IIS Block Request by X-Requested-With - iis

I want to block any requests if the header X-Requested-With does not contain word "ShockwaveFlash". I am very bard with pattern, could anyone help me with this? Here's what I've tried:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="RequestBlockingRule1" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTP_X_Requested_With}" pattern="^Shockwave$" />
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

Related

How to set IIS rewrite rule for CORS?

I created an IIS rewrite role for a server url.
When I send request to [https://mysite/back/api/....][1], it will get data from https://remotesite/back/api/....
So my IIS rewrite config is like following.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="api">
<match url="^api/(.*)" />
<action type="Rewrite" url="`https://remotesite/back/api/{R:1}`" />
</rule>
</rules>
<outboundRules>
<clear />
<rule name="api">
<match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<add input="{HTTP_ORIGIN}" pattern="(.*)" />
</conditions>
<action type="Rewrite" value="{C:0}" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
But the [https://mydomain/back/api/][1] has a "Referrer Policy: strict-origin-when-cross-origin". So I can not send a javascript request to my domain.
How can I update the config?
You can use the IIS CORS module to solve this problem. For information about "IIS CORS module Configuration Reference", you can refer to this link.

IIS reverse proxy add Authorization header

I have set up Application Request Routing in IIS 8.5 for reverse proxy.
Proxy is working but I have to pass additional Authorization header to the site behind the proxy so it can authorize automatically. Problem is that it does not add the header. Is there something wrong with the configuration?
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<allowedServerVariables>
<add name="HTTP_AUTHORIZATION" />
</allowedServerVariables>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://https://my.test.service.url.com/{R:1}" />
<serverVariables>
<set name="HTTP_AUTHORIZATION" value="Bearer token12345=" />
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

IIS 10 Subdomain to folder

help me please.
I do not speak English, so I apologize if I make mistakes
in my writing (I use google translate) :(
Create my site with these features:
Bindings > *.holos.mx, holos.mx
Path > D:\Hosteos
In this directory D:\Hosteos\web.config
I have the rules:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Imported Rule 0" stopProcessing="true">
<match url="^(.*)$" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="^(.*)\.holos\.mx" ignoreCase="false" />
<!--<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />-->
</conditions>
<action type="Rewrite" url="{C:1}/{R:1}" appendQueryString="true" /><!-- .php -->
</rule>
</rules>
</rewrite>
<httpErrors errorMode="Custom">
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" prefixLanguageFilePath="" path="/404.aspx" responseMode="ExecuteURL" />
</httpErrors>
</system.webServer>
</configuration>
Create this folder: D:\Hosteos\beta
Inside this folder I have another web.config. (D:\Hosteos\beta\web.config)
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Imported Rule 1">
<match url="^life(|/)$" />
<action type="Rewrite" url="test.php" appendQueryString="false" />
</rule>
</rules>
</rewrite>
<httpErrors errorMode="Custom">
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" prefixLanguageFilePath="" path="/404.html" responseMode="ExecuteURL" />
</httpErrors>
</system.webServer>
</configuration>
The problem is when I enter by URL subdomains (http://beta.holos.mx/life) show error 404
When I enter URL base domain (http://holos.mx/beta/life) it shows me the content of my page test.php
How can I solve it?
You need to change URL in your rewrite action.
Your rule should be like that:
<rule name="Imported Rule 0" stopProcessing="true">
<match url="^(.*)$" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="^(.*)\.domain\.com" ignoreCase="false" />
</conditions>
<action type="Rewrite" url="http://holos.mx/{C:1}/{R:1}" appendQueryString="true" /><!-- .php -->
</rule>

Rewrite URL in Azure App Service Web.config to redirect root to index.html

How can I match the root url and redirect it to index.html?
I have tried:
<rule name="SPA">
<match url="^$" />
<action type="Rewrite" url="index.html" />
</rule>
and
<rule name="SPA">
<match url="" />
<action type="Rewrite" url="index.html" />
</rule>
in Azure App Service.
But they didn't work. I got: Cannot GET /
my Web.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="SPA">
<match url="^$" />
<action type="Rewrite" url="index.html" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
I tried Redirect as well. But no luck.
<rule name="Redirect to canonical url">
<match url="^$" >
<conditions>
<!-- Check whether the requested domain is in canonical form -->
<add input="{HTTP_HOST}" type="Pattern" pattern="^purchasehelper.azurewebsites.net$">
</conditions>
<!-- Redirect to canonical url and convert URL path to lowercase -->
<action type="Redirect" url="http://purchasehelper.azurewebsites.net/index.html" RedirectType="Found"/>
</rule>
You can try to add and modify the following rewrite content in web.config file:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Index Request" enabled="true" stopProcessing="true">
<match url="^$" />
<action type="Redirect" url="index.html" logRewrittenUrl="true" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

Add .html to url in Azure web.config rewrite

I am looking to use the sub-page link for a website on Azure, for example:
Html file mysubpage.html placed in the wwwroot directory in Azure. I wish to be able to access this page by typing mysite.com/mysubpage into the web browser. However, when I visit this url I get the output "The resource you are looking for has been removed, had its name changed, or is temporarily unavailable."
I understand that I need to do this with a web.config file in the wwwroot directory, but am unsure as to what contents the web.config file needs to contain?
I currently have the following:
<?xml version="1.0" ?> <configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Rewrite Rule">
<match url=".*" />
<conditions>
<add input="{StaticRewrites:{REQUEST_URI}}" pattern="(.+)" />
</conditions>
<action type="Rewrite" url="{C:1}" />
</rule>
<rule name="Remove html Extension" stopProcessing="true">
<match url="^(.+)\.html$" />
<action type="Redirect" url="{R:1}" redirectType="Permanent" />
</rule>
</rules>
<rewriteMaps>
<rewriteMap name="StaticRewrites" defaultValue="">
<add key="/mysubpage" value="/mysubpage.html" />
</rewriteMap>
</rewriteMaps>
</rewrite>
</system.webServer> </configuration>
Solved the issue. The following worked which removed the removal of the html extension:
<?xml version="1.0" ?> <configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Rewrite Rule">
<match url=".*" />
<conditions>
<add input="{StaticRewrites:{REQUEST_URI}}" pattern="(.+)" />
</conditions>
<action type="Rewrite" url="{C:1}" />
</rule>
</rules>
<rewriteMaps>
<rewriteMap name="StaticRewrites" defaultValue="">
<add key="/mysubpage" value="/mysubpage.html" />
</rewriteMap>
</rewriteMaps>
</rewrite>
</system.webServer> </configuration>
I understand that it you want to re-route numerous urls you can do this by adding extra lines with add as follows:
<add key="/mysubpage1" value="/mysubpage1.html" />
<add key="/mysubpage2" value="/mysubpage2.html" />

Resources