0

I'm having a weird redirect loop that only shows up on mobile devices.

I'm using IIS10 & urlrewrite to redirect requests to HTTPS. I've installed an SSL certificate from sectigo and used the same redirect rule that's always worked for me. It's quite weird that it works fine on desktop but not on mobile.

I've tested the issue persists across any mobile-device browser: safari, chrome, firefox and both Android/IOS devices across different networks. I've cleared the cache on the devices manually several times and it does nothing to solve the problem.

On the server side I have 4 bindings total IE:

example.com

www.example.com

https://example.com

https://www.example.com

With server identification turned on and the correct cert file selected for the 2 HTTPS bindings. The URL rewrite rule is:

<rewrite>
            <rules>
                <rule name="Redirect to HTTPS" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
                </rule>
            </rules>
        </rewrite>
UserSN
  • 691
  • 1
  • 4
  • 25

2 Answers2

0

In the response headers of the website I added a new entry Name=cache-control Value=no-cache,no-store this got the site loading on mobile. Not sure exactly how but I think the site was stuck in a forever 301 permanent loop

UserSN
  • 691
  • 1
  • 4
  • 25
0

It is really weird while I tested the redirect rule is no problem. So I suggest you enable fail request tracing so that you can see what happened when you access site through mobile.

No-cache instructs the browser that it must revalidate with the server every time before using a cached version of the URL. No-store instructs the browser and other intermediate caches (like CDNs) to never store any version of the file. But some mobile devices ignore headers like no-cache, no-store, you need to manually set these in the response to allow the browser to get the correct URL information. Because in the process of access, the client and the server are constantly transmitting information back and forth.

There may be other factors, such as when you manually clear the cache and it is not cleaned up. Many browsers have an incognito mode. I suggest you try it in this mode.

Since I don't know your server provider (for your information security, you should not tell me), so there may be such a situation. Although the browser shows HTTPS, the server is treating it like an HTTP request. Thus the server always believes it is receiving an HTTP request.

To reduce costs [many hosting providers install the] SSL certificate on the Gateway and this gateway is simply rewriting the request to standard HTTP when passing it to the actual web server. So by the time the request hits IIS and your web application it is a standard plain HTTP request. Some people have encountered this situation before, it is not necessarily the cause of your problem, but you can refer to it.

Bruce Zhang
  • 1,260
  • 1
  • 1
  • 5
  • Hi Bruce, I'm the hosting provider, i'm using IIS10 directly not CPanel or anything like that. It's not a local browser issue as i'm getting the same behavior across different devices & different networks. I tried adding the cache-control but that didn't help for this particular instance. The redirect loop is happening even with all URL rewrite rules turned off. – UserSN Oct 28 '20 at 23:22