Task: Some useful web.config code. eg. URL Rewriting/ Remove Etag / Remove Server Header/ Enable Gzip and few more..
Description: Some Useful web-config code which used for URL Rewriting and do many more things.
1) Define database connection in web.config. the connectionStrings tag should be in <configuration> tag.
2) Define Execution timeout and max request length using <httpRuntime> tag. it should be in <system.web> tag. Here we can also define the session mode and its timeout value.
3) Etag and Server Header and other Redirect rule (Default page redirect, www redirect , https redirect)
<!--<Redirect Without www to www> -->
4)Add MIME type (A List for various mime type : https://www.sitepoint.com/web-foundations/mime-types-complete-list/)
5) Security Headers - X-Content-Type: nosniff & Other
<system.webServer>
6) Gzip Compression
<system.webServer>
Description: Some Useful web-config code which used for URL Rewriting and do many more things.
1) Define database connection in web.config. the connectionStrings tag should be in <configuration> tag.
<connectionStrings>
<add
name="ConnectNEw" connectionString="Data Source=APC\SQLEXPRESS;Initial
Catalog=database_db;user id=user_8; pwd=Pass@L#7Mad87" providerName="System.Data.SqlClient"/>
</connectionStrings>
2) Define Execution timeout and max request length using <httpRuntime> tag. it should be in <system.web> tag. Here we can also define the session mode and its timeout value.
<system.web>
<httpRuntime enableVersionHeader="false" executionTimeout="2400" maxRequestLength="20480" />
<sessionState
mode="InProc" cookieless="false" timeout="80"></sessionState>
</system.web>
3) Etag and Server Header and other Redirect rule (Default page redirect, www redirect , https redirect)
<system.webServer>
<rewrite>
<outboundRules>
<rule name="Remove ETag" >
<match serverVariable="RESPONSE_ETag" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
<rule name="Remove Server header">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
</outboundRules>
<rules>
<!--<Redirect Without www to www> -->
<rule name="Redirect to www" stopProcessing="true">
<match url=".*" />
<conditions trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^hemantrautela.blogspot.com$" />
</conditions>
<action type="Redirect" url="https://www.hemantrautela.blogspot.com/{R:0}" redirectType="Permanent"/>
</rule>
<!--<Redirect default.aspx to domain name> -->
<!--<Redirect default.aspx to domain name> -->
<rule name="default.aspx Redirect" stopProcessing="true">
<match url="^(.*\/)*default\.aspx$"/>
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_METHOD}" negate="true" pattern="^POST$"/>
</conditions>
<action type="Redirect" url="{R:1}" redirectType="Permanent"/>
</rule>
<!--<Redirect http to https - Non Secure to Secure page> -->
<!--<Redirect http to https - Non Secure to Secure page> -->
<rule name="Redirect to https" stopProcessing="true" enabled="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
4)Add MIME type (A List for various mime type : https://www.sitepoint.com/web-foundations/mime-types-complete-list/)
<system.webServer>
<staticContent>
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="30.00:00:00"/>
<remove fileExtension=".kml" />
<mimeMap fileExtension=".kml" mimeType="application/vnd.google-earth.kml+xml" />
<remove fileExtension=".woff" />
<mimeMap fileExtension=".woff" mimeType="application/font-woff" />
<remove fileExtension=".eot" />
<mimeMap fileExtension=".eot" mimeType="application/vnd.ms-fontobject" />
</staticContent>
</system.webServer>
5) Security Headers - X-Content-Type: nosniff & Other
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="Vary"></remove>
<add name="Vary" value="Accept-Encoding"></add>
<remove name="X-Powered-By"></remove>
<add name="X-Frame-Options" value="SAMEORIGIN"></add>
<add name="X-XSS-Protection" value="1; mode=block"></add>
<add name="X-Content-Type-Options" value="nosniff "></add>
</customHeaders>
</httpProtocol>
</system.webServer>6) Gzip Compression
<system.webServer>
<httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files">
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll"/>
<dynamicTypes>
<add mimeType="text/*" enabled="true"/>
<add mimeType="message/*" enabled="true"/>
<add mimeType="application/javascript" enabled="true"/>
<add mimeType="*/*" enabled="false"/>
</dynamicTypes>
<staticTypes>
<add mimeType="text/*" enabled="true"/>
<add mimeType="message/*" enabled="true"/>
<add mimeType="application/javascript" enabled="true"/>
<add mimeType="*/*" enabled="false"/>
</staticTypes>
</httpCompression>
<urlCompression doStaticCompression="true" doDynamicCompression="true"/>
</system.webServer>
No comments:
Post a Comment