Modify Accept-Language Request Header using IIS - iis-7.5

I'm looking for a way to set the "Accept-Language" to a specific value for all incoming request. I use IIS 7.5+. I have looked at the rewrite module but can't seem to find the right combination to set the request header.
Any ideas?
Thanks
Frank

Found the answer. By using the Rewrite Module, and add a rule that runs on all incoming request [.*], and set the server-variable "HTTP_ACCEPT_LANGUAGE" to whatever the required setting.

Related

URL redirect when accessing domain

is the first time I'm using IIS (Windows Server 2019) and I'm looking for a configuration to be able to redirect clients from http://mysiteExample.org/ to http://mysiteExample.org/embed.html?key=val. I considered that URL Rewrite Module could help me to achieve this (as is not necessary for the clients to see the new URL they'll be redirected to). I made the configuration as shown in this screenshot, where I set '^$' as a pattern to specify this should apply for cases where no URL string is provided.
Could somebody with more experience advise me on how to achieve what specified above?
Thanks in advance
I finally managed to make it work changing the action type from 'Rewrite' to 'Redirect'.

Adding custom response header in "HTTP Response Headers" module within IIS7 Manager ok to use if cannot access web.config file?

I am attempting to insert a custom response header to comply with a requirement to enable HSTS as the current layout is at risk against our cyber security audit.
I am referencing this previous StackOverflow thread as the "best answers" suggests to set the custom response header using the IIS7 Manager interface, versus the second "best answer" to be going into the web.config file and copy and pasting code into it.
I tried to follow directions to access using this link, but I did not get far because I do not have EFTAdHoc subfolder under Default Web Site on step 3.
I am curious if it is still ok if I set the custom response header this way:
I am curious if it is still ok if I set the custom response header this way:
This dialogue is adding headers for all requests. But in your case, you need slightly different. You need to add HSTS only for HTTPS requests. Answer in this thread which you referred before is correct because it is setting header only if it is HTTPS request.
You can do that with IIS Manager.
1) Go to URL Rewrite
2) Click Add Rule -> Outbound rules -> Blank rule
3) Fill fields like that:

Modify Response Header with Chrome - nosniff

I am trying to add the attribute X-Content-Type-Options:nosniff to my HTTP response.
But I can't add this attribute, just modify if it exists. (www.google.de for example)
I used Chrome and tried several plugins like HeadersModify, ModHeader or Requestly: Redirect Url, Modify Headers.
Sven
Most probably, you are seeing a Chrome developer tools bug/limitation:-
Any modification in response headers is not visible in Chrome developer tools
In Requestly, You can setup a header rule like this:
In Requestly, you can also apply this rule to selective requests. I have left the field empty which applies the rule to all requests. Please modify it according to your use case.
Feel free to reach out to requestly.extension#gmail.com for any issues.

How to configure IIS ARR to do a ProxyPass?

Problem:
Need to proxy pass requests that ONLY matches the pattern: mywebsite.com/two-letter-country-code e.g mywebsite.com/es/ to mywebsite.vendor.com/es this second url is a Third-party vendor that will return content translated.
Work In progress:
IIS doesn't natively support ProxyPass so I installed "Application Request Routing (ARR)" to configure a forward proxy following the instructions in this article https://www.iis.net/learn/extensions/configuring-application-request-routing-arr/creating-a-forward-proxy-using-application-request-routing, in the step 14 while configuring the rewrite rule it says to add:
Rewrite URL: http://{C:1}/{R:0}
If my understand is correct in my case I will want to do something like
Rewrite URL: http://mywebsite.sl.vendor.com/{C:#}
Where {C:#} will return "es" or whatever the language the URL is going to.
My questions
1. Is my rewrite understanding correct?
2. Do I have to configure the Server Farms?
I noticed that by installing ARR, "Server Farm" is now available for configuration, but not sure if there is anything I need to do there.
1. Is my rewrite understanding correct?
No, since I wanted to match the two letter country codes the Patter should be:
^([a-z]{2}/(.*)|/[a-z]{2}$)
And the Rewrite URL under Action Properties should be:
https://mywebsite.sl.vendor.com/{R:0}
{R:0} will be the back-reference of specified pattern so an incoming request for mywebsite.com/es/ will be proxy passed as mywebsite.vendor.com/es were {R:0}=es/ as expected
2. Do I have to configure the Server Farms?
Is not require to do any special configuration in the server Farms to get the forward proxy working.
The third party service I was forwarding the request to, require to have the host header to be the server forwarding the request in this case mywebsite.com but in their end they were receiving mywebsite.vendor.com, to accomplish this you have to set the property preserveHostHeader to true, this can be found in the Configuration Editor

How to hide the 'server' parameter in the apache2 http response header?

My question is posed in the title. But I ask also, instead of hiding it, isn't it possible to replace it by a custom value? Maybe over php or by editing the apache2 config?
Thank's in advance!
You could use mod_security for Apache, there is a directive called SecServerSignature it allows you to change the value of the Server header.
Another way would be to edit the the source code :)

Resources