Permalink
Fetching contributors…
Cannot retrieve contributors at this time
146 lines (67 sloc) 6.8 KB
title author description ms.author manager ms.date ms.topic ms.assetid ms.technology ms.prod msc.legacyurl msc.type
Translate .htaccess Content to IIS web.config | Microsoft Docs
rick-anderson
Many PHP applications are distributed with configuration files for the Apache Web server. These configuration files (usually called .htaccess files) contain...
iiscontent
soshir
02/23/2009
article
ce4e6cf1-dec5-4a42-9ca6-be447dc7fa0d
iis-appfx
iis
/learn/application-frameworks/install-and-configure-php-applications-on-iis/translate-htaccess-content-to-iis-webconfig
authoredcontent

Translate .htaccess Content to IIS web.config

by Steve Jacobson

Introduction

Many PHP applications are distributed with configuration files for the Apache Web server. These configuration files (usually called .htaccess files) contain a number of settings that can be used for integrating the application with the capabilities of the Web server.

IIS 7 and above uses a file called Web.config to hold settings for integration with applications. The Web.config file contains information that control module loading, security configuration, session state configuration, and application language and compilation settings. Web.config files can also contain application-specific items such as database connection strings.

This article describes the most common uses of the .htaccess file by PHP applications, and shows how to use the Web.config file for these same functions in IIS.

Sample Application Configuration Files

The following examples are two configuration files for a sample application: an .htaccess file and a Web.config file.

Sample Application .htaccess File

[!code-consoleMain]

Sample Application Web.config File

[!code-xmlMain]

Request Filtering

This application uses the FilesMatch directive in the .htacess file to limit browser access to files that are components of the application.

[!code-xmlMain]

IIS uses the Request Filtering module to limit browser access to files that are components of the application. For the sample application in a Web.config file, the section could look like:

[!code-xmlMain]

Note that you can leave this section commented out for installation, because the installation scripts are blocked by this filter.

An alternative to using the request filtering is to use the URL Rewriter module to return a 403 error for any of the matching file types. The advantage of the URL Rewriter module is that it uses a regular expression for the match.

[!code-xmlMain]

Default Document

In the .htaccess file for the sample application, the DirectoryIndex directive tells the Web server which file to load if no filename is included with the URL.

[!code-powershellMain]

For IIS, the default document should be set up as high in the Web site hierarchy as the Module Handler. For example, with PHP, the Module Handler is usually set at the Web server level. The default document should be set at that level also, rather than locally within a Web site's context. The following code within your Web.config file can ensure this:

[!code-xmlMain]

URL Rewriting

IIS includes the URL Rewrite module. You can use this extension to provide rules for IIS to rewrite incoming URL requests. The most common use of URL Rewriting is to provide shorter, easy-to-remember URLs.

Many PHP applications currently ship with rewrite rules as part of their .htaccess file. These rules tell Apache's mod_rewrite how and when to rewrite incoming requests. The IIS URL Rewrite module can read these rules and translate them into URL Rewrite rules.

For more information about importing Apache mod_rewrite rules, see: Importing Apache mod_rewrite Rules.

For the sample application, the relevant mod_rewrite rules in the .htaccess file are:

[!code-consoleMain]

The IIS URL Rewriter module can read these rules and translate them. The translated URL Rewriter rules are:

[!code-xmlMain]

Error Page Redirects / Handling

Some applications handle standard errors within the scope of the application. The ErrorDocument directive in the .htaccess file of the sample application tells the Web server to load the home page for any 404 or "File Not Found" errors.

[!code-powershellMain]

IIS uses the httpErrors directive for this functionality. However, because the capability to set this at the application level is turned off by default for IIS, this section should be commented out.

[!code-xmlMain]

Directory Browsing

Another application security (or integrity) measure often implemented is disabling directory browsing from the clients. Many Web server configurations will let users see a listing of files in a directory that does not contain one of the default document files. In the .htaccess file of the sample application, this is disabled using the Options directive:

[!code-powershellMain]

IIS limits this access in the Web.config file using the directoryBrowse directive:

[!code-xmlMain]

Cache Aging

Caching directives are used to ensure that static content is cached for a period of time, and dynamic content is not cached at all. In the .htaccess file of the sample application, the ExpiresBy directives provided by mod_expires module are used.

[!code-powershellMain]

In the Web.config file, IIS uses the Output Caching module and the caching directive to control caching. For the sample application, you can enable caching for .html files for a maximum of 14 days. For .php files, ensure that no caching is performed at all with the code:

[!code-xmlMain]

Links for Further Information