tell you it is very possible and very easy. Whether you do it that way, that is up to you.

    //David

  • Anonymous
    November 01, 2005
    Do you happen to know how to setup a redirect (IIS 6) for the 503 service unavailable message? I figured it would be in the IIS settings but i don't see anything. What i want to do is redirect users to a page saying 'connection limit' reached. Something a little more informative than the default message. I've been looking all day and can't find any details on this. Any help would be appreciated.

  • Anonymous
    November 01, 2005
    Aaron - What you are asking for is not exactly a redirect.

    The 503 Service Unavailable message is actually sent by HTTP.SYS when the Application Pool is disabled and cannot be customized.

    HTTP.SYS sends the pre-canned 503 message because the associated Application Pool configured to handled that request is disabled, so it cannot send requests to IIS6 w3wp.exe and hence HTTP.SYS sends the 503 response instead.

    //David

  • Anonymous
    November 08, 2005
    This is am open source version: http://www.iismods.com/

  • Anonymous
    December 13, 2005
    I have the situation to use the Server Side Forwarding or Proxy.
    I want my main IIS with and SSL certificate to handle and redirect to another IIS, but that all communications gets done with my main IIS in the middle.

    Comments and or code are welcomed.

  • Anonymous
    December 23, 2005
    I appreciate that you keep your site going and allow comments. To me feedback is an interesting part of a website... Your site is a very great website and I make your site for my homepage!.

  • Anonymous
    January 07, 2006
    David, can you please clarify is this issue is a policy or a bug in IIS6?
    http://tinyurl.com/chmjd

    Since IIS6 does not preserve POST verb it kills ASP.NET postback via 40x redirect URL.

  • Anonymous
    February 13, 2006
    see http://pooling.info The URL Redirection service

  • Anonymous
    February 13, 2006
    Thanks a bunch David.  My URL IIS rewrite filter stopped working when I moved to Server 2003 due to the worker process isolation mode not supporting the SF_NOTIFY_READ_RAW_DATA event.  Your suggestion to use the SetHeader("url") function in the SF_NOTIFY_PREPROC_HEADERS event worked perfectly.  In fact it is a better approach than my original design.

    Thanks again.

    Trevor

  • Anonymous
    February 19, 2006
    Hi, David,

    I am wondering how to rewrite the http://www.polloo.com/namelist.asp/name=daivd to http://www.polloo.com/david

    Could I wirte the script with asp only to impletment it? And how to?

    Thank you

    Chen

  • Anonymous
    February 21, 2006
    Chen - what sort of URL redirection do you want to perform? Client-side redirection? Server-side redirection? Please classify it according to the taxonomy I provided to describe your problem and locate possible solution routes.

    //David

  • Anonymous
    February 27, 2006
    Hi, David,
    Could you tell me how to force HTTP requests to HTTPS/SSL, and Force HTTPS/SSL requests to HTTP?
    Thank you

  • Anonymous
    March 01, 2006
    Hi David.

    When using the option of:

    'Client-Side Redirection - The server sends a "302 Redirect" response with a Location: header containing the new URL, and the client makes another request to the new URL'

    How do you make sure that the client will request the new URL Automatically?
    Where can I find a sample code for this option?

    Thanks
    Eyal.

  • Anonymous
    March 01, 2006
    Eyal - it is not possible to make sure that the client will request the new URL automatically.

    This is HTTP. The server cannot control what the client does outside of sending it a response. The HTTP specification does not say that the client has to redirect automatically.

    Thus, the server can only give the client hints such as "this is a 302 redirection; here is the address at the Location: header". The client can choose to ignore the Location: header and/or pop up a dialog if it wants to - such as when a POST is redirected.

    Client-Side redirection can be performed without writing code. It all depends on what you want to do.

    //David

  • Anonymous
    March 04, 2006
    I don’t believe I see an answer to this scenario #3 Server-Side Forwarding - The server transparently rewrites the request URL to another URL which does NOT remain on the same website as the original. Note the new website can be on another machine, but not necessarily.

    I’m splitting my site and need to forward links that come to me formatted like this:

    http://oldURL.com/oldFolder/showlist.asp?type=2&owner=67

    They need to be redirected to:

    http://newURL.com/newFolder/showlist.asp?type=2&owner=67  

    how might this be done using IIS, asp or any combination of either?

  • Anonymous
    March 04, 2006
    Dean - Server-Side Forwarding is when newURL.com is NEVER visible to the user even though it does the work on behalf of oldURL.com.

    If newURL.com is supposed to be visible to the user, then this is best done as a Client-Side Redirection using simple 302.

    //david

  • Anonymous
    March 06, 2006
    hi, David,

    Thank you for your reply.

    I don't understand what do you mean the client-side or server-side. I rent a space but I have no operate right to the server. I can only write some asp script to the server. And I know for Aparch server there is a rewrite url modul to do that, and there are IIS rewrite program to do that on the server. But these both don't fit for me.

    Do I clear state the question?

  • Anonymous
    March 06, 2006
    Chen - By client-side or server-side, I mean:

    When the client makes a request to:
    http://www.polloo.com/namelist.asp/name=daivd

    Do you want the URL bar in the browser to say:
    1. http://www.polloo.com/namelist.asp/name=daivd
    OR
    2. http://www.polloo.com/david

    If you want the browser to say #1 then you use server-side redirection. If you want the browser to say #2 then you use client-side redirection.

    After you determined what sort of redirection you want to do, you can look through the above index I laid out on how to accomplish the task using the technology and server control you have.

    //David

  • Anonymous
    March 08, 2006
    The comment has been removed

  • Anonymous
    March 08, 2006
    Erlend - Can you give the exact request you sent? As well as IIS version.

    Try using WFetch from http://www.microsoft.com/windowsserver2003/iis/diagnostictools/default.mspx to make test requests and see what actually gets returned. I do not trust using the browser to debug issues when an ISAPI is involved because ISAPI can have arbitrary behavior that confuse browsers. You need a dumb client like WFetch so that you know what is really going on.

    I presume you are talking about the URLs that require courtesy redirects - i.e. http://server/vdir where /vdir exists as a folder. In those cases IIS will automatically send back a 302 redirection to http://server/vdir/ , which the browser transparently follows. However, ISAPI Filter sees both requests to http://server/vdir and http://server/vdir/ , so it should be able to rewrite.

    I do not know of any situations where IIS will send a response without first calling SF_NOTIFY_PREPROC_HEADERS (which is what you are claiming)... unless you send a response from SF_NOTIFY_READ_RAW_DATA, but that is ultra-gross.

    //David

  • Anonymous
    March 09, 2006
    Hi David,

    Thanks for your great article!

    Currently I need to redirect http://server_name/virtual_directory_name/subfolder1/. to http://server_name/virtual_directory_name/subfolder2/handler.aspx?filename=.

    How to achieve that in IIS? Thank you.

  • Anonymous
    March 09, 2006
    Lei - Please read my earlier comment to Chen. It is not clear what sort of redirection you want.

