I have the following rule on the site to redirect http to https. We just found out though that our app got submitted with just an http for the api. Until we can get this updated I need the site to ignore calls to the /api folder and only redirect everything else. I’m sure there’s a way to say something like if URL does not contain /api/ then redirect.
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
Add an entry similar to
<add input="{R:0}" pattern="/api(/|$)(.*)" negate="true" />so that the whole file is:Example URL:
http://site.com/api/functionSo, if the URL after the site matches any of the following it will stop processing (and thus not push the user to https)
/api/api/anythinghttpsURLWe run into the same kind of thing with a large application run in IIS behind a reverse proxy. The URL rewrite addon for IIS (that you appear to be using) is a bit of a pain, but it does the job really well and tolerates the MVC framework.
As you mentioned, simply putting a rewrite block in an API directory won’t work because with MVC there are no directories. You would think MS would have a better solution for this — but they don’t. It makes things all the more challenging.