hide/remove url extension in windows servers - html

I read that .htaccess doesn't work on windows server like godaddy. So to hide or remove extensions like .php and .html on URL, you can accomplish this by creating a web.config file with the following code:
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="RewriteHTML">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions> <action type="Rewrite" url="{R:1}.html" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
I tried to make web.config file and save it where index.php is with that code but nothing happened.. I tested it with the like this
<ul>
<li>
Attack on Titan Episode 3
</li>
</ul> with a href of "attackontitan-3"
I want url to be http://mysite/watching/attack%20on%20titan/attackontitan-3 not http://mysite/watching/attack%20on%20titan/attackontitan-3.php

Use rewrite to add the extension, like this:
<rule name="rewritephp">
<!--Removes the .aspx extension for all pages.-->
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="{R:1}.php" />
</rule>
Or This tutorial does a great job at explaining what you need to do with IIS.
http://atlantawebsites.blogspot.com/2010/06/vanity-urls-with-godaddy-hosting-using.html

You need to add a Rewrite and Redirect rules. The following will redirect and rewrite page.php to just page. If you want to do the same for html, just add those rules.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<!-- Remove the existing rules just incase we already defined them -->
<remove name="RedirectPhpExtensions" />
<remove name="RewritePhpExtensions" />
<!-- Add a rule to redirect x.php pages to just x -->
<rule name="RedirectPhpExtensions" enabled="true" stopProcessing="true">
<match url="(.*)\.php$" />
<action type="Redirect" url="{R:1}" redirectType="Permanent" />
</rule>
<!-- Add a rule to rewrite the x pages to x.php behind the scene -->
<rule name="RewritePhpExtensions" enabled="true" stopProcessing="true">
<match url="(.*)" negate="false" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="{R:1}.php" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Place this web.config in the root directory of your domain.
Then you need to restart the Application Pool on godaddy's site:
Web Hosting > Manage > IIS Management > Recycle App Pool button

Related

Add Exception To URL Rewrite And IIS Server

I have my first IIS Server set up and running. And I have successfully configured the URL Rewrite add on. It works perfectly for all incoming requests. How ever I want to exclude one additional website that runs on the same IIS server. Can someone teach me how to do this?
web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="^(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<serverVariables>
<set name="HTTP_REFERER" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
<action type="Rewrite" url="http://working.backendserver:4588/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A, Base, Form, Img" pattern="^http(s)?://working.backendserver:4588/(.*)" />
<action type="Rewrite" value="http{R:1}://working.inbound.url.com/{R:2}" />
</rule>
<rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
<match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
<action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
<preCondition name="NeedsRestoringAcceptEncoding">
<add input="{RESPONSE_CONTENT_TYPE}" pattern=".+" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
enter code here

How to force site to use https only

I'm tryin to force my website to only accept https, by adding the following to my webconfig:
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
This works, if you load the site using http it now re-directs the site to https, but every time I try to go to a different page or submit a form I get a:
405 - HTTP verb used to access this page is not allowed.
This currentle my webconfi:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="PW_BADPOST" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REQUEST_METHOD}" matchType="Pattern" pattern="POST" ignoreCase="true" />
<add input="{HTTP_REFERER}" pattern=".*\/wp-admin.*" />
</conditions>
<action type="CustomResponse" statusCode="404"/>
</rule>
<rule name="PW_BadURL" stopProcessing="true">
<match url="^(.*)$" />
<conditions logicalGrouping="MatchAny">
<add input="{REQUEST_URI}" pattern="\.php" />
<add input="{REQUEST_URI}" pattern="die\(" />
<add input="{REQUEST_URI}" pattern="connector\.asp" />
</conditions>
<action type="CustomResponse" statusCode="404"/>
</rule>
<!-- directories to ignore -->
<rule name="PW_IgnoreDir" stopProcessing="true">
<match url="^(css|img|images|js|tools)\/(.*)$" ignoreCase="true" />
<action type="None" />
</rule>
<!-- Pages -->
<rule name="PW_Pages" stopProcessing="true">
<match url="^(.*)$" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
</conditions>
<action type="Rewrite" url="index.php?{R:1}" />
</rule>
</rules>
</rewrite>
<directoryBrowse enabled="false" />
</system.webServer>
</configuration>

Web.Config redirect to maintenance page?