    //David

  • Anonymous
    March 09, 2006
    Hi David,

    I think I was being alittle unclear. I'm running IIS6 btw.

    I'm changing the url through SF_NOTIFY_PREPROC_HEADERS and it always gets called. The problem is that on the first call from a browser (I'll try with WFetch but haven't had time yet) IIS sends a 302 back to the browser as a result of my changing the url, but on all subsequent calls the request gets processed like I want it to. I do suspect now though that this could be a single server issue (and might have to do with something being incorrectly installed) because I have tried it on two different servers today and I do not see the same problem.

    Thanks for you input.

    //Erlend

  • Anonymous
    March 09, 2006
    Hi David,

    Thank you for your reply!

    I think I need server-side redirection. Actually, I want all user request from http://server_name/virtual_directory_name/map/. to be redirected to http://server_name/virtual_directory_name/main/handler.aspx?filename=.. Thus, I could use a single file handler.aspx.cs to handle all request from subfolder "map" of the virtual directory.

    How to implement this in IIS? My IIS version is 5.1. Thanks!

    //Lei

  • Anonymous
    March 09, 2006
    Erlend - I do not see anything wrong with IIS sending back a 302 as a result of your changing the URL.

    Expected behavior depends on the exact URL that was actually processed, IIS configuration for the URL that got processed, Filesystem configuration, and any behavior-modifying ISAPIs configured on the server.

    //David

  • Anonymous
    March 09, 2006
    Lei - Please read my earlier comment to Chen.

    Do you want the user to see:
    http://server_name/virtual_directory_name/main/handler.aspx?filename=..

    in their browser's Address/URL/Location bar.

    //David

  • Anonymous
    March 10, 2006
    Hi David,

    I want the user to see: http://server_name/virtual_directory_name/map/. Thus, I think I need server-side redirection. So How to implement?

    Thanks!

    //Lei

  • Anonymous
    March 10, 2006
    Lei - ISAPI Filter.

    I have not filled in that index with links, so you can either:
    1. Figure it out (not terribly hard)
    2. Piece it together from my various ISAPI Filter code samples
    3. Obtain an ISAPI Filter from another vendor for fee (www.isapirewrite.com) or free (www.iismods.com)
    4. Wait for sample code

    //David

  • Anonymous
    March 14, 2006
    Hi David,

    Thank you for your reply!

    When I locate the subfolder of the virtual directory in IIS, I also can use "redirect to a URL" option to achieve the goal. So I wonder what's the difference between configure this in IIS and using ISAPI filter?

    By the way, I miss one point in my previous post. I want to redirect all requests to a subfolder to a single .aspx file except a file like a.aspx in that subfolder. Is this possible using ISAPI filter? Could you direct me some reference links about coding ISAPI filter?

    Really thanks for your solution!

    //Lei

  • Anonymous
    March 14, 2006
    Lei - The difference, as I mentioned earlier, is that:
    1. the UI configuration of "IIS Core (no code) - HttpRedirect ", is only Client-Side Redirection
    2. while ISAPI filter can be anything you want (notice that ISAPI Filter is under all three categories) - you just need to write the code

    MSDN contains documentation about ISAPI Filter API, how it works conceptually, and how to use it. This blog also contains lots of information and sample code to do various useful things. You also need to know how to code custom logic like "redirect all requests to a single .aspx file except a file like a.aspx in that subfolder".

    //David

  • Anonymous
    March 22, 2006
    The comment has been removed

  • Anonymous
    April 06, 2006
    Thanks for a good article!

    I want the users to see "user.domain.com"
    in their browser's Address/URL/Location bar.

    The real system will be like this:  
    www.domain.com/folder/user/

    The reason I want this is to make it look more pretty.

    Thanks for any reply.

  • Anonymous
    April 09, 2006
    The comment has been removed

  • Anonymous
    April 13, 2006
    Hooray, another 10K entry. Been waiting for this for a while now.

    //David

  • Anonymous
    April 14, 2006
    Hi David,

    I want users to be redirected to and see the following in their browers:
    http://www.bluehilldata.com/about/

    The old file resides at:
    http://www.bluehilldata.com/about.html

    If I understand correctly, this would be a client-side redirect.  Is there a way to accomplish said redirect on IIS in a manner analogous to Apache's .htaccess redirect?  That is, can I create a single file in which multiple redirects are defined, without actually maintaining the old files (i.e., about.html) in the root directory?

    Thanks in advance for your help,
     Mark

  • Anonymous
    April 14, 2006
    Mark - sure. In the blog entry, I listed FIVE ways that you can do this on IIS, from declarative configuration analogous to Apache's custom module configuration in .htaccess all the way through customization through code.

    To what degree of flexibility do you want?

    For example, the built-in HttpRedirect functionality in IIS can handle this. Or you can use HttpErrors to catch the file-not-found. Or write your own configurable ISAPI Filter or ISAPI Extension.

    //David

  • Anonymous
    April 16, 2006
    url  update

  • Anonymous
    April 16, 2006
    ok

  • Anonymous
    April 16, 2006
    David,

    Thanks for the reply.  Sorry if I seem a little dense; I'm not a server administrator, but rather an (amateur) web designer.

    I have about 10 HTML pages that have been relocated, and I'd like to create a single, .htaccess-like file to handle these redirects.  Because I don't have the ability to change any of the IIS settings, the file has to be something I can FTP to the server.

    Any suggestions?

    Thanks again,
     Mark

  • Anonymous
    April 16, 2006
    Mark - Redirection settings are IIS configuration changes which can only be done as server administrator, so you cannot do what you want in the way you want.

    What you are asking for is "delegated administration of server configuration", something that Apache loosely offers with .htaccess files. Existing IIS versions do not work like that. IIS7 will support the sort of delegated administration you want in the way you ask (xcopy deploy application+server configuration as files).

    Thus, for the time being, you will need to maintain old stub files to serve as meta-redirect to the new files.

    //David

  • Anonymous
    April 27, 2006
    The comment has been removed

  • Anonymous
    April 27, 2006
    Ty - What you want to do is best done with Microsoft ISA Server (firewall + reverse proxy + forward proxy). It is designed to properly resolve and securely re-route network traffic between multiple network segments at the right networking layer. While you CAN do those tasks with a web server, you should not - and that is why Microsoft does not supply it. Just because many people like to do something does not make it "right"; it only means it is popular.

    The lone Apache running mod_proxy and mod_forwarder is basically poor-man's implementation of ISA. It "works", sorta, but it has major problems such as:
    1. It is level 6/7 routing - inefficient networking
    2. It is level 6/7 routing - effectively considered a middle-man attack against most every security protocol such as SSL, SSL Client Certificate, or Kerberos

    In other words, the model you describe primarily works for the anonymous, insecure web - like mass web hosting, company web presence, toy authentication schemes like Basic, Digest, or custom cookie auth supported by Apache, etc.

