I'm implementing some url rewriting using UrlRewriter.
So going to http://domainname/11
will go to ~/Items/Details.aspx?Itemid=11
<rewriter>
<rewrite url="~/1" to="~/Items/Details.aspx?ItemId=1" />
<rewrite url="~/2" to="~/Items/Details.aspx?ItemId=2" />
<rewrite url="~/3" to="~/Items/Details.aspx?ItemId=3" />
<rewrite url="~/11" to="~/Items/Details.aspx?ItemId=11" />
</rewriter>
The problem here is 11 always redirects to 1. Same as 400 redirects to 4. I'm guessings it's not doing an exact match, only some sort of "Contains".
How do I get this to do exact matching?
I was using this for regex to not hard code everything but that didnt work eitehr:
<rewriter>
<rewrite url="~/(\d)" to="~/Items/Details.aspx?ItemId=$1" />
</rewriter>
thanks guys!
You should specify end of the URL and use a quantifier for your \d expression to allow more than one digit:
<rewriter>
<rewrite url="~/(\d+)$" to="~/Items/Details.aspx?ItemId=$1" />
</rewriter>
<rewrite url="~/(\d+)" to="~/Items/Details.aspx?ItemId=$1" />
-------------------^
Related
I am trying to implement Content-Security-Policy with the NWebSec NuGet package
The basic configuration level is working at this moment but trying to add nonce for each script and style in the project.
How to add a nonce to the below tags for inline?
#Styles.Render("~/Content/css/file")
For BundleConfig,
bundles.Add(new ScriptBundle("~/Content/Scripts").Include(
"~/Content/Scripts/General.js"
));
I tried with a new class and it's working but with the NWebSec package I going nowhere.
Below is their solution with #Html.CspScriptNonce() directives and this is working.
<script #Html.CspScriptNonce()>document.write("Hello world")</script>
<style #Html.CspStyleNonce()>
h1 {
font-size: 10em;
}
</style>
The solution I tried was to use #Styles.RenderFormat in the following way:
#Styles.RenderFormat("<link href=\"{0}\" rel=\"stylesheet\" " + #Html.CspStyleNonce() +"/>","~/Content/css/file")
When using NWebSec with ASP.Net MCV Bundles, you can not apply a Nonce, but luckily you don't need to.
There might be something you need to change in your web.config though. In the nwebsec > httpHeaderSecurityModule > securityHttpHeaders > content-Security-Policy section, make sure that self="true" for both style-src and script-src. self="true" is the default, though, so if you don't need those elements for any other declarations, you can omit them.
Here's the nwebsec section in my web.config. I'm using both style and script bundles, and have no third-party scripts.
<nwebsec>
<httpHeaderSecurityModule xmlns="http://nwebsec.com/HttpHeaderSecurityModuleConfig.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="NWebsecConfig/HttpHeaderSecurityModuleConfig.xsd">
<securityHttpHeaders>
<content-Security-Policy enabled="true">
<default-src self="true" />
<font-src self="true">
<add source="https://fonts.gstatic.com" />
</font-src>
<object-src none="true" />
<style-src self="true">
<add source="https://fonts.googleapis.com" />
</style-src>
<base-uri none="true" />
</content-Security-Policy>
</securityHttpHeaders>
</httpHeaderSecurityModule>
</nwebsec>
when browse my site from local iis then address looks in browser address bar as http://localhost:8800/gb/default.aspx
i tried to extract country code from browser address bar and injected in all hyperlink's href with IIS rewrite outbound rule.
this is my outbound rule i used in my web.config file.
<outboundRules>
<rule name="add outbound rule" preCondition="Ishtml" enabled="true" stopProcessing="true">
<match filterByTags="A" pattern="(\/[a-z]+\/)(.*)" negate="true" />
<action type="Rewrite" value="{R:1}{R:2}" />
</rule>
<preConditions>
<preCondition name="Ishtml">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="text/html" />
</preCondition>
</preConditions>
</outboundRules>
when i pattern test from iis rewrite module window then output looks like below one. here is screen shot.
so during test i saw {R:1} is /gb/ and {R:2} is default.aspx. so when this rule execute it change all hyperlink href in default.aspx page and all hyperlink href becomes now http://localhost:8800/gb/default.aspx
basically i need to inject country code from browser address bar url in all hyperlink href of current page.
i think i am bit closer to what i am trying to achieve but now i need little help to sort this issue. i guess this area need to be change bit <action type="Rewrite" value="{R:1}{R:2}" />
so please some help and drive me to right direction.
Your rewrite action will not work as you back reference to parts of the match of the rule with {R:1} and {R:2} but this will never match as you negated it with negate="true". I.e. if it doesn't match that regular expression the {R:1} and {R:2} will (most likely) also not be available.
What you have to do is add an extra condition that matches on the query string with the same regular expression. This condition will make sure that the current URL will match that regular expression and then you can back reference parts of that with {C:1} and {C:2}, etc... (with the letter C instead of R). The trick is to use a combination of {C:1} and {R:0}. {C:1} will give you the language code from the current URL and {R:0} will give you the original URL from the <a href>.
