useful web config code asp.net

Task: Some useful web.config code. eg. URL Rewriting/ Remove Etag / Remove Server Header/ Enable Gzip and few more..


Description: Some Useful web-config code which used for URL Rewriting and do many more things.

1) Define database connection in web.config. the connectionStrings tag should be in <configuration> tag.
<connectionStrings>
<add name="ConnectNEw" connectionString="Data Source=APC\SQLEXPRESS;Initial Catalog=database_db;user id=user_8; pwd=Pass@L#7Mad87" providerName="System.Data.SqlClient"/>
</connectionStrings>


2) Define Execution timeout and max request length using <httpRuntime> tag. it should be in <system.web> tag. Here we can also define the session mode and its timeout value.
<system.web>
<httpRuntime enableVersionHeader="false"  executionTimeout="2400" maxRequestLength="20480" />
<sessionState mode="InProc" cookieless="false" timeout="80"></sessionState>
</system.web>



3) Etag and Server Header and other Redirect rule (Default page redirect, www redirect , https redirect)
<system.webServer>
    <rewrite>
      <outboundRules>
        <rule name="Remove ETag" >
          <match serverVariable="RESPONSE_ETag" pattern=".+" />
          <action type="Rewrite" value="" />
        </rule>
        <rule name="Remove Server header">
          <match serverVariable="RESPONSE_Server" pattern=".+" />
          <action type="Rewrite" value="" />
        </rule>
      </outboundRules>
      <rules>


 <!--<Redirect Without www to www> -->
        <rule name="Redirect to www" stopProcessing="true">
          <match url=".*" />
          <conditions trackAllCaptures="false">
            <add input="{HTTP_HOST}" pattern="^hemantrautela.blogspot.com$" />
          </conditions>
 <action type="Redirect" url="https://www.hemantrautela.blogspot.com/{R:0}" redirectType="Permanent"/>
        </rule>

 <!--<Redirect default.aspx to domain name> -->
        <rule name="default.aspx Redirect" stopProcessing="true">
          <match url="^(.*\/)*default\.aspx$"/>
          <conditions logicalGrouping="MatchAll">
            <add input="{REQUEST_METHOD}" negate="true" pattern="^POST$"/>
          </conditions>
          <action type="Redirect" url="{R:1}" redirectType="Permanent"/>
        </rule>

<!--<Redirect http to https - Non Secure to Secure page> -->
        <rule name="Redirect to https" stopProcessing="true" enabled="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTPS}" pattern="off" ignoreCase="true" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>



4)Add MIME type (A List for various mime type : https://www.sitepoint.com/web-foundations/mime-types-complete-list/)
<system.webServer>
 <staticContent>
     <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="30.00:00:00"/>
      <remove fileExtension=".kml" />
      <mimeMap fileExtension=".kml" mimeType="application/vnd.google-earth.kml+xml" />
      <remove fileExtension=".woff" />
      <mimeMap fileExtension=".woff" mimeType="application/font-woff" />
      <remove fileExtension=".eot" />
      <mimeMap fileExtension=".eot" mimeType="application/vnd.ms-fontobject" />
    </staticContent>
</system.webServer>



5) Security Headers - X-Content-Type: nosniff & Other

<system.webServer>
<httpProtocol>
      <customHeaders>
        <remove name="Vary"></remove>
        <add name="Vary" value="Accept-Encoding"></add>
          <remove name="X-Powered-By"></remove>
          <add name="X-Frame-Options" value="SAMEORIGIN"></add>
          <add name="X-XSS-Protection" value="1; mode=block"></add>
          <add name="X-Content-Type-Options" value="nosniff "></add>
      </customHeaders>
    </httpProtocol>
</system.webServer>
 



6) Gzip Compression

<system.webServer>
<httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files">
      <scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll"/>
      <dynamicTypes>
        <add mimeType="text/*" enabled="true"/>
        <add mimeType="message/*" enabled="true"/>
        <add mimeType="application/javascript" enabled="true"/>
        <add mimeType="*/*" enabled="false"/>
      </dynamicTypes>
      <staticTypes>
        <add mimeType="text/*" enabled="true"/>
        <add mimeType="message/*" enabled="true"/>
        <add mimeType="application/javascript" enabled="true"/>
        <add mimeType="*/*" enabled="false"/>
      </staticTypes>
    </httpCompression>

    <urlCompression doStaticCompression="true" doDynamicCompression="true"/>
</system.webServer>




No comments:

Post a Comment