    If you want to build secure applications to make financial transactions, that entire infrastructure really does not work. What you end up doing is either settling for a weaker authentication solution that "works" but you pray you never get attacked, or you re-invent Kerberos and re-implement it.

    I will put it this way - everytime you use or build a custom authentication / authorization scheme, it is probably less secure than what is offered for free in Microsoft Windows. Most of the time, custom authentication protocol gets "invented" because the author did not understand existing open standards and brazenly thinks he is good enough. This is why I trust the open standards like Kerberos and SSL. I do not trust random custom authentication scheme...

    //David

  • Anonymous
    May 01, 2006
    Thanks David. I'm now looking into ISA. Is this a widely used architecture in the industry? In other words, do folks commonly implement and deploy 2- and 3-tier architectures using ISA/IIS/DB? Is it done primarily for security or performance, or both?

  • Anonymous
    May 02, 2006
    The comment has been removed

  • Anonymous
    May 02, 2006
    David, it's great that are love Microsoft so much, but when you say "While you CAN do those tasks with a web server, you should not - and that is why Microsoft does not supply it." - it seems laughable that Microsoft is finally doing just that in their IIS 7.0 Beta.

    http://technet2.microsoft.com/WindowsServer/en/Library/934bf23a-6e23-49f7-8c66-5e598fc959ad1033.mspx

    Considering how easy it is, it is pretty pathetic that it took them 7 major versions to get in there...

  • Anonymous
    May 02, 2006
    The comment has been removed

  • Anonymous
    May 03, 2006
    David, people use IIS because they are locked into using a Microsoft solution for everything. If IIS was a stand alone product from a stand alone company it would have died a quiet death years ago.

  • Anonymous
    May 03, 2006
    frank - thanks for finally agreeing with my point. If IIS was stand alone and treated as a product by Microsoft it probably would have changed long ago, too.

    //David

  • Anonymous
    May 03, 2006
    The comment has been removed

  • Anonymous
    May 03, 2006
    frank - ... thanks.

    However, it sounds like you are just talking rhetoric because if you've even seen/used IIS5 and IIS6, you should immediately know that IIS6 is already the engineering rewrite you talk about. IIS7 is merely the refactoring of that rewrite into a completely open, modular, and componentized architecture (itself a huge undertaking).

    IIS6 is already very well received and very easy to adopt. Marketing/Evangelism have very little problems with IIS6, so you will start seeing big market share movements (check out the last six months of Netcraft for world-wide "market share"). It is mostly irrational customer resistance that make it interesting.

    And if it is not obvious already, IIS7 will be a classic "embrace and extend" aimed right at the big design flaws inherent in Apache due to its quest to be cross-platform.

    Yup, it will be fun to have competition, and the best part is that the customer will win. Hard for you to argue against that. ;-)

    //David

  • Anonymous
    May 05, 2006
    David, I have a situation where I have one main website that serves content for multiple data-driven websites. These little websites each have their own domain name. I want to do the following:

    when a user types in mysite.com, have their browser show:
    http://www.mysite.com

    but the content will actually come from www.mybigsite.com?siteid=23

    Can you tell me how to achieve this with IIS 6/WIN2k3 ?

    Thanks,
    Aaron

  • Anonymous
    May 05, 2006
    David, I have a situation where I have one main website that serves content for multiple data-driven websites. These little websites each have their own domain name. I want to do the following:

    when a user types in mysite.com, have their browser show:
    http://www.mysite.com

    but the content will actually come from www.mybigsite.com?siteid=23

    Can you tell me how to achieve this with IIS 6/WIN2k3 ?

    Thanks,
    Aaron
    (aaronmurray   @   msn.com) can you email me when you post a reply? Thanks

  • Anonymous
    May 12, 2006
    The comment has been removed

  • Anonymous
    May 15, 2006
    Hi David, Although I have read the entire article and new to .net I have the following question.
    I am trying to achieve a rewrite or whatever I can do to not change the url in the follwoing scenario.
    site resites at http://www.mysite.com/
    Have shared ssl space on
    https://ssl-shared.com
    When the user is on
    www.mysite.com/whateverpage
    I would like the site to bring in the page from the shared ssl and for the address to remain as is.  Can you shed some light
    Thanks

  • Anonymous
    May 15, 2006
    Just forgot to mention I have no control over the admin of the server, but can write code, so if the job can be done with .net it would be brilliant.

  • Anonymous
    June 07, 2006
    Another option for a free IIS mod_rewrite type thing - http://cheeso.members.winisp.net/IIRF.aspx .
    It does regular expressions, works with IIS5 or IIS6, includes RewriteCond, and does redirects.

  • Anonymous
    June 12, 2006
    For a planned outage, I need to redirect 15 SSL sites to 1 non-SLL site.  How do I redirect SSL to Non-SSL?  

    THANK YOU!

  • Anonymous
    June 12, 2006
    The comment has been removed

  • Anonymous
    August 05, 2006
    David - Great article. I think I'm closer to understanding all the redirections.

    I'm assuming this is server side redirection. This is for sharepoint.

    The orginal address is: http://www.server.com/sites/user

    To make it easier for users I'd like to have: http://user1.server.com and be redirected to the original address.

    This is just for ease of use. Once redirected they can see the original address.

    I saw your reply to Stian for hosters. Is that what I would use or is there a easier way for me?

    Thanks!

  • Anonymous
    August 09, 2006
    Am I missing something or is there absolutly nothing on your site that actually describes how to do any of these redirection techniques?

  • Anonymous
    August 09, 2006
    djs - yeah, I have not gotten around to fleshing out this index entry with example configurations and code samples.

    I have just provided the taxonomy to categorize and cover this problem space so that people can commonly communicate solutions. On its own, it is already sufficient enough to help many people identify/resolve their issue.

    I may come back to flesh out some parts of this problem space, but I will not provide/support coded solutions. Only sample, illustrative code.

    //David

  • Anonymous
    August 27, 2006
    David,

    I want to redirect the http request from IIS6 to 10g server.(http request means jsp and oracle forms from IIS.client request for jsp and oracle but it needs to redirect to 10g AS.)

  • Anonymous
    August 27, 2006
    Amit - can you clarify the exact type of redirection that you want, based on the classification outlined in this blog entry?

    //David

  • Anonymous
    August 30, 2006
    Hi David,

    I want to redirect to a local IP address in my LAN network connected to the machine running IIS so that externally I can access the internal IP address of LAN.


    -Suhas

  • Anonymous
    September 09, 2006
    Hey David,

    No questions from me, just wanted to say good work on the post. Was very informative, helped clarify a lot of things and pointed me in the right direction. Needless to say, thanks to your post I got my reverse proxy configuration sorted with everything up and running the way it should.

    Many thanks,
    -Eamon

  • Anonymous
    September 28, 2006
    Hi,

    I have a subdomain in a website. I kinda got it for free. now I also have a free webhosting and I want to forward any requests made to my subdomain to my webhost. eg:

    http://myname.srv1.com/paul/about.html
    this would display the http://mynamesrv.com/paul/about.hml
    but the url would not change.