So you will end up with:
<outboundRules>
<rule name="add outbound rule" preCondition="Ishtml" enabled="true" stopProcessing="true">
<match filterByTags="A" pattern="^\/(?![a-z]{2}\/).*" />
<action type="Rewrite" value="{C:1}{R:0}" />
<conditions>
<add input="{HTTP_X_ORIGINAL_URL}" pattern="^(\/[a-z]{2})\/(.*)" />
</conditions>
</rule>
<preConditions>
<preCondition name="Ishtml">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="text/html" />
</preCondition>
</preConditions>
</outboundRules>
On a side note, your regular expression for the A tag is very weak. It will match /gb/default.aspx but it will also match /foo/bar/default.aspx or /foo/bar/gb/default.aspx and thus not rewrite these links. I've replaced it with a more strict version only matching /<two letters>/<anything>.
Note that I took the \/ after the match for the first two letters out of the first group in the condition as we don't need that slash in the back reference {C:1} as it's already in {R:0}.
EDIT: I made the assumption that {R:0} would still be available as a back reference even if the regular expression would not match. This does not seem to be the case. So I took out the negate="true" and fixed the regular expression to match any URL except those starting with /<two-letters/ (to prevent rewriting already correct URL's).
Another error was to match on {REQUEST_URI} assuming this was the original URL as seen in the browser with the language code in it. But most obviously it's not as you probably (inbound) rewrite that URL and take out the language code. So I replaced that with {HTTP_X_ORIGINAL_URL}. This is a variable set by the URL Rewrite module and preserves the original URL.
Lastly the <add ..> in the <condition>...</condition> was missing a closing /. I hope this now works for you.
I have an ASP.NET page with URL Rewrite and when I post a message to the page, it reveals the ID. So for example, I have a page
http://www.example.com/info/earth
When I post a comment to the page, the address bar becomes
http://www.example.com/info/earth?info=earth
How do I prevent the ?info=earth from appearing in the address bar after a post submission has occurred.
My form without LT & GT is :-
form runat="server" method="post" id="fForm"
The form is on an ASP.NET control and not on the main form because I use the control on other pages rather than just the one page. My IIS Rewrite rule is :-
(rule name="Rewrite for info" stopProcessing="true")
(match url="info/(.+)" /)
(conditions logicalGrouping="MatchAll")
(add input="{URL}" negate="true" pattern="\.axd$" /)
(/conditions)
(action type="Rewrite" url="info.aspx?info={R:1}" /)
(/rule)
Your help is appreciated.
Just set appendQueryString to false
<action type="Rewrite" url="info.aspx?info={R:1}" appendQueryString="false" />
I am using IIS7 and urlMappings to map some urls to actual pages.
Example:
<urlMappings>
<!-- Remap friendly urls to actual pages: -->
<add url="~/help/" mappedUrl="~/content/help/help.aspx" />
<add url="~/news/" mappedUrl="~/content/news/default.aspx" />
</urlMappings>
This works great if the url has a trailing '/' , example:
http://www.mysite.com/news/
But I get page not found error if I do this:
http://www.mysite.com/news
I could add an extra entry without the trailing '/' so that both map to the same page, but I don't want to do this for SEO (would think it is duplicate content).
Is it possible to get the urlMappings to redirect?
For example, something like this:
<add url="~/help" redirect="~/help/" />
If not, what would be the best way of doing this?
Do you think google would really penalize
http://www.mysite.com/news/
http://www.mysite.com/news
as duplicate?
Here is my work around:
I add both entries, with and without trailing '/', to the urlMappings in web.config
<urlMappings>
<!-- Remap friendly urls to actual pages: -->
<add url="~/help/" mappedUrl="~/content/help/help.aspx" />
<add url="~/help" mappedUrl="~/content/help/help.aspx" />
</urlMappings>
Then in the page itself add the following code on page_load:
Dim mappedUrl as string = "/help"
If Request.RawUrl.EndsWith(mappedUrl) Then
Response.RedirectPermanent(String.Format("~{0}/", mappedUrl))
End If
This will permanently redirect and calls to the mapped page without a trailing '/' to the same page with a trailing '/'
Ok we have the following re-written URL using UrlRewriter.net
/category/games/21
using the following expression.
<rewrite url="~/Category/(.+)/(.+)" to="~/category.aspx?CatId=$2" />
however google can attach the following,
/category/games/21?gclid=clickIdHere
this would need to be re-written to,
/category.aspc?CatId=21&gclid=clickIdHere
Can anyone help suggest an expression that will work with the above?
I suppose somthing like...
<rewrite url="~/Category/(.+)/(.+)?gclid=(.+)" to="~/category.aspx?
CatId=$2&gclid=$3" />
should be like
<add name="category" virtualUrl="^~/Category.aspx/(.*)/(.*)" destinationUrl="~/Category.aspx?CatID=$1&gclid=$2" ignoreCase="true" rewriteUrlParameter="ExcludeFromClientQueryString" />