2019-06-21
參考:https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/DotNet_Security_Cheat_Sheet.md
| <configuration> <system.webServer> <rewrite> <rules> <rule name="Redirect to https"> <match url="(.*)"/> <conditions> <add input="{HTTPS}" pattern="Off"/> <add input="{REQUEST_METHOD}" pattern="^get$|^head$" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent"/> </rule> </rules> <outboundRules> <rule name="Add HSTS Header" enabled="true"> <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" /> <conditions> <add input="{HTTPS}" pattern="on" ignoreCase="true" /> </conditions> <action type="Rewrite" value="max-age=15768000" /> </rule> </outboundRules> </rewrite> </system.webServer> </configuration> |
某些狀況下,上面無法用 (原因不明)
可用下面方法
default.htm
<meta http-equiv="refresh" content="0;url=https://新網址" /> |
(完)
沒有留言:
張貼留言