I want to block access from the web to the logs subfolder on a website. The following web.config seems to work...
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="logs" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>
...but it will also block access to any logs folder in all subfolders (foo/logs, foo/bar/logs, etc.).
How can I block only the logs folder that is in the same folder as the web.config file?
I know I can put a web.config file directly in the logs directory, but that is not an option here because it will most likely get wiped by accident when someone wipes the log files.
You could iis url rewrite rule to block the request for a particular folder.
below is the rule:
<rule name="RequestBlockingRule16" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{URL}" pattern="^/s2/(.*)" />
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
</rule>
folder structure:
s1 is the site root folder.
Related
I have an MVC dot net application (multi-tenant platform) deployed on Azure Web App.
I have configured two tenants: tenant1 and tenant2, with their URLs:
primer-test.azurewebsites.net/tenant1 and
primer-test.azurewebsites.net/tenant2
Both of them are accessible from IE, Safari etc. I purchased two domains on GoDaddy:
domain1.com
domain2.com
and I would like to configure the rewrite rules for them so whenever someone types in his browser either www.domain1.com or domain1.com, the content of primer-test.azurewebsites.net/tenant1 should be presented. Similarly, for the domain2.
I have attached these two custom domains to my web app, with no problem. I wrote the rewrite rules, but they seem to don't work as expected.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<rewrite>
<rules>
<rule name="domain1.com" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^(www.)?domain1.com" />
<add input="{PATH_INFO}" pattern="^/tenant1/" negate="true" />
</conditions>
<action type="Rewrite" url="\tenant1\{R:0}" />
</rule>
<rule name="domain2.com" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^(www.)?domain2.com" />
<add input="{PATH_INFO}" pattern="^/tenant2/" negate="true" />
</conditions>
<action type="Rewrite" url="\tenant2\{R:0}" />
</rule>
</rules>
</rewrite>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\kobsq.dll" stdoutLogEnabled="false" stdoutLogFile="\\?\%home%\LogFiles\stdout" />
</system.webServer>
</location>
</configuration>
Any idea what might be wrong?
Thanks very much!
In this case, from the URL you provided, I can see that primer-test.azurewebsites.net is the webapp you created and used. tenant1 and tenant2 should be virtual applications in webapp.
Concept:
Virtual application
Related Posts:
1. How to deploy a Flask+React application to Azure Web Service
2. Hosting Two Website Under one Web App - Azure Services
Correct use process and test steps:
Step 1.
Preparation work, create a main application of the .net framework (use web.config in the project for the purpose of configuring rewrite.
Configure in portal.
Create folder under site path and deploy virtual app by zip.
Test it without rewrite settings.
Step 2. Modify web.config file in RewriteTest project.
Step 3. Create custom domain to test.
Step 4. Test result. Fulfill your needs.
I need to achieve in IIS the following:
check for changed .txt files in dir with url http://server/dir/test.txt without cache
rewrite url to empty.txt if file does not exist
My configuration:
<rewrite>
<rules>
<rule name="test-txt" patternSyntax="Wildcard" stopProcessing="true">
<match url="*.txt" ignoreCase="false" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
</conditions>
<action type="Rewrite" url="empty.txt" />
</rule>
</rules>
</rewrite>
<caching>
<profiles>
<add extension=".txt" policy="DisableCache" kernelCachePolicy="DisableCache" />
</profiles>
</caching>
If file is changed, I get code 200 and actual content. Works as expected.
If file not changed - 304. Works as expected.
If file is deleted, after first check I get error 404.0. Why?
After second request I get code 200 and content of empty.txt. Works as expected.
If I create file at that moment, it works as expected. But if make requests in short time intervals (every 3-4 seconds), it doesn't matter any more if file test.txt exists or not, I get code 304 or content of empty.txt if I change it. But if I stop requesting file for some minutes, it works again as expected.
It looks like IIS has some sort of cache for static file checking. How to make it work as expected with static files only? (and without getting error 404 if possible)
It is not output caching, its just about browser cache.
So if you want to prevent cache for specific folder, please place this in the root web.config of your website/application. In this case, you have to disable location path for both example.txt and dir directory
<location path="dir">
<system.webServer>
<staticContent>
<clientCache cacheControlMode="DisableCache" />
</staticContent>
</system.webServer>
</location>
<location path="empty.txt">
<system.webServer>
<staticContent>
<clientCache cacheControlMode="DisableCache" />
</staticContent>
</system.webServer>
</location>
If you want to disable browser cache for all site, please just set
<clientCache cacheControlMode="DisableCache" />
without location attribute.
