-
Notifications
You must be signed in to change notification settings - Fork 6
/
applicationhost.xdt
38 lines (38 loc) · 2.7 KB
/
applicationhost.xdt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<location path="%XDT_SITENAME%" xdt:Transform="InsertIfMissing" xdt:Locator="Match(path)">
<system.webServer xdt:Transform="InsertIfMissing">
<httpProtocol xdt:Transform="InsertIfMissing">
<customHeaders xdt:Transform="InsertIfMissing">
<add name="X-Xss-Protection" value="1; mode=block" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="Referrer-Policy" value="no-referrer-when-downgrade" />
<add name="Content-Security-Policy" value="default-src 'unsafe-inline' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.msecnd.net;" />
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains; preload" />
<add name="X-Frame-Options" value="DENY" />
<remove name="X-Powered-By" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" />
<remove name="X-AspNetMvc-Version" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" />
<remove name="X-AspNet-Version" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" />
</customHeaders>
</httpProtocol>
<rewrite xdt:Transform="InsertIfMissing">
<rules xdt:Transform="InsertIfMissing" lockElements="clear">
<rule name="redirect HTTP to HTTPS" enabled="true" stopProcessing="true" lockItem="true" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{WARMUP_REQUEST}" pattern="1" negate="true" />
<add input="{HTTP_USER_AGENT}" pattern="Initialization" negate="true" ignoreCase="false" />
<add input="{HTTP_USER_AGENT}" pattern="SiteWarmup" negate="true" ignoreCase="false" />
<add input="{HTTP_USER_AGENT}" pattern="AlwaysOn" negate="true" ignoreCase="false" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
<security xdt:Transform="InsertIfMissing">
<requestFiltering removeServerHeader="true" xdt:Transform="SetAttributes(removeServerHeader)" />
</security>
</system.webServer>
</location>
</configuration>