web.config 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <configuration>
  3. <system.webServer>
  4. <!-- Don't show directory listings for URLs which map to a directory. -->
  5. <directoryBrowse enabled="false" />
  6. <!--
  7. Caching configuration was not delegated by default. Some hosters may not
  8. delegate the caching configuration to site owners by default and that
  9. may cause errors when users install. Uncomment this if you want to and
  10. are allowed to enable caching.
  11. -->
  12. <!--
  13. <caching>
  14. <profiles>
  15. <add extension=".php" policy="DisableCache" kernelCachePolicy="DisableCache" />
  16. <add extension=".html" policy="CacheForTimePeriod" kernelCachePolicy="CacheForTimePeriod" duration="14:00:00" />
  17. </profiles>
  18. </caching>
  19. -->
  20. <rewrite>
  21. <rules>
  22. <rule name="Protect files and directories from prying eyes" stopProcessing="true">
  23. <match url="\.(engine|inc|install|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format|composer\.(json|lock))$" />
  24. <action type="CustomResponse" statusCode="403" subStatusCode="0" statusReason="Forbidden" statusDescription="Access is forbidden." />
  25. </rule>
  26. <rule name="Force simple error message for requests for non-existent favicon.ico" stopProcessing="true">
  27. <match url="favicon\.ico" />
  28. <action type="CustomResponse" statusCode="404" subStatusCode="1" statusReason="File Not Found" statusDescription="The requested file favicon.ico was not found" />
  29. <conditions>
  30. <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
  31. </conditions>
  32. </rule>
  33. <!-- If running on a PHP version affected by httpoxy vulnerability
  34. uncomment the following rule to mitigate it's impact. To make this
  35. rule work, you will also need to add HTTP_PROXY to the allowed server
  36. variables manually in IIS. See https://www.drupal.org/node/2783079.
  37. <rule name="Erase HTTP_PROXY" patternSyntax="Wildcard">
  38. <match url="*.*" />
  39. <serverVariables>
  40. <set name="HTTP_PROXY" value="" />
  41. </serverVariables>
  42. <action type="None" />
  43. </rule>
  44. -->
  45. <!-- To redirect all users to access the site WITH the 'www.' prefix,
  46. http://example.com/foo will be redirected to http://www.example.com/foo)
  47. adapt and uncomment the following: -->
  48. <!--
  49. <rule name="Redirect to add www" stopProcessing="true">
  50. <match url="^(.*)$" ignoreCase="false" />
  51. <conditions>
  52. <add input="{HTTP_HOST}" pattern="^example\.com$" />
  53. </conditions>
  54. <action type="Redirect" redirectType="Permanent" url="http://www.example.com/{R:1}" />
  55. </rule>
  56. -->
  57. <!-- To redirect all users to access the site WITHOUT the 'www.' prefix,
  58. http://www.example.com/foo will be redirected to http://example.com/foo)
  59. adapt and uncomment the following: -->
  60. <!--
  61. <rule name="Redirect to remove www" stopProcessing="true">
  62. <match url="^(.*)$" ignoreCase="false" />
  63. <conditions>
  64. <add input="{HTTP_HOST}" pattern="^www\.example\.com$" />
  65. </conditions>
  66. <action type="Redirect" redirectType="Permanent" url="http://example.com/{R:1}" />
  67. </rule>
  68. -->
  69. <!-- Pass all requests not referring directly to files in the filesystem
  70. to index.php. -->
  71. <rule name="Short URLS" stopProcessing="true">
  72. <match url="^(.*)$" ignoreCase="false" />
  73. <conditions>
  74. <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
  75. <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
  76. <add input="{URL}" pattern="^/favicon.ico$" ignoreCase="false" negate="true" />
  77. </conditions>
  78. <action type="Rewrite" url="index.php" />
  79. </rule>
  80. </rules>
  81. </rewrite>
  82. <!-- If running Windows Server 2008 R2 this can be commented out -->
  83. <!-- httpErrors>
  84. <remove statusCode="404" subStatusCode="-1" />
  85. <error statusCode="404" prefixLanguageFilePath="" path="/index.php" responseMode="ExecuteURL" />
  86. </httpErrors -->
  87. <defaultDocument>
  88. <!-- Set the default document -->
  89. <files>
  90. <clear />
  91. <add value="index.php" />
  92. </files>
  93. </defaultDocument>
  94. </system.webServer>
  95. </configuration>