Will my urlrewrite rule (IIS) adequately protect my Origin IP?
I'm trying to disallow connections using either:
an IP address directly; or
another Cloudflare website domain name that may be pointed to my IP address.
My proposed urlrewrite rule (Allow connection only for myname.com):
<rule name="Allow only myname.com" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^myname\.com$" negate="true" />
</conditions>
<action type="CustomResponse" statusCode="403" /></rule>
As far as I know, there is no need to use url rewrite to protect your IP address. IIS will check the host name by default, if you add the hostname in the binding.
For example,
If you add the hostname in the binding as below image shows.
If you access the application by using IP address, it will show 400 error as below:
If you used the different domain like localhost.
Related
I have chosen to move a domain with an expired SSL certificate to a subdomain on a different valid wildcard certificate.
I used the following web.config section to perform the redirect:
<rule name="Redirect corporate to subdomain" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www.woodfordcorporate.co.za$" />
</conditions>
<action type="Redirect" url="https://corporate.woodford.co.za/{R:0}" appendQueryString="true" redirectType="Permanent" />
</rule>
It doesn't seem to be working, even after I clear the browser cache, and I'm wondering if the fact that the domain is still listed in the Azure site configuration is causing the certificate to be evaluated before the web.config is processed? Surely I need the domain to be listed under custom domains and TLS/SSL settings, otherwise the users will never reach the site in the first place?
How can I achieve a redirect in this case?
Suppose that I have a server ip of 184.198.74.73 and domain of testing.com hosting in IIS 10? How can i block user from accessing the site with ip address?
Problem description:
Taking google.com as example. I ping google ip can get its ip address.
However I can't access it using IP address even using Postman.
How can this be done?
The first thing is just set the binding in iis for a site with the domain name. as shown in the below image.
you could set rule to do not allow host header to IP address:
<rule name="RequestBlockingRule1" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTP_HOST}" pattern="192.168.2.50" />
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
</rule>
then you could set the iis IP and domain name restrictions if you do not want to allow specific IP address or range of IP address to access your site.
https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-8/iis-80-dynamic-ip-address-restrictions
I created web app named XYZ in MS Azure. It automatically created domain XYZ.azurewebsites.net. Then I bought and added a custom domain. The problem now is the XYZ.azurewebsites.net still shows what has been deployed to my domain MYDOMAIN.COM. How can I remove the default domain?
You can't remove Azure's DNS record - that is how everything for your web app is controlled/managed in Azure. You can add no-index and no-follow options for search engines and add a permanent redirect in your app from the Azure DNS to yours.
Alright, so after some googling, I found out this is a common problem with using Azure (shame MS doesnt makes life easier here).
I solved it by using permanent redirect in web.config from this thread
Getting mapped custom domain url in Azure
Thank you for taking interest
Petr
I was using the Web Application Gateway with my Azure App service and I found the below option of 'Access Restrictions' after that it stopped all the traffic on my default DNS link of https://SAMPLE.azurewebsites.net
Here is the way to look for 'Access Restrictions'
I added two rules to my web.config file. The first was a rule to perform a permanent redirect from the default domain to the custom domain. You can also throw a forbidden error message with HTTP status code 403. The second rule was an outbound rule to block search engine requests to the default domain.
<system.webserver>
<rewrite>
<rules>
<rule name="Redirect old-domain to new-domain" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^old-domain.azurewebsites.net$" />
</conditions>
<action type="Redirect" url="https://new-domain.com/{R:0}" redirectType="Permanent" />
</rule>
</rules>
<outboundRules>
<rule name="Noindex Domains">
<match serverVariable="RESPONSE_X_Robots_Tag" pattern=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^old-domain.azurewebsites.net$" />
</conditions>
<action type="Rewrite" value="NOINDEX, NOFOLLOW"/>
</rule>
</outboundRules>
</rewrite>
</system.webServer>
If your site is verified with Google under its Search Console, you can also temporarily remove a URL from search results; it lasts 6 months. Go to Removals, click the "New Request" button and then use a URL prefix as the option for blocking indexing; it will block all requests beginning with the URL instead of the root URL only. This request can take a little while to process. You can also submit a Change of Address request to let Google know you have changed site URLs by going to Settings > Change of address, where you can specify the old domain and new/moved domain.
My azure web application (myapp.azurewebsites.net) is mapped to a custom domain (client1.mycompany.com).
I will be mapping it to some more custom domains (client2.mycompany.com, client3.mycompany.com etc.) one per each client.
In web application I am using
HttpContext.Current.Request.Url.Host
to get custom domain address which is accessing the application. But it is sometimes returning myapp.azurewebsites.net instead of custom domain.
Any idea how I can custom domain url in Azure in reliable way?
As Admir said in his answer the default *.azurewebsites.net binding cannot be removed, but it is very easy to prevent users from using this domain name for your site.
<rewrite>
<rules>
<rule name="Canonical Host Name" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="client1.mycompany.com" negate="true" />
</conditions>
<action type="Redirect" url="http://client1.mycompany.com/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
*.azurewebsites.net is not removable which means it is out of your control if someone will access your website through that DNS binding, which explains why you get that when you attempt to inspect HttpContext.Current.Request.Url.Host.
Only thing you can do is to choose to ignore requests coming directly to that binding, by redirecting user to:
Custom page (i.e. 404)
Some default custom domain
I have a Wordpress-based web site hosted in Azure websites with a custom domain (www.mydomain.com) that is working great.
Now I want to let another domain (www.anotherdomain.com) respond to the same Azure website. But www.anotherdomain.com is an old website where its pages are no longer available either in new or old places.
This means I need to redirect any URL from www.anotherdomain.com to the root (home page) of www.mydomain.com without any http error messages.
Example: www.anotherdomain.com/products/blablabla.aspx to www.mydomain.com
I suppose I have to add some rewrite rules on web.config, but I have no idea on how to make them.
In addition, what would be the changes (if any):
1 - At my DNS zones for both domains
2 - Azure website domain configuration.
Thank you,
Igor
I think you will need to assign hostname www.anotherexample.com to the same wordpress site that hosts www.example.com by following instructions here.
After that you will need to add a redirect rule to your site that will redirect requests www.anotherexample.com to www.example.com:
<rewrite>
<rules>
<rule name="Redirect host name" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="www.anotherexample.com" />
</conditions>
<action type="Redirect" url="http://www.example.com/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
If your new site is WordPress based so it will very easy for you. just go to DNS management zone and add entry of domain forwarding and off Path Forwarding.No need to do any change in Azure site settings.
if you will turn On Path Forwarding even then WordPress will handle and it will not give any http error.
for example my site is http://subhashsingh.com and from http://study-desk.org you can get the same site even you will hit a wrong url like http://study-desk.org/12/new .