How to force certain sections of the website to be

2019-02-20 21:35发布

站内问答 / 前沿技术
1967 2 4

On our website certain sections or pages deal with sensitive user or account information. I want to force the users to browse those pages under HTTPS. Whereas other pages with public content should be available under HTTP. I was planning to install url Rewrite module on IIS and write rules to achieve this. I am not sure how to write the rules in web.config for redirection.

Server: IIS 7.5

Example of pages under SSL:

  1. mywebsite.com.au/login

  2. mywebsite.com.au/login/

  3. mywebsite.com.au/member
  4. mywebsite.com.au/member/dashboard
  5. mywebsite.com.au/member/account
  6. mywebsite.com.au/member/..........

All the pages that do not come under the URL pattern specified above should be browsed under http only.

2条回答
戒情不戒烟
2楼-- · 2019-02-20 22:10

Umbraco already has a UrlRewriging.net components shipped with it. Check your config folder and you will find urlrewriting.config which is one potential way of achieving what you are after. Here is an example of how the rules might look (untested):

<add name="ForceSSLLogin"
  virtualUrl="^http://(.*)/login(.*)"
  rewriteUrlParameter="ExcludeFromClientQueryString"
  destinationUrl="https://$1/login$2"
  redirect="Domain"
  ignoreCase="true" />

<add name="ForceSSLMembers"
  virtualUrl="^http://(.*)/member(.*)"
  rewriteUrlParameter="ExcludeFromClientQueryString"
  destinationUrl="https://$1/member$2"
  redirect="Domain"
  ignoreCase="true" />

I don't really like this solution though since if someone changes the name of the members area page the url rewriting will no longer work.

You don't say what version of Umbraco you are on but what might actually be better is to try a package like this:

HTTPS Redirect

HTTPS Redirect provides a simple mechanism to switch a URL from HTTP to HTTPS (SSL) based on the document-type (alias), node id or template alias.

https://our.umbraco.org/projects/website-utilities/https-redirect

查看更多
0人赞 添加讨论(0) 举报
放荡不羁爱自由
3楼-- · 2019-02-20 22:32

Here goes the rewrite rules I implemented to achieve the http->https and https->http redirection. Please note that on http->https redirection, you also have to redirect the request for css, js and images files from http to https otherwise the browser might decline to execute these files.

You can also check the discussion on IIS forum.

<rewrite>
    <rules>
        <rule name="HTTPS to HTTP redirect" stopProcessing="true">
            <match url="(.*)" />
            <conditions>
                <add input="{HTTPS}" pattern="ON" />
                <add input="{URL}" pattern="^/login" negate="true" />
                <add input="{URL}" pattern="^/member" negate="true" />
                <add input="{URL}" pattern="^/(.*)(.js|.css|.png|.jpg|.woff)" negate="true" />
            </conditions>
            <action type="Redirect" redirectType="Permanent" url="http://{HTTP_HOST}/{R:1}" />
        </rule>
        <rule name="HTTP to HTTPS redirect login" stopProcessing="true">
            <match url="^login" />
            <conditions>
              <add input="{HTTPS}" pattern="OFF" />
            </conditions>
            <action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/login/" />
        </rule>
        <rule name="HTTP to HTTPS redirect member" stopProcessing="true">
            <match url="^member/(.*)" />
            <conditions>
              <add input="{HTTPS}" pattern="OFF" />
            </conditions>
            <action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/member/{R:1}" />
        </rule>
        <rule name="HTTP to HTTPS redirect resources" stopProcessing="true">
            <match url="http://(.*)(.css|.js|.png|.jpg|.woff)" />
            <conditions>
              <add input="{HTTPS}" pattern="ON" />
            </conditions>
            <action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}{R:2}" />
        </rule>         
    </rules>
</rewrite>
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)