I'm trying to disable the "Vary" header via web.config and I've tried the following with no success:
Setting #1
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="Vary" />
</customHeaders>
</httpProtocol>
</system.webServer>
Setting #2
<rewrite>
<outboundRules rewriteBeforeCache="true">
<rule name="Remove Vary Header">
<match serverVariable="RESPONSE_Vary" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
</outboundRules>
</rewrite>
Neither setting works, I'm curious as to what I am doing wrong?
I figured out the answer to this question. IIS overwrites the "Vary" header if compression is enabled, so implementing the following into your web.config will prevent IIS from overwriting your rewrite rules:
<system.webServer>
<urlCompression doStaticCompression="false" doDynamicCompression="false"/>
</system.webServer>
The only problem that you will run into will be trying to disable compression if it is already being used in the web.config. If devs are using compression, you will need to work with them to remove it.
Related
I want to hide my Web Server and Operating System from Wappalyzer
I removed x-power-by but nothing happens
If you want to hide your technology like asp.net, please just remove response header X-POWERED-By
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
If you want to hide your web server, please download URL rewrite extension and set outbound rule like this:
<outboundRules>
<rule name="response" enabled="true">
<match serverVariable="RESPONSE_SERVER" pattern="(.*)" />
<action type="Rewrite" />
</rule>
</outboundRules>
Remember that Wappalyzer will cache the information. So when you finish setting these configurations, please remember to clean browser cache.
I do it like that in the web.config file:
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By"/>
<add name="X-Powered-By" value="Write what you want to show here"/>
</customHeaders>
</httpProtocol>
When I try to use this configuration in my web.config file:
<httpRedirect enabled="true" destination="https://www.domain.co.uk/"
httpResponseStatus="Permanent" />
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
<rewrite>
<outboundRules>
<rule name="Remove RESPONSE_Server">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
</outboundRules>
</rewrite>
I got this error when browsing the web app:
HTTP Error 500.19 - Internal Server Error The requested page cannot be
accessed because the related configuration data for the page is
invalid.
How do I fix this?
I'd like to set a request header (HTTP_HOST to be precise) from Web.config, using the IIS URL Rewrite module, on Azure Websites. Basically I'd like to have something like this in my site's Web.config:
<system.webServer>
<rules>
<clear />
<rule name="My rule" enabled="true">
<match url=".*" />
<serverVariables>
<set name="HTTP_HOST" value="my value" />
</serverVariables>
<action type="None" />
</rule>
This results in an error that HTTP_HOST is not allowed to be set. This is normal and with standard IIS the next step would be to add HTTP_HOST to the <allowedServerVariables> element to applicationhost.config directly or through AppCmd. However I couldn't find any hints on being able to access this config somehow.
Is it possible to somehow modify the apphost config, or add allowed server variables somehow else?
It is possible to alter Azure's ApplicationHost.config by applying xdt transformations.
Upload the file to the /site and restart your site for the changes to to take effect:
ApplicationHost.xdt
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<rewrite>
<allowedServerVariables>
<add name="HTTP_HOST" xdt:Transform="Insert" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>
See also:
https://github.com/projectkudu/kudu/wiki/Xdt-transform-samples
http://azure.microsoft.com/nl-nl/documentation/articles/web-sites-transform-extend/
Expanding on Joris' answer, you should use xdt:Transform="InsertIfMissing" and xdt:Locator="Match(name)" otherwise it won't work the way you expect it to (here's an example of it not working as-expected, and another example).
So your applicationHost.xdt should look like this:
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<rewrite>
<allowedServerVariables>
<add name="HTTP_HOST" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>
I have some IIS rewrite rules that I want to vary by environment. The development rewrite rules are in the web.config file, then at the end of the web.test.config file I have:
<appSettings>
...Some app settings tranforms here
</appSettings>
<system.webserver>
<rewrite xdt:Transform="Replace">
<rules>
... rules here
</rules>
</rewrite>
</system.webserver>
</configuration>
My app settings are getting transformed when I deploy to test, but by IIS rewrite rules are not. I was hoping the entire <rewrite> section would simply be replaced with the one in the transform file (as per http://msdn.microsoft.com/en-us/library/dd465326.aspx), but nothing is changing.