    The problem is I dont have access to their IIS configuraion. Al I can do is upload a file to it. So could I do this using thje web.config mod?

  • Anonymous
    September 29, 2006
    Paul - I am guessing that your old hoster supports aspasp.net, so in your global.asa, read the original url(/paul/about.html), modify it to http://mynamesrv.com/paul/about.html  and do a response.redirect. This will let the client (say, IE) know that the url has now changed to http://mynamesrv.com/paul/about.html and it automatically requests the new url seemlessly.

  • Anonymous
    June 08, 2007
    Here is a question that has caused me a lot of sleepless hours already. First - some background: I have a "replicated" site - in effect, it's a database-driven app that displays different contact information depending on the URL that was entered.  So for example, when I enter "www.mydomain.com/Alexey" the page that will be brought up will have my contact info.  However, what makes this site "replicated" is the fact that virtual directory "alexey" does not in fact exist within the site.  The 404 error is configured in IIS to redirect to a custom handler that parses the URL, uses the dummy virtual directory to do a database lookup, places some info in session variables and then builds the real URL based on this information retrieved from the database (the real URL may look someting like "www.mydomain.com/sites/11/areas/1/default.aspx?myVar=5", where all the numeric portions are values that came back from DB, and those ARE real virtual directories) Now - the Question: I want to be able to maintain that pretty (but nonexistent!) "www.mydomain.com/Alexey" URL throughout the users browsing of the site.  Whether or not actual page names appear at the end of it is immaterial - the main thing I care about is that the main portion of the URL does not change into that long and convoluted one.  This would be an example of Server Redirect, but I am having difficulty getting it to work with non-existent virtual directories.  Can you offer any advice?

  • Anonymous
    June 08, 2007
    Oh, and something I forgot to mention - these database entries are created dynamically as users sign up on the site, so I never know at any given point what "dummy" virtual directory may exist in my database.  There could be hundreds, even thousands, and it is not feasible for me to maintain any kind of a config file (like most of the commercial URL rewrites seem to require).  I need for this functionality to work "on-the-fly", preferably something I can call from the code-behind .VB file of my app.

  • Anonymous
    June 23, 2007
    The comment has been removed

  • Anonymous
    July 03, 2007
    David, I have an web app that shows in a frame ASP.NET 1.1 pages. The web app is used from outside our internal network so it goes through the firewall. In order to call an aspx page I have to redirect from app to something like: www.blablabla.com.au/vd1/mypage.aspx www.blablabla.com.au is mapped to our web site (IIS 6.0) using port 1004, and vd1 is a virtual directory under the web site and this is where the mypage.aspx sits. All worked fine up to now, and still work as long the new pages we create are in ASP.NET 1.1. I developed a page in ASP.NET 2.0 and put it in vd1 as mynewpage.aspx. It works but some things failed to work (session is lost, AJAX not working properly...) so I decided to create a new web site on same web server, let's say myws and then deployed my page there. All fine it works perfect, but now I can't access the page from main app because www.blablabla.com.au points to the old web site and obviously the page can't be found there. Now comes the question. How can I keep my new aspx page on my new web site and do a redirect to this web site when page is called from client.

  • Anonymous
    August 07, 2007
    David, I'm interested in the server-side redirection using the IIS "Core" (no code involved) - IIsWebFile and ScriptMaps technique. I believe you use the IIsWebFile to set up default file handling and then add the ScriptMap property to route all the traffic to some dll to do the redirection. I don't understand what .dll to use for the script processor.  Is it aspnet_isapi.dll?  How do I tell it the target server and port? The larger goal is this: http://publicserver/mymap must transparently redirect incoming requests to: http://privatedomain.mymapserver:?80?/ --Brad

  • Anonymous
    August 07, 2007
    Brad - I do not see how your goal is Server-Side Redirection. You want to rewrite URLs between two different websites, which is Server-Side Forwarding. //David

  • Anonymous
    August 08, 2007
    David, Per your taxonomy: "Server-Side Redirection  - The server transparently rewrites the request URL to another URL which remains on the same website as the original." If I understand what you mean by "remains on the same website as the original" as the URL in the address bar does not change, then this is what I want. Let me rephrase the proposition this as: http://publicserver.com:mapport#/mymap must transparently redirect incoming requests to: http://privatedomain.internaldns.mymapserver:?80?/ and the user and more importantly, his browser, must still believe he is on: http://publicserver:mapport#/mymap I believe the laypersons lingo for what I'm trying to do is "reverse proxy" where the proxy device is the only device with a public ip address and direct access to the outside internet -- and it also contains an private ip address on our internal network and can act as a sort of bridge. Granted, I'm not a taxonomist, and I'm new to isapi extensions and filters and web server and tcpip configuration on any platform.  If you can point me to learning resources, I will refrain from re-asking questions here which may be better suited to another forum. After rescanning the post history I see you've responded to "stian" in April 2006 which may contain some information that I have missed.  I will continue digging. --brad

  • Anonymous
    August 28, 2007
    i'm thinking of doing server-side forwarding, basically: portal.mycompany.net/1234 -> apps.mycompany.net (on a different machine), where the client still sees "portal.mycompany.net/1234" these sites are behind ISA, do i need to publish apps.mycompany.net or will the portal.mycompany.net publishing rule will suffice? i have yet to start this, so i'm open for suggestions and changes, the goal is that the client access our portal site and click on a link inside it that will redirect them to our apps site without knowing so, meaning the url is still the portal site link (e.g. portal.mycompany.net/1234)

  • Anonymous
    August 29, 2007
    The comment has been removed

  • Anonymous
    August 30, 2007
    I'd like to accomplish something similar to Myspace's vanity url. i.e. www.thissite.com/username. I'd like for users to use a vanity url to access thier dynamically generated web page without changing the url in the browser. When a user requests the page www.thissite.com/username, I need to run some code that will parse the username (I guess using GET or similar), match the username to a database entry that holds specific information about that user's page (myspace) and build the corresponding HTML. Is this possible with a ISAPI filter?

  • Anonymous
    September 25, 2007
    So how do you do it?  I want to map http://domain.com/file.pdf to http://domain.com/my_fancy.asp That is easy to do in java but how do you do it in IIS 4?

  • Anonymous
    September 27, 2007
    Here is another way to Redirect www to non www version of site Options +FollowSymLinks RewriteEngine on RewriteCond %{HTTP_HOST} . RewriteCond %{HTTP_HOST} !^example.com RewriteRule (.*) http://example.com/$1 [R=301,L]

  • Anonymous
    October 16, 2007
    I have a domain called www.lomas21.es The real stuff is located in www.solicon.com.es/lomas21/. On the server www.lomas21.es is masked forwarded to www.solicon.com.es/lomas21/ Everything was working just fine... BUT... When I started to use AJAX it only works nice when the URL www.solicon.com.es/lomas21/ is used. From www.lomas21.es the nice AJAX interface does not work. It rewrites the whole page! To understand me: go to the URL´s and click "Cinturones" Can somebody give me the solucion? I am really lost for 2 weeks now...

