I currently started to work on an web app, in ASP.NET MVC, hosted in azure as an web app. I created a deployment slot (staging, not a production slot) and i would like to know what should i do to block access on that slot from all IP addresses, excepting white listed ones.
I tried from web config by adding this part of code there.
<rules>
<rule name="Block unauthorized traffic to staging sites" stopProcessing="true">
<match url=".*" />
<conditions>
<!-- Enter your staging site host name here as the pattern-->
<add input="{HTTP_HOST}" pattern="^mysite\-staging\." />
<!-- Enter your white listed IP addresses -->
<add input="{REMOTE_ADDR}" pattern="123\.123\.123\.1" negate="true"/>
<!-- Add the white listed IP addresses with a new condition as seen below -->
<!-- <add input="{REMOTE_ADDR}" pattern="192\.255\.42\.2" negate="true"/> -->
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden"
statusDescription="Site is not accessible" />
</rule>
</rules>
But on deployment it returns this error from the server:
Module IIS Web Core
Notification Unknown
Handler Not yet determined
Error Code 0x80070032
Config Error The configuration section 'rules' cannot be read because it is missing a section declaration
IIS Version 10.0.
Do you know how should i do to restrict access as mentioned above (maybe something similar that you tried and worked)
Thanks!
Not sure if it was a typo when you pasted the config into your questions, but you are not closing <rules> correctly. Change the final <rules> to </rules>
Related
We are trying to integrate OHIF with Orthanc Server. and We are using MVC application to integrate.
When have installed IIS, Orthanc Server on a EC2 machine.
We have configured IIS rewrite, where we will rewrite of the response of the orthanc server.
This was working fine until few weeks back, Now all of sudden the rewrite is not working for few URL. No code changes done.
Please help us on this.
https://book.orthanc-server.com/faq/iis.html
<rules>
<clear />
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="^orthancserver/(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="http://127.0.0.1:8042/{R:1}" />
</rule>
</rules>
All URL Redirect working. And already installed Rewrite Module and I have enabled the proxy too.
We had a security review that revealed that the cookies in our ASP.NET MVC application were not being set as secure, despite having the following setting in web.config:
<httpCookies requireSSL="true" httpOnlyCookies="true" />
The website is not using forms authentication so no need for <forms requireSSL="true"> setting.
The website is hosted on an AWS app server and is accessed via an ELB. Internally on the app server the website is HTTP but externally it is HTTPS.
I've tried to implement a solution found here:
http://www.jamescrowley.co.uk/2014/03/07/ssl-termination-and-secure-cookiesrequiressl-with-asp-net-forms-authentication/
Added the following rewrite rules to this to web.config:
<rewrite>
<rules>
<rule name="HTTPS_AlwaysOn" patternSyntax="Wildcard">
<match url="*" />
<serverVariables>
<set name="HTTPS" value="on" />
</serverVariables>
<action type="None" />
<conditions>
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" />
</conditions>
</rule>
</rules>
</rewrite>
And added HTTPS variable to the applicationHost.config to contain:
<rewrite>
<allowedServerVariables>
<add name="HTTPS" />
</allowedServerVariables>
</rewrite>
Unfortunately this causes the ELB to fail. When speaking to our internal AWS support team they say this is because the ELB health check is failing. There is a health.html page in the root of the website. Is there a way of applying a condition to the above so that it ignores this for the health.html page which the ELB uses? I'm new to rewrite rules so not fully versed in the syntax and the way they work.
I can't test this yet, but in theory I think you would just need to change your conditions:
<conditions logicalGrouping="MatchAll" >
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" />
<add input="{REQUEST_URI}" negate="true" pattern="^/health.html$" ignoreCase="true" />
</conditions>
When I added the following https redirect rule to my web.config in my local VS test environment, and then built the app for debug, it gave a 403 on the start page. (The rule itself worked fine in brief standalone test web.config up on Azure.)
After I commented the rule out of the local web.config, I still got the 403. I restored the previous web.config and still got the 403. I then changed the start page, and was able to enter the app, and navigate to the original start page. Then I tried to put the rule back in, and test it all over again, and I started getting config string errors. Finally I restored the entire site from backup, ran it around the whole cycle, and it seems to work.
What might have happened? Did the rule apply to local IIS, and confuse it? And so, should I not add the rule until I deploy the site?
<system.webServer>
<rewrite>
<rules>
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
<directoryBrowse enabled="false" />
I have two sites running on a Server 2012 R2 web server:
firstSite, port 80
secondSite, port 1234
Right now, users have to type in the host name, port number, and sub folder in order to view the 'Second Site' http://webServer:1234/subFolder.
I'm trying to simplify the URL so that all users can just type in the URL site.myDomain.com and have it (permanently) redirected to site.mydomain.com:1234/subFolder.
I've tried applying the following rule on my secondSite:
<rewrite>
<rules>
<rule name="Redirect" stopProcessing="true">
<match url=".*" />
<action type="Redirect" url="http://site.mydomain.com:1234/subFolder" />
</rule>
</rules>
</rewrite>
But doesn't seem to do anything.
A CNAME record has already been configured in DNS for site.myDomain.com to resolve to http://webServer.
I just need help with getting the redirection to 'secondSite' at port 1234.
I assume the first site is hosted on IIS and the rule is running within the context of the first site. If so, it should work...to validate your setup, I'd start with this article and the augment with your use case:
http://www.iis.net/learn/extensions/url-rewrite-module/creating-rewrite-rules-for-the-url-rewrite-module
<configuration>
<system.webServer>
<httpRedirect enabled="true" exactDestination="true" httpResponseStatus="Found">
<add wildcard="/some/folder/path/" destination="/new/folder/" />
</httpRedirect>
</system.webServer>
</configuration>
On Server2008 systems, ARR/URL rewrite installed. Incoming traffic to ARR server ('pirate.mydomain.com'), that server in DMZ. Internal IIS servers (Server 2008/URL rewrite), single IIS site ('static.mydomain.com') containing dept sub-sites (static.mydomain.com/deptone, static.mydomain.com/depttwo, etc).
At server level on ARR server, ARR server proxy settings: 'enable proxy' enabled, 'useurl rewrite to inspect incoming requests' enabled, 'reverse proxy' set to 'pirate.mydomain.com'.
Intent is to have deptone.mydomain.com rewritten (not redirected) to static.mydomain.com/deptone .... and depttwo.mydomain.com rewritten to static.mydomain.com/depttwo .
URL should not change in the visitors' browser.
At IIS site level for 'pirate.mydomain.com', URL rewrite rule as follows:
<rule name="deptone redirect" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^(www.)?pirate.mydomain.com/(deptone)(.*)" />
</conditions>
<action type="Rewrite" url="http://static.mydomain.com/deptone{C:3}" appendQueryString="false" />
</rule>
THis is not working; I am getting 400.0 error ('max forwards limit').
Need guidance for URL rewrite rule for this process. Have been to the IIS forums/help, but still cannot get this working.
Thanks.