Your rule works fine on my side, so you just have to disable client side cache for the required folder/file.
I have a simple question which is driving me crazy from the last week: I splitted a big application in "Default Web Site" into single applications grouped by directory so everyone could have his own git repository. So the main root directory is quite empty, just few scripts linked from outasides statically.
All the user point to the root directory, and I would like redirect this pointing to the stable application in /subdir_stable and not showing the user this action. Every application in subfolders have an own prefix beginning from his local and works in every subfolder I put.
So I need two type of action:
- users point to myhostname.local
- action1: get redirect to myhostname.local/subdir_stable
- action2: keep having their urls as myhostname.local
I have achieved the action1 using the url rewrite with this web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rewriteMaps>
<rewriteMap name="/spot_backend">
<add key="/" value="/spot_backend" />
</rewriteMap>
<rewriteMap name="/">
<add key="/" value="/spot_backend" />
</rewriteMap>
</rewriteMaps>
<rules>
<rule name="Rewrite rule1 for /">
<match url=".*" />
<conditions>
<add input="{/:{REQUEST_URI}}" pattern="(.+)" />
</conditions>
<action type="Rewrite" url="{C:1}" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
I don't how to achieve the action2. Any hints?
I have a website built on Angular7 with server side rendering deployed on an Azure App Service. I had to add a web.config file in order to make the server.js run.
Here's the web.config file
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<webSocket enabled="false" />
<handlers>
<add name="iisnode" path="server.js" verb="*" modules="iisnode"/>
</handlers>
<rewrite>
<rules>
<!-- Do not interfere with requests for node-inspector debugging -->
<rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^server.js\/debug[\/]?" />
</rule>
<!-- All other URLs are mapped to the node.js site entry point -->
<rule name="DynamicContent">
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="True"/>
</conditions>
<action type="Rewrite" url="server.js"/>
</rule>
</rules>
</rewrite>
<security>
<requestFiltering>
<hiddenSegments>
<remove segment="bin"/>
</hiddenSegments>
</requestFiltering>
</security>
<httpErrors existingResponse="PassThrough" />
</system.webServer>
</configuration>
This site is deployeed to mysite.com and everything works fine.
I now need to create a virtual directory mysite.com/app to hold a different application (on the old AngularJS). Without the server side rendering I just create the virtual directory on Azure Portal and everything works fine. Because of the server side and the "redirection" to server.js the virtual directory is no longer working.
Is there any Rule to put on the web.config file to ignore the requests of /app, not to run the nodejs server?
I got my response on another question (credit to dana) so I've just added the rule
<rule name="ignore app application" stopProcessing="true">
<match url="^app" />
<action type="None" />
</rule>
before the other rules. This way if the url typed is mysite.com/app the node server won't be "activated" and the virtual directory works as expected.
I have a simple wildcard routing rule I want to apply for my Azure web app.
<rule name="MyRule">
<match url="*" />
<action type="Rewrite" url="/index.html" />
</rule>
Do I have any option here given I can't RDP into the machine and fiddle with IIS? This is not an ASP.Net website, it's a simple SPA application.
You need to create a web.config file in your wwwroot folder and put the relevant config entries there.
Here's an example of an web.config rule, to give you an idea of what it should look like.
The below example redirect the default *.azurewebsites.net domain to a custom domain (via http://zainrizvi.io/blog/block-default-azure-websites-domain/)
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect rquests to default azure websites domain" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^yoursite\.azurewebsites\.net$" />
</conditions>
<action type="Redirect" url="http://www.yoursite.com/{R:0}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
If simply want all URL's that resolve to this server & site to redirect to index.html you could use this rewrite section:
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="SPA">
<match url=".*" />
<action type="Rewrite" url="index.html" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
This is very similar to what you have except some minor syntax fixes e.g. the pattern should be ".*" and the rewrite URL target simply "index.html".
Note this means that ALL URL's to your site will be rewritten, even for other resources like CSS and JS files, images etc. So you'd better be fetching your resources from other domains.
If you want to do actual rewrites (not redirects), dont forget enabling ARR with applicationHost.xdt file put to the site folder with the following content:
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" />
<rewrite>
<allowedServerVariables>
<add name="HTTP_ACCEPT_ENCODING" xdt:Transform="Insert" />
<add name="HTTP_X_ORIGINAL_HOST" xdt:Transform="Insert" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>