From https://gist.github.com/stevensk/c8108311b82ba1591cb1be018bbe0119, I have added the code below to our web.config for "site maintenance page redirect".
For an IP that isn't mine (mine is 3rd item down in IP list), the user is directed to the site maintenance page, but it hasn't been displaying the background image, specified fonts, or other CSS file styles.
The Firefox inspector shows the following message in red:
The resource from
“https://www.example.com/pages/maintenance/message/default.htm”
was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
How can I get the maintenance page to have the correct fonts, images and other styles applied?
<rewrite>
<!-- Maintenance rewrite map
- Add allowed IP addresses to grant access during maintenance period
- To activate, uncomment Maintenance Redirect rule
- And replace last key with current IP found at /pages/test/remote-name/
-->
<rewriteMaps>
<rewriteMap name="MaintenanceIpAddressWhitelist" defaultValue="">
<add key="192.168.0.1" value="1" />
<add key="127.0.0.1" value="1" />
<add key="198.43.70.125" value="1"/>
</rewriteMap>
</rewriteMaps>
<rules>
<rule name="HTTP/S to HTTPS Redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{SERVER_PORT_SECURE}" pattern="^0$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
<rule name="ensurewww" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{CACHE_URL}" pattern="^(.+)://(?!www)(.*)" />
</conditions>
<action type="Redirect" url="{C:1}://www.{C:2}" redirectType="Permanent" />
</rule>
<!-- Maintenance Rule -->
<rule name="Maintenance Redirect">
<match url=".*" />
<conditions logicalGrouping="MatchAll">
<add input="{MaintenanceIpAddressWhitelist:{REMOTE_ADDR}}" matchType="Pattern" pattern="1" negate="true" />
<add input="{REQUEST_URI}" pattern="^/pages/maintenance/message/default.htm$" negate="true" />
</conditions>
<action type="Redirect" url="/pages/maintenance/message/default.htm" appendQueryString="false" redirectType="Temporary"/>
</rule>
</rules>
</rewrite>
I ended up embedding images, css, svg and font files as base64 into the default.htm page.

Angular universal web config file with ssl and www redirecting

I have a little problem with the web.config file of my angular universal project. My web.config file is like this;
<configuration>
<system.webServer>
<!-- indicates that the server.js file is a node.js application
to be handled by the iisnode module -->
<handlers>
<add name="iisnode" path="main.js" verb="*" modules="iisnode" />
</handlers>
<rewrite>
<rules>
<rule name="sendToNode">
<match url="/*" />
<action type="Rewrite" url="main.js" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
We are trying to add a www redirecting when there is no www written into link and a https redirecting when there is no https written in the url. But we couldnt manage to do this.
Should I need to do something from the Angular for this?
How can we add those two redirectings into our angular universal web config?
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<httpRuntime enableVersionHeader="false" />
</system.web>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Strict-Transport-Security" value="max-age=31536000"/>
<add name="X-Content-Type-Options" value="nosniff" />
<add name="X-Frame-Options" value="DENY" />
<add name="X-XSS-Protection" value="1; mode=block" />
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
<webSocket enabled="false" />
<handlers>
<!-- Indicates that the main.js file is a node.js site to be handled by the iisnode module -->
<add name="iisnode" path="main.js" verb="*" modules="iisnode"/>
</handlers>
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent"/>
</rule>
<!-- Do not interfere with requests for node-inspector debugging -->
<rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^main.js\/debug[\/]?" />
</rule>
<!-- All other URLs are mapped to the node.js site entry point -->
<rule name="DynamicContent">
<match url="^(?!.*login).*$"></match>
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true"/>
</conditions>
<action type="Rewrite" url="main.js"/>
</rule>
</rules>
<outboundRules>
<rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
<match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
<conditions>
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
</conditions>
<action type="Rewrite" value="max-age=31536000" />
</rule>
</outboundRules>
</rewrite>
<!-- 'bin' directory has no special meaning in node.js and apps can be placed in it -->
<security>
<requestFiltering>
<hiddenSegments>
<remove segment="bin"/>
</hiddenSegments>
</requestFiltering>
</security>
<!-- Make sure error responses are left untouched -->
<httpErrors existingResponse="PassThrough" />
<!-- Restart the server if any of these files change -->
<iisnode watchedFiles="web.config;*.js;browser/*.*" />
</system.webServer>
</configuration>

How to Remove X-Powered-By header using web config

Hello i'm trying to remove X-Powered-By header by using my web.config.
This is my web.config file so far,
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Rule" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
<add input="{URL}" pattern="^/favicon.ico$" ignoreCase="false" negate="true" />
</conditions>
<action type="Rewrite" url="index.php/{R:1}" appendQueryString="true" />
</rule>
</rules>
</rewrite>
<httpProtocol>
<customHeaders>
<clear />
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
But once I check, it still showing me the x-powered-by....
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By"/>
</customHeaders>
</httpProtocol>
See here for different options: https://blog.insiderattack.net/configuring-secure-iis-response-headers-in-asp-net-mvc-b38369030728
Try putting this at the top your index.php file:
header_remove("X-Powered-By");
http://php.net/manual/en/function.header-remove.php