Web.config Edits

From KOP KB
Revision as of 16:34, 16 October 2014 by ReMaster (talk | contribs) (IP address block)
Jump to: navigation, search

You may need to only copy some parts as the may have a web.config file already created

Web.config SSL Redirect

This is the way to redirect for ssl, first to www then to https 

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
      <rewrite>
  <rules>
  <rule name="Redirect domain.com to www" patternSyntax="Wildcard" stopProcessing="true">            
  <match url="*" />            
  <conditions>                
  <add input="{HTTP_HOST}" pattern="domain.com" />            
  </conditions>            
  <action type="Redirect" url="http://www.domain.com/{R:0}" />        
  </rule>
    <rule name="HTTP to HTTPS redirect" stopProcessing="true">
  <match url="(.*)" />
    <conditions>
      <add input="{HTTPS}" pattern="off" ignoreCase="true" />
    </conditions>
  <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
  </rules>
  
</rewrite>
    </system.webServer>
</configuration>

Connection Strings and Config Source

Well below is good example of how you can do data strings for your asp.net application. Also you will notice one has a configSource so for every tag in a web.config you can provide an alternate source for the rest of that configuration. So your data strings you see there for connection we could of stored all of them in a separate file. 

<?xml version="1.0" encoding="UTF-8"?>

<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->

<configuration>

    <connectionStrings>
	<!-- 
			 This is the connection string where your only changing data source, initial catalog, User ID, Password
			 -->
        <add name="51134_testConnectionString" connectionString="Data Source=hostname;Initial Catalog=dbname;Persist Security Info=True;User ID=userid;Password=Simongtest123"
            providerName="System.Data.SqlClient" />
			<add name="51134_testConnectionString2" connectionString="Data Source=hostname;Initial Catalog=dbname;Persist Security Info=True;User ID=simongtest123;Password=Simongtest123"
            providerName="System.Data.SqlClient" />
			
    </connectionStrings>
	<connectionStrings configSource="ConnectionStrings.config" />
<!--
It may be system.web or system.webserver depending on the server of windows your using.
-->
    <system.web>
	<!--
	This is best to be off so you can see very specific errors to provide to admins
        Http Error mode is best left on detailed for troubleshooting.
	-->
        <customErrors mode="Off"/>
	<httpErrors errorMode="Detailed" />
        <!--
        Below is a way you can reference another config file to split up your configs
        You can do this for organization or if there is a web.config file size limit
        -->
        <profile configSource="profile.config" />	
    </system.web>
	

</configuration>

IP address block

Below is the way you can either set to true to block the listed IP addresses or to false to only let them in. 

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
   <system.webServer>
      <security>
        <ipSecurity allowUnlisted="true">    <!-- this line blocks everybody, except those listed below -->                
           <clear/> <!-- removes all upstream restrictions -->
           <add ipAddress="83.116.19.53"/>   <!-- block one IP  -->                
           <add ipAddress="83.116.119.0" subnetMask="255.255.255.0"/>   <!--block network 83.116.119.0 to 83.116.119.255-->               
        </ipSecurity>
      </security>
      <modules runAllManagedModulesForAllRequests="true"/>
   </system.webServer>
</configuration>
Retrieved from "https://knightsofprocrastination.ca/KOPKB/index.php?title=Web.config_Edits&oldid=305"