8

I wanted to force all inbound connections to revert to HTTPS for my site. Searching StackOverflow.com for an answer yielded the following code:

<rewrite>
    <rules>
        <rule name="Redirect to HTTPS" stopProcessing="true">
                <match url="(.*)" />
                <conditions>
                    <add input="{HTTPS}" pattern="^OFF$" />
                </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
        </rule>
     </rules>
</rewrite>

This works great. Now everyone coming in to http://mySite.com is redirected to https://mySite.com.

mySite.com has a sub-application which is accessed at mySite.com/ajax/ . I don't want inbound connections to this sub-application to be subject to the rewrite; The original protocol (http or https) that the user specifies should be maintained when connecting to the /ajax sub-application. What shall I place in this child application's web.config file to negate the rewrite that takes place at the parent level?

(The reason I want the /ajax child site to be exempt from the https rewrite is because it may be accessed from third-party HTTP-based web pages. If the third-party page that's making the call to /ajax is HTTP (not HTTPS), then I want to retain that HTTP'ness when the call is made.)

4

1 に答える 1

19

The following web.config snippet should do what you want. It removes all rewrite rules for this application.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <clear />
                <!-- Insert rules for this application (if any) **below** the "clear" -->
            </rules>
        </rewrite>
    </system.webServer>
</configuration>
于 2013-04-30T23:51:54.080 に答える