I have tried putting xdt:Transform="Replace" xdt:Locator="Match(name)"> on the individual rules too:
<rule name="Test rule" stopProcessing="true" xdt:Transform="Replace" xdt:Locator="Match(name)">
But again this makes no difference.
Is it even possible to replace rewrite rules in the web.config and if so, what am I missing?
As I didn't have any rewrite rules in my main web.config, the Replace transform didn't work. I successfully used the Insert transform, as below:
<system.webServer>
<rewrite xdt:Transform="Insert">
<rules>
<rule name="CanonicalHostNameRule1">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\.mysite\.com$" negate="true" />
</conditions>
<action type="Redirect" url="http://www.mysite.com/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
There is a lot of answers here with examples which is a good thing, but I think few details are missing. I have wrote about this in my website, the key point here is to add xdt:Transform="Insert" in the root tag hierarchy you want to be added for the respective environment.
By default you have your Web.config file, but you have also Web.Debug.config and Web.Release.config as seen in the image below:
Lets say you want to added a redirection from http to https in your release of the application. Then edit Web.Release.config and add following lines:
<?xml version="1.0"?>
.....
<system.webServer>
<rewrite xdt:Transform="Insert">
<rules>
......
</rules>
</rewrite>
</system.webServer>
</configuration>
So next time you publish your project the tag with rewrite and its sub-content will be added to web.config file.
To see that before you publish, right click on Web.Release.config and click Preview Transform.
You will see the difference between initial version and release version.
Reference:
HTTP to HTTPS Redirect - IIS 8.5 not working properly
Microsoft Web.Config file transformations
Disclaimer: the link of this guideline refer to my personal web site.
The rewrite section worked weirdly to me at first when creating the release configs, errors and sections not showing at all. This is how i solved it.
Microsoft (R) Build Engine version 12.0.31101.0
Microsoft .NET Framework, version 4.0.30319.0
Edit After messing about with this i realized that having the rewrite tag on a server that does not have the rewrite plugin make the webserver return an error. I want different configurations on server and local development machine so the fix is:
The un-transformed web.config only needs a <system.webServer> tag and in the web.config.release for a basic canonical host name rule
<configuration>
<system.webServer>
<rewrite xdt:Transform="Insert">
<rules>
<rule name="CanonicalHostNameRule" xdt:Transform="Insert">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\.host\.com$" negate="true" />
</conditions>
<action type="Redirect" url="http://www.host.com/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
The action didn't need a name at all but the rewrite tag needs the xdt:Transform="Insert"
Obviously if you want it on your local machine as well, it would need an update instead.
It is possible to transform the rewrite section of system.webServer. I was initially having the same problem and realized that I had inadvertently placed the rewrite node incorrectly under system.web. While this does not look like your problem based on the limited snippet that you provided, I would still suspect that your issue is related to node placement in the transform file.
Here is what my Web.Debug.config looks like (and this version is writing the correct Web.config on a debug build):
<?xml version="1.0"?>
<!-- For more information on using web.config transformation visit http://go.microsoft.com/fwlink/?LinkId=125889 -->
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<!--
In the example below, the "SetAttributes" transform will change the value of
"connectionString" to use "ReleaseSQLServer" only when the "Match" locator
finds an atrribute "name" that has a value of "MyDB".
<connectionStrings>
<add name="MyDB"
connectionString="Data Source=ReleaseSQLServer;Initial Catalog=MyReleaseDB;Integrated Security=True"
xdt:Transform="SetAttributes" xdt:Locator="Match(name)"/>
</connectionStrings>
-->
<system.web>
<!--
In the example below, the "Replace" transform will replace the entire
<customErrors> section of your web.config file.
Note that because there is only one customErrors section under the
<system.web> node, there is no need to use the "xdt:Locator" attribute.