  • Anonymous
    December 03, 2007
    David, For server-side redirection, can you talk to the choice of ISAPI filter versus ISAPI extension? Am I right in thinking that they are very similar but that the filter is site-wide whereas the extension can be different on different virtua directories within the site> Thanks for a great site.

  • Anonymous
    December 06, 2007
    Hi David, Currently working with CMS which also implements isapi filters. My problem is this: cms has a little bug, if you put yout URL as http://server/cultures/en-us/site the request fails as there is no trailing / (should read http://server/cultures/en-us/site/ ) What i was thinking is creating a filter that adds the / if it was omitted. Then, add my filter above cms filter. I used getHeader, do my check and add a "/" if required, then setheader my new url. That part works, the problem is the site loads but cms filters werent applied (its almost that after my filter finishes it skips over the rest of the filters in the isapi list in iis.) Any ideas? iis 6. Thanks, Johan

  • Anonymous
    December 10, 2007
    The comment has been removed

  • Anonymous
    December 10, 2007
    The comment has been removed

  • Anonymous
    December 27, 2007
    For all redirection and url rewriting stuff, I use IIS Mod-Rewrite http://www.micronovae.com/ModRewrite/ModRewrite.html It's a must have tool on every IIS server. But since it's compatible with Apache's mod_rewrite, I guess Microsoft will never adopt such Apache style functionality.

  • Anonymous
    December 30, 2007
    Josh - I'm not certain why you think that Microsoft will never adopt Apache style functionality. Microsoft is not obtuse to ignore good ideas -- remember "embrace and extend"? For example, IIS7 takes the best of Apache and improves on every aspect:

  • Completely customizable core request engine - similar to Apache. Complete modularity improves security, reliability, control.
  • Completely customizable, schematized, and performant distributed configuration system - better than Apache because it's good enough to be on-by-default, while no one turns on .htaccess if they cannot accept its performance penality
  • Completely customizable, extensible UI which plugs with the core and distributed config - superior to Apache without add-ons. Does IIS7 currently lack the breadth of modules of Apache? Absolutely. But IIS7 has all the right ingredients and support to surpass Apache, and all the Netcraft (etc) numbers support it. //David
  • Anonymous
    January 04, 2008
    Alot of reading here with no real answers

  • Anonymous
    January 05, 2008
    IT programmer - unfortunately, that is by-design. You can read my BIO for the details. There are plenty of people and places to swap code snippets or answers and you should go there if that is your intent. If you want to know how something works such that you can help yourself, this is the right forum because it is my intent to help you. If you just want quick answers to questions on how to do something to resolve an issue, sorry, that is not my intent and my blog will not be useful in that manner. //David

  • Anonymous
    January 09, 2008
    Good material, there is no school like old school.

  • Anonymous
    January 22, 2008
    Hi David, I'm a bit new to this re-direction game so please forgive me if I am bing a bit thick. I have a bit of a problem that I am hoping you might be able to help me with. We need to set up a Web Site in IIS with its own server certificate. I then need this sites to forward to a single internal URL. When we set up a helloworld.htm in the web site, and browse to it we can see that the certificate is being "presented" to the client browser. I thought that all we needed to do was create a default.asp to do a response.redirect to the internal web site and the client browser will be re-directed but will be presented with the certificate first, but that does not seem to be the case. Is there a simple way to redirect to an internal http page from an Https external page with the certificate still being presented to the client? Paul We have a site that a company wishes to use, however out site is developed for a number of customers. The site is the same, but the company wishing We are hosting an ebXML message handler for a number of companies which are all communicating with one single company.

  • Anonymous
    January 22, 2008
    Hi David, Please ignore the ramblings at the bottom of the last post, bit of a cut and paste crisis Paul

  • Anonymous
    January 24, 2008
    The comment has been removed

  • Anonymous
    January 26, 2008
    Paul B - You should use ISA Server 2006 for this task. It will do SSL Endpoint termination and HTTP routing. You want to do "Server Side Forwarding" (SSL is irrelevant to the discussion since it happens before HTTP, which is where the redirection happens). That requires a reverse proxy add-on module. You tried "Client Side Redirection" with response.Redirect //David

  • Anonymous
    January 26, 2008
    Arijit - the ISAPI Filter is part of the hosting solution. You will not find a link to just download. //David

  • Anonymous
    February 04, 2008
    Hi David, Thanks for allowing me to ask a question. On my IIS webserver, sometimes the IP address is displayed in the URL, i.e. http://100.100.100.100/dir instead of http://www.domain.com/dir. Is it possible to have some re-write on this, or do the re-writes normally exclude the domain part of the URL. Many thanks in advance for any advice you can offer. Gary

  • Anonymous
    February 06, 2008
    Hi David, Thanks for the reply but I don't think we can use ISA Server 2006. We have one IP address, which I need to share between a number of our customers, each of which have their own certificate. You can only set up an ISA Server Web listener to listen on one IP address (unless you know different), and we have a domain name, e.g. https://www.mymainDomain.com pointing to that IP address. I believe you can only have one certificate for each listener. Because of this limitation, we thought that for each customer they can put their company name at the end of the URL, e.g. https://www.MyMainDomain.com/company1, www.MyMainDomain.com/company2, ...etc, and we have set up an SSL tunelling rule to pass requests stright to our IIS. IIS will have a seperate web site in IIS each with their own certificate so that the supplier is presented with the correct certificate for the customer (we have tested this and this seems to work). Each of these URLs then need to be forwarded on the server side to another single internal URL, e.g. http:\internalserverAnotherWebPage, but we want the customer not to see this URL, as far as they are concerned we need them to think they are POSTing to https://www.MyMainDomain.com/company1. Its the forwarding the request to the internal site that we are stuck on Is it possible to do this? Paul

  • Anonymous
    February 18, 2008
    The comment has been removed

  • Anonymous
    February 18, 2008
    The comment has been removed

  • Anonymous
    February 20, 2008
    Paul B - You want Server Side Forwarding, which is certainly possible on IIS but you will have to purchase or find an ISAPI Filter to do it. I do not believe your scheme to multiplex multiple SSL Certificates over one external IP/Port works. Certainly not for certificates that look like companyA.com and companyB.com. It can work for certificates that look like companyA.MyMainDomain.com and companyB.MyMainDomain.com The "Magic" is in your tunnel rule that appears to magically know to route https://www.MyMainDomain/company1 traffic to an internal IIS website with its own SSL certificate for company1. Tell me how can the tunnel figure out the URL to tunnel SSL traffic to the correct IIS website when it is encrypted? And if it doesn't figure out the URL, IIS certainly has no way to figure out which website (and server certificate) is supposed to be used. Anyways, you can use ISA Server in place of the internal IIS server to do the reverse proxying task that you wan. //David

