How to set IIS url rewrite for http header - iis

This is an inbound rule in my iis web site.
<rewrite>
<rules>
<rule name="ToBackEnd">
<match url="^v1/api/(.*)" />
<action type="Rewrite" url="https://172.16.8.78/v1/api/{R:1}" />
</rule>
</rules>
</rewrite>
I want to add a header (Access-Control-Allow-Origin) to the response for oly this request. There are some solutions tags in . But I do not want this? How can I set in rule?

URL rewrite outbound rule can help override the Access-Control-Allow-Origin from your application for specific URL but it can't add response header. So if you can get the expected header by rewriting your existingAccess-Control-Allow-Origin. Then outbound rule can be involved.
<outboundRules>
<rule name="outbound rule" enabled="false">
<match serverVariable="Access-Control-Allow-Origin" pattern=".*" />
<action type="Rewrite" value="*" />
</rule>
</outboundRules>
If you only need to add a header only for specific page. You can use CORS module with <location> tag
https://www.iis.net/downloads/microsoft/iis-cors-module
If you need to add another header for wildcard URL like v1/api/*. Then custom httpmodule in integrated pipeline would be a choice.

Related

IIS return 200 OK to any request

How to configure IIS to return 200 OK to any URL request?
Any request that arrives to IIS should immediately return 200 with an empty body.
It is not important how this is achieved, either thru configuration or code.
As lex says, we could use url rewrite to achieve your requirement. You could install url rewrite firstly by using this url:https://www.iis.net/downloads/microsoft/url-rewrite.
Then you could add below rule into the web.config.
<rewrite>
<rules>
<rule name="Customresponse" stopProcessing="true">
<match url=".*" />
<action type="CustomResponse" statusCode="200" statusReason="test" statusDescription="test" />
</rule>
</rules>
</rewrite>

Change Host Header with IIS URLRewrite

I have requests coming to my webserver at
http://www.example.com/blog
I want to Rewrite that to another server listening on
http://blog.example.com
Here is my rewrite rule:
<rule name="blogredirect1" stopProcessing="true">
<match url="^blog(.*)" />
<action type="Rewrite" url="http://blog.example.com{R:1}" />
</rule>
What ends up happening is the rewrite sends the request to the second servers IP at blog.mysite.com but the request header's host is still www.mysite.com.
How do I make sure that the redirected request HOST is set to blog.mysite.com (which is set in the redirect rule)
May I know how did you check the HOST header?
It is recommended to check {HTTP_HOST} variable instead of view the HTTP header directly. Because if you view the request header, you will always see www.mysite.com.
You could fetch {HTTP_HOST} request variable from backend server blog.mysite.com.
However,If you means page in blog.mysite.com also displayed {HTTP_HOST} as www.mysite.com.Then please check whether you have set system.webServer/proxy/preserveHostHeader to true?
By the way, IIS support to rewrite HTTP_HOST manually, you could modify your rule like this:
<rule name="blogredirect1" stopProcessing="true">
<match url="^blog(.*)" />
<action type="Rewrite" url="http://blog.example.com{R:1}" />
<serverVariables>
<set name="HTTP_HOST" value="blog.example.com" />
</serverVariables>
</rule>
Please remember to Allow Server Variable{HTTP_HOST} in URL rewrite.
https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/setting-http-request-headers-and-iis-server-variables
You could also set this in applicationhost.config <location path="sitename"> section.
<location path="Default Web Site">
<system.webServer>
<rewrite>
<allowedServerVariables>
<add name="HTTP_HOST" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</location>

Rewrite rule not working on IIS with using Regex

I'm trying to write a rewrite rule in on Windows Server 6.2. Although I used IIS Manager to create the code, it didn't work.
I tried stopProcess true/false, used different regex, restart server several times. Nothing changed. I followed the whole steps on Microsoft's web site on https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/creating-rewrite-rules-for-the-url-rewrite-module
<system.webServer>
<rewrite>
<rules>
<rule name="Rewrite to e-campus" stopProcessing="true">
<match url="[^\/]+\/\/([^\/]+:?[0-9]?)\/.*" />
<action type="Rewrite" url="{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
I want to show only main URL. My domain is http://e-campus.example.com.
For example if someone go to that link: http://e-campus.example.com/Login/Student
Server should rewrite to this:
e-campus.example.com (with hiding http:// but it's not important)
So basically I just want to show main URL. But it keeps showing full path. What am I missing here?
According to your description, I found your regex match the whole url. But the iis url rewrite will not get the whole domain, it will just get the part of the url not the whole url.
For example:
If your url is http://e-campus.example.com/Login/Student., the match url part is
login/Student.
So if you want to rewrithe all the request to e-campus.example.com, you should use below url rewrite rule.
<system.webServer>
<rewrite>
<rules>
<rule name="Rewrite to e-campus" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://e-campus.example.com/" />
</rule>
</rules>
</rewrite>
</system.webServer>

IIS Removing nosniff header for images

I have an API that return me images, like:
/api/products/images/233 -> This will return me an 233.jpg image
But my IIS has a rule to add the X-Content-Type-Options header to the requests for security, but that break the images on Internet Explorer, so I need a way to remove this rule when the endpoint /products/images/ is called or a way to add the header only if it's no that endpoint.
I tried to use this about Custom Headers
But it didn't work, I tried like this:
<system.webServer>
<rewrite>
<outboundRules>
<rule name="Remove nosniff">
<match serverVariable="RESPONSE_X_Content_Type_Options" pattern="/products/images/" />
<action type="Rewrite" value="none"/>
</rule>
</outboundRules>
</rewrite>
</system.webServer>
But it didn't change anything, the images still having the "nosniff" header.
Am I missing some configuration? Or there is another way to do that?
Your match condition is checking if the header RESPONSE_X_Content_Type_Options contains the value /products/images/ instead of nosniff. You can use a Location block to restrict this rule to /products/images/, then use pattern="nosniff" to find the value nosniff
<configuration>
...
<system.webServer/>
...
<location path="products/images/">
<system.webServer>
<rewrite>
<outboundRules>
<rule name="Remove nosniff">
<match serverVariable="RESPONSE_X_Content_Type_Options" pattern="nosniff" />
<action type="Rewrite" value="none"/>
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</location>
</configuration>
See docs for element: https://msdn.microsoft.com/en-us/library/b6x6shw7(v=vs.100).aspx

IIS7 rewrite rule to another domain?

I have two domains: first.com and second.com.
In these domains there are two ASP.NET applications hosted in IIS 7.
Page in application http://first.com.index references a script which source is http://second.com/script.js
Script is doing some ajax POST but browser is blocking is because cross domain restriction.
Is it possible to create rule on IIS so a specific request for http://first.com/script.js
would be passed to http://second.com/script.js (executed there and returned to client) ?
I tried to add rewrite rule in first.com but it does not work:
<system.webServer>
<rewrite>
<rules>
<rule name="test" enabled="true" stopProcessing="false">
<match url=".*/script.js" />
<action type="Rewrite" url="http://second/script.js" appendQueryString="false" logRewrittenUrl="true" />
</rule>
</rules>
</rewrite>
</system.webServer>
Action type="Redirect" works but it is not what I am looking for cause it returns 302 response to client. I want pass request directly to second application instead.

Resources