<customErrors defaultRedirect="GenericError.htm"
mode="RemoteOnly" xdt:Transform="Replace">
<error statusCode="500" redirect="InternalError.htm"/>
</customErrors>
-->
</system.web>
<system.webServer>
<rewrite xdt:Transform="Replace">
<rules>
<clear/>
<rule name="Canonical Hostname">
<!-- Note that I have stripped out the actual content of my rules for the purposes of posting here... -->
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
A trick I use is give the action a name
then in my transform just add xdt:Transform="SetAttributes" xdt:Locator="Match(name)" like the following
<system.webServer>
<rewrite>
<rules>
<rule name="RedirecttoWWW" enabled="true" >
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" negate="true" pattern="^www\.([.a-zA-Z0-9]+)$" />
</conditions>
<action name="AddWWW" type="Redirect" url="http://www.{HTTP_HOST}/{R:0}" appendQueryString="true" redirectType="Permanent" xdt:Transform="SetAttributes" xdt:Locator="Match(name)" />
</rule>
</rules>
</rewrite>
The above example is to add www to all requests
-------UPDATE-----
just an update adding name to the action will not work as wanted so I updated the code as the following
<system.webServer>
<rule name="RedirecttoWWW" enabled="true" xdt:Transform="RemoveAll" xdt:Locator="Match(name)" >
</rule>
<rule name="RedirecttoWWW" enabled="true" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" >
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" negate="true" pattern="^www\.([.a-zA-Z0-9]+)$" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{R:0}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
We're running into the nasty sporadic IE6 bug where gzip compression enabled on js and css files makes things go bad (see Can i gzip-compress all my html content(pages) for example).
Therefore, what seems to be the best way to deal with this would be to use the URL Rewrite Module in IIS7/7.5 to check for requests from < IE6 and serve them uncompressed as per http://sebduggan.com/posts/ie6-gzip-bug-solved-using-isapi-rewrite.
I want to use the IIS7 Url Rewrite Module
Only the IIS7 Url Rewrite Module 2.0 RC supports rewriting headers
But the following results in a 500 error for the affected resources:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="IE56 Do not gzip js and css" stopProcessing="true">
<match url="\.(css|js)" />
<conditions>
<add input="{HTTP_USER_AGENT}" pattern="MSIE\ [56]" />
</conditions>
<action type="None" />
<serverVariables>
<set name="Accept-Encoding" value=".*" /> <!-- This is the problem line -->
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
What to put in the Server Variable for Accept-Encoding? I've verified that this is the problem line (as everything else has been isolated and operates as required). I've tried everything I can think of and I'm beginning to think that there just isn't support for setting the Accept-Encoding header.
I've tried:
<set name="HTTP_ACCEPT_ENCODING" value=" " />
<set name="HTTP_ACCEPT_ENCODING" value=".*" />
<set name="HTTP_ACCEPT_ENCODING" value="0" />
Specifically, it results in a "HTTP/1.1 500 URL Rewrite Module Error."
Well, it turns out that for security reasons you need to explicitly allow whatever server variables you wish to modify in the applicationHost.config (see http://learn.iis.net/page.aspx/665/url-rewrite-module-20-configuration-reference#Allowed_Server_Variables_List).
Therefore, the following does the trick in the Web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="IE56 Do not gzip js and css" stopProcessing="false">
<match url="\.(css|js)" />
<conditions>
<add input="{HTTP_USER_AGENT}" pattern="MSIE\ [56]" />
</conditions>
<action type="None" />
<serverVariables>
<set name="HTTP_ACCEPT_ENCODING" value="0" />
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
As long as the applicationHost.config has:
<location path="www.site.com">
<system.webServer>
<rewrite>
<allowedServerVariables>
<add name="HTTP_ACCEPT_ENCODING" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</location>
See http://www.andornot.com/about/developerblog/2009/11/ie6-gzip-bug-solved-using-iis7s-url.aspx for a blog post detailing everything.
EDIT: Added official documentation link.
EDIT: Added link to blog post summarizing.