  • Anonymous
    February 20, 2008
    The comment has been removed

  • Anonymous
    March 06, 2008
    David, I am your alter-ego looking for a point in the right direction.  I've done hardware for many years and plenty of admin, but coding is "magic." I'm tryin' tho.   In short, I've got an IIS server and an edge server on one subnet and Exchange 2007 (hub, mailbox, CAS) on another.  As I understand your article, I need Server-Side Forwarding, but I've never done it before and don't know where to begin. Any references you'd like to share?   I hope it will lead to a better understanding of your other articles. . . Thanks, Dave

  • Anonymous
    March 11, 2008
    Thanks for your guide but... sorry I can't resist: "Actually, Apache "core" does NOT perform ANY sort of redirection. You need to install and configure add-on modules like mod_redirect to get Client-Side Redirection, mod_rewrite to get Server-Side Redirection, and mod_proxy to get Server-Side Forwarding. So, the ability to redirect is NOT built-in" Apache on ubuntu linux:

  1. open terminal
  2. write: sudo a2enmod rewrite
  3. mod rewrite installed and working No more than 10 seconds. And as far as I know, software modularity is an advantage, instead of a disadvantage. Come on David, I believe you can find a better way to defend iis against apache.
  • Anonymous
    March 13, 2008
    ken - actually, I am not saying anything about modularity nor "defending" My point is simple -- if you want to compare two web servers, compare apples to apples. People tend to treat mod_rewrite, mod_proxy, etc as indistinguishable and fundamental part of Apache when you and I know that they are simply add-on modules which are often bundled together in various combinations on various distros. These same individuals then complain that IIS does not have mod_rewrite, mod_proxy, etc -- and thus Apache is superior. Uh, no... compare apples to apples. If you install add-on equivalent of mod_rewrite, mod_proxy, etc onto IIS, it is just as capable as Apache. Their argument holds no water, in my opinion. I compare IIS and Apache closer to how Apache core developers view the world -- web server core to web server core. And here's my fact -- I know that comparing IIS6 core to Apache 1.x core and 2.x cores, the comparison is a wash -- but IIS7 web server core just runs circles around apache 1.x and apache 2.x core. //David

  • Anonymous
    March 14, 2008
    Dave - think of another way to expose the CAS server to the other subnet. If they two subnets are truly supposed to be separated, use ISA Server 2006 to bridge them. If they are not supposed to be separated, then what's wrong with your network topology? //David

  • Anonymous
    March 25, 2008
    We have recently switched to a 'canned' web server, and now calls to the root (http://www.sitename.com) get redirected via 302 to http://www.sitename.com/dir/homepage.asp?Check=1.  Why is their server treating it as a 302 (and adding the 'Check' variable) and not just displaying the /dir/homepage.asp without rewriting the url?  Documents tab has dir/homepage.asp set as the 'default content page', and there are no ISAPI filters, no custom HTTP headers for the site.  There is a load balancer up front, but the results appear to be coming from IIS: Tested at 3/25/2008 6:11:35 PM / from 74.8.161.66: URL=http://www.sitename.com Result code: 302 (Found / Moved Temporarily) Date: Tue, 25 Mar 2008 18:11:36 GMT Server: Microsoft-IIS/6.0 Location: http://www.sitename.com/dir/default.asp?Check=1 Content-Length: 177 Content-Type: text/html Set-Cookie: ASPSES... Cache-Control: private New location: http://www.sitename.com/dir/default.asp?Check=1 URL=http://www.sitename.com/dir/default.asp?Check=1 Result code: 200 (OK / OK) Date: Tue, 25 Mar 2008 18:11:36 GMT Server: Microsoft-IIS/6.0 Content-Type: text/html Set-Cookie: ShopperID=D67... Cache-Control: private tia.

  • Anonymous
    April 18, 2008
    Gregg - No IIS feature ever adds the Check=1 querystring Thus, it looks like you are seeing 302 redirection made by custom code running on IIS. This is either from:

  1. Default Document at http://www.sitename.com
  2. *-scriptmap applicable at http://www.sitename.com/
  3. ISAPI Filter, either Global or per-website
  4. User-configured HttpRedirect at http://www.sitename.com/
  5. Networking layer between IIS and browser You will have to find the custom code and change its behavior. //David
  • Anonymous
    June 04, 2008
    http://en.wikipedia.org/wiki/Reverse_proxy has a great discussion about forwarding requests and includes recent links for products that serve the purpose (perhaps biased - it is missing ISA and ISAPIrewrite...).

  • Anonymous
    July 08, 2008
    "Where things differ is availability" uhhhhh - should it read: If its not available then its no use for the user?

  • Anonymous
    July 12, 2008
    Flank - Not really. I am pointing out that IIS is no less capable than Apache, including add-on behavior. The difference is the availability of the add-on -- Apache tends to be bundled with a bunch of different modules activated, whether you want it or not, while IIS comes locked down and requires choices that tend to require money in return for support. Both usage models have their suitable niche. The key difference is the availability of the add-on. //David

  • Anonymous
    July 15, 2008
    Hi David, cheers for your paper and posts. They have opened my eyes in the world of URL redirect. I have a location A (www.domain.com/virtual_directory) that I want to redirect to a location B (100.200.300.400/virtual_directory), and I do not want the end-user to see the IP, I want the user to see the location A in the address bar. While I am looking for the solution, I am doing clint-side redirect directly with IIS through it's core function "A redirection to an URL", but the problem is that the URL in the address bar shows the IP address that I redirected to from the location A. What I want to accomplish is a server-side redirect that when the end-user enters location A (www.domain.com/virtual_directory) the user is redirected to the location B (100.200.300.400/virtual_folder) located in another server, and keep the location A (www.domain.com/virtual_directory) in the address bar. Any help with this regard will be appreciated. Thanks in advance. Armando

  • Anonymous
    July 30, 2008
    Hi David. I'm new to IIS and found your post interested. I have been reading several sites to try to redirect site.com/page.asp?id=1 to www.site.com/page.asp?id=1 and have come to a stump. I want the user to see www.site.com/page.asp?id=1 in their address bar so I believe I need server-side redirection. I have been reading the MS support documents on setting redirection in the IIS to a website, but it doesn't redirect the "?id=1" portion of the url. I've tried the different syntax in the redirect $q $v etc, but none of it works. for example, with the redirect url of http://www.site.com$v$q if I submit site.com/page.asp?id=1 I will get the page http://www.site.com/page.asp?id=1/page.asp. If I leave out the syntax $v$q, then I just get http://www.site.com/page.asp. What am I missing? Could you point me in the right direction? I see my question is similar to Armando. I have also done what he had in IIS. Thanks, Sharlyne

  • Anonymous
    August 02, 2008
    The comment has been removed

  • Anonymous
    August 04, 2008
    Hi David .. I want to make a redirection like this the user request www..com/icon.aspx?m= he will get the file in url www..com/icon/.gif Is this possible ? And How? thanks>

  • Anonymous
    September 03, 2008
    Microsoft should  make it easy to redirect HTTP to HTTPS in IIS Apache has done it many years ago.

