Only allow script access to a file iis7.5 - windows

I have a file (called 'log.html') on my iis7.5 server that I would like my PHP installation to be able to access and write to, but I do not want anybody to access the file directly, for example typing in 'http://computername/log.html' (I am on a LAN).
How can I prevent users from accessing it but allow php to see it?
When using the web.config file suggested below, I get this error:

You can use IIS URL Rewrite and create a Request Blocking Rule to prevent access over HTTP:
For example:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="BlockLogFile"
patternSyntax="Wildcard"
stopProcessing="true">
<match url="*" />
<conditions>
<add input="{URL}" pattern="/log.html" />
</conditions>
<action type="CustomResponse"
statusCode="403"
statusReason="Forbidden: Access is denied."
statusDescription="This is sekret!" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

I think that I may have answered my own question! I still need to test it a bit more, and perhaps if it does not work completely then someone could correct me:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="cache-control" value="no-store, no-cache, must-revalidate, max-age=0" />
</customHeaders>
</httpProtocol>
<staticContent>
<clientCache cacheControlMode="DisableCache" />
</staticContent>
<security>
<requestFiltering>
<denyUrlSequences>
<add sequence="log.html" />
</denyUrlSequences>
</requestFiltering>
</security>
</system.webServer>
</configuration>
The cache control bit prevents the browser from caching anything that it returned.
Hope this helps somebody else! I am still very new to this, so you might be able to get around this.

Related

How to add no-cache header for IIS when request is localhost/site root

I have a website hosted in IIS 10
The .js and .css files are versioned using this pattern ?v=a.b.c (where a.b.c is changed with a new number every time is required) in order to invalidate the cache browser.
This is how the site starts :
user enters www.sitename.com (or "localhost" in my case)
the index.html file is loaded . This files loads a main.js?v=a.b.c file that loads/configures "require.js" . Every other file from this point forward is handled by require (also management of the versioning for the html/css/js)
The problem that I am facing is the following :
How to invalidate the cache browser for index.html ?
I tried to send a no-cache header for the index.html with the following web.config file in IIS that works if I write localhost/index.html in the browser URL...but it does not work if I write only localhost (in this case the old index.html from the cache is loaded)
<configuration>
<system.web>
<urlMappings enabled="true">
<add url="~/" mappedUrl="~/index.html" />
</urlMappings>
</system.web>
<location path="index.html">
<system.webServer>
<staticContent>
<clientCache cacheControlMode="DisableCache" />
</staticContent>
</system.webServer>
</location>
</configuration>
Can I receive some help ?
you can set the no-cache header by using iis URL rewrite rule:
<system.webServer>
<rewrite>
<outboundRules>
<rule name="RewriteCache-Control" preCondition="old url with 301" stopProcessing="true">
<match serverVariable="RESPONSE_Cache-Control" pattern="(.*)" />
<conditions>
</conditions>
<action type="Rewrite" value="no-cache" />
</rule>
<preConditions>
<preCondition name="old url with 301">
<add input="{URL}" pattern="index.html|^$" />
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>>
</preConditions>
</outboundRules>
</rewrite>
<tracing>
<traceFailedRequests>
<add path="*">
<traceAreas>
<add provider="WWW Server" areas="Rewrite" verbosity="Verbose" />
</traceAreas>
<failureDefinitions statusCodes="100-900" />
</add>
</traceFailedRequests>
</tracing>
</system.webServer>
another way:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<location path="index.html">
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Cache-Control" value="no-cache" />
</customHeaders>
</httpProtocol>
</system.webServer>
</location>
</configuration>

Codeigniter 3 Mod_rewrite Plesk

so I uploaded my website in GoDaddy and I used a Windows Hosting (Plesk). My only problem is that since it isn't running Apache as far as I know, it won't read my .htaccess file, which has all of my mod_rewrite code to remove the index.php in the URL. So my question is how do I implement a mod_rewrite in Plesk?
You can rewrite .htaccess file to IIS's web.config and place it inside /httpdocs folder.
You can do it by guides like this or this online converter or if you have Windows Server you can convert .htaccess by this guide (or you can share your .htaccess and i'll try to convert it for you)
I've found this snippet maybe it can help you:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Index">
<match url="^(.*)$" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="index.php/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

URL rewrite - odd url is produced

My first attempt at doing an URL rewrite.
Usual scenario. Domain name seperate from host.
So I've changed the name servers and domain points to holding page at host so that's ok.
And purchased a domain pointer from the host to allow for a domain to be pointed at a sub folder.
Added the following code to web config file in root folder:
<?xml version="1.0"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="xyz.uk" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^(www.)?xyz.uk" />
</conditions>
<action type="Redirect" url="\xyz\ {R:0}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
I get "The page isn't redirecting properly" and my url reads as "http://www.xyz.uk/%5Cxyz%5Cxyz/xyz/xyz/xyz/xyz/xyz/xyz/xyz/xyz/xyz/xyz/xyz/xyz/xyz/xyz/xyz/xyz/xyz/xyz/"
Googled this and all the examples I've seen are the same as the one I'm using.
Where am I going wrong?
Thanks in advance.
The actual code that works is below.
TIP.............I was helped on another forum and even though I made the changes, the page still wouldn't redirect.
PROBLEM WAS..........the browser cache was remembering the old redirect url!!
CLEAR DOWN your browser cache and any changes can then be seen immediately. Happened in Chrome and Firefox.
Correct code:
<?xml version="1.0"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="xyz.uk" stopProcessing="true">
<match url=".*" ignoreCase="true" />
<conditions>
<add input="{HTTP_HOST}" pattern="^(www.)?xyz.uk" />
<add input="{PATH_INFO}" pattern="^/xyz/" negate="true" />
</conditions>
<action type="Redirect" url="xyz/{R:0}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

web.config transform not working when publishing

I have a solution with multiple projects, the transforms work in other projects but not this one. What could be the reason?
The project is an MVC 4 application
The configuration manager for the solution shows that when the solution configuration is LIVE then it should use the LIVE configuration for the project.
There is a Web.config, Web.Live.config, Web.Stage.config
In the Web.Live.config I have this code:
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.web>
<compilation debug="false" xdt:Transform="SetAttributes"></compilation>
</system.web>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
I publish it to my web server, ensuring the configuration is set to Live.
The web config on the server does not contain the transformations.
Any ideas?
I've solved this, it seems in this situation I had to add xdt:Transform="Insert" to the <rewrite> tag.
I don't know why I need that considering the default template for a transformed config file contains markup that inserts code without such an attribute that works ok...

How do you use [RequireHttps] in a Rackspace Cloud Site

I am trying to use [RequireHttps] in Rackspace Cloud Site, but I am just getting a redirect loop message when I hit any actions that use the attribute. I have talk to support, but they are not much help. Has anyone got [RequireHttps] working in a MVC 3 site on rackspace cloud sites?
I was having this same problem. I finally found a knowledge base article on Rackspace's site.
http://www.rackspace.com/knowledge_center/article/how-do-i-force-ssl-on-my-aspnet-site-on-cloud-sites
The web.config option worked just fine, just be sure to remove the [RequireHttps] attribute from your code (it isn't needed).
I have copied it below for simplicity.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_CLUSTER_HTTPS}" pattern="^on$" negate="true" />
<add input="{HTTP_CLUSTER_HTTPS}" pattern=".+" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{SCRIPT_NAME}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

Resources