Added security headers
force HTTPS, add HSTS, other misc security tweaks
This commit is contained in:
parent
9da1c0fc19
commit
251d412155
|
@ -1,8 +1,27 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<configuration>
|
||||
<system.webServer>
|
||||
<httpProtocol>
|
||||
<customHeaders>
|
||||
<clear />
|
||||
<add name="X-Frame-Options" value="DENY" />
|
||||
<add name="X-XSS-Protection" value="1; mode=block" />
|
||||
<add name="X-Content-Type-Options" value="nosniff" />
|
||||
<add name="Referrer-Policy" value="same-origin" />
|
||||
</customHeaders>
|
||||
<redirectHeaders>
|
||||
<clear />
|
||||
</redirectHeaders>
|
||||
</httpProtocol>
|
||||
<rewrite>
|
||||
<rules>
|
||||
<rule name="Force HTTPS" stopProcessing="true">
|
||||
<match url="(.*)" />
|
||||
<conditions>
|
||||
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
|
||||
</conditions>
|
||||
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
|
||||
</rule>
|
||||
<rule name="Vue" patternSyntax="Wildcard">
|
||||
<match url="*" />
|
||||
<conditions logicalGrouping="MatchAll">
|
||||
|
@ -12,6 +31,15 @@
|
|||
<action type="Rewrite" url="index.html" />
|
||||
</rule>
|
||||
</rules>
|
||||
<outboundRules>
|
||||
<rule name="HSTS Header" enabled="true">
|
||||
<match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
|
||||
<conditions>
|
||||
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
|
||||
</conditions>
|
||||
<action type="Rewrite" value="max-age=31536000; preload" />
|
||||
</rule>
|
||||
</outboundRules>
|
||||
</rewrite>
|
||||
</system.webServer>
|
||||
</configuration>
|
||||
|
|
Loading…
Reference in New Issue
Block a user