IIS servers exposed to public networks for 301 Moved Permanently

 <rule name="PublicNetworkSlashNormalization" stopProcessing="true">

  <match url=".*" />

  <conditions logicalGrouping="MatchAny">

    

    <!-- Detect raw double slashes in direct requests -->

    <add input="{UNENCODED_URL}" pattern="//" />


    <!-- Detect double slashes in proxy-passed headers -->

    <!-- Azure App Gateway / IIS ARR -->

    <add input="{HTTP_X_ORIGINAL_URL}" pattern="//" />

    

    <!-- NGINX or custom reverse proxies -->

    <add input="{HTTP_X_ORIGINAL_URI}" pattern="//" />


    <!-- Other common proxy headers -->

    <add input="{HTTP_X_REWRITE_URL}" pattern="//" />

    

  </conditions>


  <!-- Canonical redirect with lowercase domain and cleaned path -->

  <action type="Redirect" 

          url="https://{ToLower:{HTTP_HOST}}{UNENCODED_URL}" 

          redirectType="Permanent" 

          appendQueryString="true" />

</rule>



ChangeWhy it was made
HTTP_X_ORIGINAL_URLUsed by IIS ARR and Azure App Gateway
HTTP_X_ORIGINAL_URIUsed by NGINX and some custom reverse proxies
HTTP_X_REWRITE_URLUsed by IIS URL Rewrite module itself when rewriting
ToLower:{HTTP_HOST}Forces lowercase domain (for SEO, canonical URLs)
appendQueryString="true"Preserves query string parameters (safer for real URLs)
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

starter ASP.NET Core Web API project with example

Starter ASP.NET Core Web API project that follows all the best practices listed above. 🛠️ Starter Project Overview We’ll build a Produc...

Best for you