  • Anonymous
    September 15, 2008
    "Get ready for this index to be updated with links..." OK, it's 3 years later and you haven't updated the links. Too bad, it would have been a helpful article.

  • Anonymous
    September 17, 2008
    BK - Sorry. I just ran out of time since publishing the blog entry. I have a lot of other, often competing interests. You may want to spend a little more time and figure it out because the clues are everywhere. //David

  • Anonymous
    September 17, 2008
    Hi David, We have two urls http://portal.k2.com/portal/server.pt and http://bizz1.k2.com/portal/server.pt being hosted from the same website or one virtual directory. When the user enters either the first url or second url we need to prepend portal/server.pt to the respective url and also change http mode to https mode when making the actual call. I guess this is a basic redirection using response.redirect but how to do this for two different url's for the same website (Same IP Address and same virtual folder name and actual folder content).  Greatly appreciate your wonderful input in this regard. IIS 6.0, Windows 2003. Thanks a lot for your time.

  • Anonymous
    September 23, 2008
    Can you update this article with a HOWTO on exposing http://internal via http://external (IIS) by SQUID?

  • Anonymous
    September 30, 2008
    I hope my comments do not go against the spirit of this post.   But I do have a question and maybe someone can help me as well.  There are many reason for redirecting or forwarding requests.  Each has its own tools: ARR for IIS 7 ISA ISAPI Rewrite lite and full (includes proxy module) Site and Virtual folder redirect Wild card redirect HTML meta tags etc The above is not meant to be a comprehensive list but illustrate the some of the tools that I've looked at.  I can't seem to find the right mix to solve my problem.  My issue is that I need

  1. ISA to filter the request  - web server publishing
  2. IIS_1 to server the static file - published site from ISA
  3. IIS_1 should forward dynamic content requests to IIS_2 - IIS_2 is invisible from ISA
  4. IIS_2 is the only server in the stack that has the .Net engine and can make DB connection There are several ways to classify N-tier application.  For my purpose, I say I need to have three tier app: ISA, IIS1, IIS2.  There is also a user and a DB cluster.  This is a generic .Net hosting env that we are building for all MS & .Net apps.  They way we plan to scale this env is by increasing the number of app servers (IIS_2 in this example) leaving the first to tier pretty constant.   Ok, if I had IIS7, I think I would be using ARR for this.  But I only have IIS 6 and I can't find a way to do this correctly.  This should be pretty much textbook stuff. But it seems everything I read just talks about redirecting request.  In contrast, I am looking to build a hierarchy to separate static and dynamic content to servers on different tiers. Those from the java world will probably recognize this as Apache with Websphere plug-in or iPlanet-Weblogic combo. Not only do the requests have to be hierarchical, but they also need to be application aware.  Meaning that session cookies, authentication, and etc have to be preserved and passed on through to the last server in the chain.  Oh, and I want to be able to do some end of month reporting and audit of the http logs. Anyone? Help?!
  • Anonymous
    September 30, 2008
    David, I am writing an ISAPI Filter where I redirect all user requests to a login page.  I am using the SetHeader() method to set the "url" header.  I am also creating another custom header that I intend to use in the login page.  This is working, but I have one problem.  I would like the address that appears in the login page address bar to be the actual login page address.  Currently, it is showing up as the address of the originally requested page. I tried solving this by doing a ServerSupportFunction("302 redirect"), in the ISAPI Filter, but that doesn't retain my custom header. Thanks, in advance, for any help you can provide.

  • Anonymous
    October 01, 2008
    rtait - You want the 302 redirect to transfer state (the value of the custom header) to the Login Page. Have the 302 Redirect send the value of the Custom Header as a querystring parameter to the Login Page. You cannot use Custom Headers to hide the value from the user because Browser is doing the redirect and browsers do not send custom headers. Depending on the redirect, you may be able to Set a Cookie with the value of the Custom Header and have the browser send the Cookie (since it belongs to the same Domain) to the Login Page. All other choices involve implementing custom protocol over XMLHTTP and is no longer HTTP itself. //David

  • Anonymous
    October 02, 2008
    David, Thanks for the info.  I understand your explanation. I really don't want to use a querystring. Can you elaborate on your idea regarding setting a cookie?  I did try setting the "cookie:" header, but like you said the browser is doing the redirect - so that doesn't work. Thanks gain.

  • Anonymous
    October 05, 2008
    rtait - From the server side, you should be using "Set-Cookie:" response header to set a cookie. Depending on the domain of the cookie being set, the browser may then choose to send the "Cookie:" header on its request to your redirected Login page. //David

  • Anonymous
    December 30, 2008
    David, can you answer prasad yalamanchili's question from September 18, 2008 2:58 AM, I have the same problem. Thanks! //Andre

  • Anonymous
    January 09, 2009
    Our organization has gone through a name change from domain A to domain B. We have an application (app1) that has always been accessed on https. I need to cut the application over to the domain B URL and want to know if there's a way to do the following redirect: https://app1.domainA.com to https://app1.domainB.com? Our users have the old https URL bookmarked as we never had a redirect for http:// setup. Obviously I want to minimize impact to the users and not have to depend upon them to update their bookmarks to be able to continue to access app1. Thanks, Brent

  • Anonymous
    January 09, 2009
    Brent - just set up HTTP Redirect on the website for app1.domainA.com to send redirection to https://app1.domainB.com HTTP Redirect supports other parameters on the redirection as well. Only thing that won't work is a POST request to app1.domainA.com - browsers will not transparently re-POST to app1.domainB.com You want to use HTTP 301 Permanent Redirection to transparently push the transition. Then, you can stop paying money to keep the domainA.com registered and a website running to redirect for it. //David

  • Anonymous
    January 16, 2009
    Hi David, I am new to this environment and need a little help. Currently we have several websites within our company, an advertisement has gone out without the www in front of our website. The business would like to modify our IIS to allow for both entries. One using the www.whatever.com and one using whatever.com.  I thought this would be easy enough... I've tried it two ways... ONE... I went into the IIS properties of the current website and added another host header name - website minus the www.   TWO... I tried adding another website called for example... whatever.com. once this was created I went into the properties and Home Directory - clicked "A redirection to a URL" and entered the full web address... including the www.. so I would have entered www.whatever.com... Neither one of these are working...  Do you have any ideas on what I am missing within these steps??? Any help would be greatly appreciated. Thanks so much CFC

  • Anonymous
    January 16, 2009
    The comment has been removed

  • Anonymous
    February 05, 2009
    The comment has been removed

  • Anonymous
    February 06, 2009
    This blog doesn't say anything about anything.  It has been going for three years and there is nothing in here.  It needs to be deleted so it doesn't show up on the search engines.

