Creating redirect rules is something most web developers will have to do throughout their careers.  Marketing has done something silly and need a quick fix, an SEO company wants to remove a trailing slash to improve pages, a new product has launched and a more exact URL is required, the list could go on and on.  If you're like me, you'll do a basic redirect and then when you're asked again in a few months' time, you'll have forgotten what you need to do and Google it.  If that's you, then this quick overview of re-directs will help you.

301 Redirects

The most common type of re-directs are 301 redirects.  This is where a URL needs to change and redirect someone to a new location.  With a re-direct the URL in the user browser will change.  If they type in www.website.com, they will be redirected to a completely new URL.  This URL can be another page, or file in your website, or it can be a file, image of whatever you like on another website.  

Some common scenarios when you'll be asked to do this might include during a website migration. Any good SEO company will tell you that you don't want to lose your precious search engine ranking when you upgrade your website and your URL structure changes, creating a 301 redirect from the old URL structure to the new URL structure is a common request.  Other common scenarios, might be requests to make the site's URLs only work with HTTPS (read this), or, all URLs must use WWW (read this).  In these instances, a common re-write rule might look like the one below:

The complex part of the redirects is usually the regular expressions part, in the tag.  Getting the regex right is usually the complex part of getting a redirect working.  To help claify things, I'll give some examples of rules and how they match to actual URL's: 

You might be wondering what all the strange characters look like, so here's a brief guide:

  • ^ - Match when the first page of your URL. after your domain matches
  • $ - Match only if the rule is at the end
  • ? - An OR, to create an optional parts within a rule
  • . - Match based on a single character
  • * - Matches on zero or more times
  • + - Match on one or more times
  • (.*) - Matches any character
  • \. - Match anything with a literal dot in it.  The literal dot, can be replaced for, a-z etc..
  • ([^.]*) - Match anything except a literal dot

In a rediret rule, the URL will change if a redirect rule is matched.  The other type of rewrite is Rewrite redirect. Rewrite rules when matched won't change the URL in a user's browser, they simply display content from a different location and make it look like it's coming from the original URL.

If you use MVC and you need to redirect to another page, then I would recommend considering defining a new route in your routes config file, but performing a rewrite at a higher level within IIS is usually a bit more efficient.  A rewrite rules look really similiar to a redirect rule, except the action type is set to Rewrite:  

Reverse Proxy

Up to this point, the redirects the rewrite we have been doing have all been to pages within the current site.  In some rare examples where you need to provide some pages from a legacy application for example, you may need to create rewrites to assets on a different server as a reverse proxy.  By default IIS won't allow you to do a rewrite to a remote server for obvious security reasons. 

Unless you need a specific reason to do this, there's no point in exposing it otherwise as it is a bit of a risk.  To set-up IIS as a reverse proxy, you will need to install Application Request Routing.  For the security conscious out there, this is an offical Microsfto product and not some third-part bolt on.  To download it , you will need to do here, https://www.iis.net/downloads/microsoft/application-request-routing.


After installing ARR, you should be able to see it within IIS on the server level.  Click on it.


Click the 'server proxy' settings button.

Tick the 'Enable proxy' button.  Doing this will now allow you to create Rewrite rules that point to pages on websites that don't live in your web server.  If you do not enable, ARR and try to rewrite to a different domain, you will see a 404.4 error.  This is worth knowing, as from personal experience, you can spend ages figuring out why your redirect rule isn't working, when in essence it is, IIS just han't been configure with the correct security permissions to make it work :P

Whitelisting IP Addresses

Often, when you launch a new website, you may need to run your current website and your existing website in parallel. For example, you may want to run a beta.website.com version of your website that can only be accessed by internal people. There are a number of different techniques and approaches you can do this, one of which is whitelisting certain IP address to access your new website.