// https:// http:// and rewrite rules RSS

1 reply

Last post Mar 20, 2015 02:45 AM by Pengzhen Song - MSFT

  • // https:// http:// and rewrite rules

    Mar 19, 2015 08:34 AM|cln.lgr|LINK

    With a combination of http://forums.iis.net/t/1171154.aspx and http://forums.iis.net/t/1171154.aspx I've resolved a few issues but I'm still wary that there is a flaw in the setup.

    Issue is that I want to play media on (login) https://siteA.ca/ from the a (public) streaming server http://siteB.ca/. Both owned by us but different domains.

    The issue was resolved by adding a RULE or modifying the web.config;

    <?xml version="1.0" encoding="UTF-8"?>
                    <rule name="PreventRandomHit" enabled="true" stopProcessing="true">
                        <match url=".*" />
                            <add input="{HTTP_REFERER}" pattern="^https://siteA.ca/.*$" negate="true" />
                        <action type="AbortRequest" />

    Hiccup was that it didn't seem to work all the time. SiteA loads a secure page and didn't like that some content (from siteB) was not secure so it showed a https yield icon which meant "This page contains both secure and nonsecure items."

    To resolve a workaround, I totally removed http from the URL. (something like:)

    <video><source src="//siteB.ca/01.mp4" /></video>

    All seemed smooth but I'm unclear why, if I pasted //siteB.ca/01.mp4 into a browser, that QuickTime still loaded the video without passing through the RULE.

    Now I did test again this morning and being logged out of siteA and pasting //siteA.ca/01.mp4... the video DIDN'T play. I then logged back into the https siteA and then pasting the URL and it was blocked.

    SO ... Was my browser just caching the video and playing it 'locally', or was is it still using the session from another browser tab? or is the RULE have issues?

  • Re: // https:// http:// and rewrite rules

    Mar 20, 2015 02:45 AM|Pengzhen Song - MSFT|LINK


    I think it is cache issue. You can try using fiddler to check if etag header is present. The rule should be ok.

    We are trying to better understand customer views on social support experience. Click HERE to participate the survey.