  • Anonymous
    February 10, 2009
    Hi David Our company web server is used to serve data through port 443 - SSL with a certificate installed and running fine - at https://companyname.com (443). http://companyname.com (80) on that same server is currently not serving pages. We would like to have a web site outside our company at http://companyname.net (not .com). Is it possible to redirect only port 80 traffic to a different IP address/web site? Any help would be appreciated. Thanks so much for a great article.

  • Anonymous
    March 17, 2009
    Great article ...very help contents....thanks buddy....you simply rocks...!!!!!!!!!

  • Anonymous
    March 23, 2009
    The comment has been removed

  • Anonymous
    June 24, 2009
    Hi I am trying to redirect a url   https://gscsmail.gscs.sk.ca/exchange to https://gscsmail.scs.sk.ca/exchange to avoid purchasing a 2nd cert the code I have will repoint to the new contect however the URL remains the same and I still get barked at by the cert. I am trying to get this to act like mod_rewrite in apache (you'd think MS would have a tool to do this) code: // REDIRECTOR.CPP - Implementation file for your Internet Server //    redirector Filter #include "stdafx.h" #include "redirector.h" /////////////////////////////////////////////////////////////////////// // The one and only CRedirectorFilter object CRedirectorFilter theFilter; /////////////////////////////////////////////////////////////////////// // CRedirectorFilter implementation CRedirectorFilter::CRedirectorFilter() { } CRedirectorFilter::~CRedirectorFilter() { } BOOL CRedirectorFilter::GetFilterVersion(PHTTP_FILTER_VERSION pVer) { // Call default implementation for initialization CHttpFilter::GetFilterVersion(pVer); // Clear the flags set by base class pVer->dwFlags &= ~SF_NOTIFY_ORDER_MASK; // Set the flags we are interested in pVer->dwFlags |= SF_NOTIFY_ORDER_HIGH | SF_NOTIFY_SECURE_PORT | SF_NOTIFY_NONSECURE_PORT | SF_NOTIFY_PREPROC_HEADERS | SF_NOTIFY_END_OF_NET_SESSION; // Load description string TCHAR sz[SF_MAX_FILTER_DESC_LEN+1]; ISAPIVERIFY(::LoadString(AfxGetResourceHandle(), IDS_FILTER, sz, SF_MAX_FILTER_DESC_LEN)); _tcscpy(pVer->lpszFilterDesc, sz); return TRUE; } DWORD CRedirectorFilter::OnPreprocHeaders(CHttpFilterContext* pCtxt, PHTTP_FILTER_PREPROC_HEADERS pHeaderInfo) { char buffer[256]; DWORD buffSize = sizeof(buffer); BOOL bHeader = pHeaderInfo->GetHeader(pCtxt->m_pFC, "url", buffer, &buffSize); CString urlString(buffer); urlString.MakeLower(); // for this exercise if (urlString.Find("gscs.") != -1) //we want to redirect this file { urlString.Replace("gscs.","scs."); char * newUrlString= urlString.GetBuffer(urlString.GetLength()); pHeaderInfo->SetHeader(pCtxt->m_pFC, "url", newUrlString); return SF_STATUS_REQ_HANDLED_NOTIFICATION; } //we want to leave this alone and let IIS handle it return SF_STATUS_REQ_NEXT_NOTIFICATION; } DWORD CRedirectorFilter::OnEndOfNetSession(CHttpFilterContext* pCtxt) { // TODO: React to this notification accordingly and // return the appropriate status code return SF_STATUS_REQ_NEXT_NOTIFICATION; } // Do not edit the following lines, which are needed by ClassWizard. #if 0 BEGIN_MESSAGE_MAP(CRedirectorFilter, CHttpFilter) //{{AFX_MSG_MAP(CRedirectorFilter) //}}AFX_MSG_MAP END_MESSAGE_MAP() #endif // 0 /////////////////////////////////////////////////////////////////////// // If your extension will not use MFC, you'll need this code to make // sure the extension objects can find the resource handle for the // module.  If you convert your extension to not be dependent on MFC, // remove the comments arounn the following AfxGetResourceHandle() // and DllMain() functions, as well as the g_hInstance global. /**** static HINSTANCE g_hInstance; HINSTANCE AFXISAPI AfxGetResourceHandle() { return g_hInstance; } BOOL WINAPI DllMain(HINSTANCE hInst, ULONG ulReason, LPVOID lpReserved) { if (ulReason == DLL_PROCESS_ATTACH) { g_hInstance = hInst; } return TRUE; } ****/

  • Anonymous
    August 04, 2009
    David, spot the similarity: http://umakanthn.blogspot.com/2006/05/url-redirection-basics-for-iis.html?showComment=1249470563587#c5590832175879454994

  • Anonymous
    September 10, 2009
    Hello, this is my case: I have a URL www.nametoolong.com and I have another URL www.ntl.com which is an easy url for the visitors to remember. Now when someone comes thru the short url and I do a redirect to my regular long url I know I'm losing session info and some other stuff. Is there a way to redirect/formard the short url to the long one? i.e. when I type www.ntl.com/promo and hut enter I would like to load www.nametoolong.com/promo ... many thanks for the help! Javier

  • Anonymous
    September 25, 2009
    Don't want to seem silly here, but did I miss the actual HOW-TO? I do not see any instructions on how to get this done. What I would like to do (based on your taxonomy), is server-side redirection or http://external to http://internal, with the external never changing. I however do not see your instructions on getting this done. Could you please point me to where the instructions actually are? I would really like to have a look at your instructions as I'm required to implement this soon. Much appreciated. Thanks.

  • Anonymous
    October 15, 2009
    hi,david in method OnUrlMap, pCtxt->ServerSupportFunction(SF_REQ_SEND_RESPONSE_HEADER, "403 Forbidden", NULL, NULL); return SF_STATUS_REQ_FINISHED; it work well in IIS 6.0, but in IIS 7.0, i receive page like HTTP/1.1 403 Forbidden, [HTTP/1.1 403 Forbidden] this content show in the page, could you give me some advice? please send me email: cothly@hotmail.com thank you in advance!

  • Anonymous
    November 11, 2009
    Here is a tutorial I wrote with specific examples on how to set up server-side IIS redirection.  Examples include redirecting Exchange to SSL and redirecting with Parameters. <a href='http://davidhazar.blogspot.com/2009/11/iis-makes-website-redirection-easy.html'>http://davidhazar.blogspot.com/2009/11/iis-makes-website-redirection-easy.html</a>

  • Anonymous
    December 10, 2009
    I would greatly appreciate assistance. We have only one server running windows 2008 server, and exchange 2010 server, and apache. When we type in the URL www.mydomain.com, IIS does not transer it to port 8080 (Where Apache is configured to listen to), and you get the following error "403 - Forbidden: Access is denied.".   if you type in the browser www.mydomain.com:8080, everything works.   What needs to be configured to allow incoming HTTP to be forwarded to port 8080? Any guidance or links to solve this would help. Thanks in advance