Force SSL option missing in Nop 4.3 ???

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
3 Jahre weitere
Do you have it nested in the proper section?  
<?xml version="1.0" encoding="UTF-8"?>

3 Jahre weitere
I hope
I attach screenshots
3 Jahre weitere
Remove the added section, and then restart.  Works OK?  Then just put in an empty
Then restart.  Works OK?  then put in empty <rules>, etc. to see when it fails.

Not sure.  Maybe this helps
3 Jahre weitere
New York wrote:
Remove the added section, and then restart.  Works OK?  

Then just put in an empty

Then restart.  Works OK?  then put in empty <rules>, etc. to see when it fails.

Not sure.  Maybe this helps

i removed it and it works

I added <rewrite>
and the application fails.

If I install,
can I cause damage? the Vps?
3 Jahre weitere
Have you tried my code ?

        <directoryBrowse enabled="false" /> <!-- Copy contents only after this line-->
    <rule name="Allow SSL File Verification" patternSyntax="Wildcard" stopProcessing="true">
         <match url=".well-known/*" />
         <action type="None" />
    <rule name="Redirect to HTTPS" stopProcessing="true">
              <match url="(.*)" />
                  <add input="{HTTPS}" pattern="^OFF$" />
                  <add input="{URL}" pattern="/DefaultWorkflows/.+\.xamlx.*" negate="true" />
              <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
       <!-- Copy contents only before this line--><defaultDocument>  
3 Jahre weitere
Yes .. but error!
<?xml version="1.0" encoding="utf-8"?>

      <!-- Remove WebDAV module so that we can make DELETE requests -->
      <remove name="WebDAVModule" />
      <!-- Remove WebDAV module so that we can make DELETE requests -->
      <remove name="WebDAV" />
      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
    <!-- When deploying on Azure, make sure that "dotnet" is installed and the path to it is registered in the PATH environment variable or specify the full path to it -->
    <aspNetCore requestTimeout="23:00:00" processPath=".\Nop.Web.exe" arguments="" forwardWindowsAuthToken="false" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" startupTimeLimit="3600" hostingModel="InProcess">
        <environmentVariable name="ASPNETCORE_ENVIRONMENT" value="Development" />
        <environmentVariable name="COMPLUS_ForceENC" value="1" />
        <remove name="X-Powered-By" />
        <!-- Protects against XSS injections. ref.: -->
        <add name="X-XSS-Protection" value="1; mode=block" />
        <!-- Protects against Clickjacking attacks. ref.: -->
        <add name="X-Frame-Options" value="SAMEORIGIN" />
        <!-- Protects against MIME-type confusion attack. ref.: -->
        <add name="X-Content-Type-Options" value="nosniff" />
        <!-- Protects against Clickjacking attacks. ref.: -->
        <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
        <!-- CSP modern XSS directive-based defence, used since 2014. ref.: -->
        <add name="Content-Security-Policy" value="default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';" />
        <!-- Prevents from leaking referrer data over insecure connections. ref.: -->
        <add name="Referrer-Policy" value="same-origin" />
        <!--Feature-Policy is a new header that allows a site to control which features and APIs can be used in the browser. ref.: -->
        <add name="Feature-Policy" value="accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment *; usb 'none'" />

    <rule name="Allow SSL File Verification" patternSyntax="Wildcard" stopProcessing="true">
         <match url=".well-known/*" />
         <action type="None" />
    <rule name="Redirect to HTTPS" stopProcessing="true">
              <match url="(.*)" />
                  <add input="{HTTPS}" pattern="^OFF$" />
                  <add input="{URL}" pattern="/DefaultWorkflows/.+\.xamlx.*" negate="true" />
              <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
<!--ProjectGuid: 4f1f649c-1020-45be-a487-f416d9297ff3-->
3 Jahre weitere
What version of IIS are you using?
3 Jahre weitere
3 Jahre weitere
you have news?  :-(
3 Jahre weitere
varunnaresh wrote:
Solved !
Okay so i got a reply from their customer care.
They have gone ahead and made the change for me in my webconfig file. Amazing support webwiz hosting has provided and i greatly appreciate help.

They have put the following lines of code into webconfig file to force SSL.

          <rule name="Allow SSL File Verification" patternSyntax="Wildcard" stopProcessing="true">
               <match url=".well-known/*" />
               <action type="None" />
          <rule name="Redirect to HTTPS" stopProcessing="true">
                 <match url="(.*)" />
                     <add input="{HTTPS}" pattern="^OFF$" />
                     <add input="{URL}" pattern="/DefaultWorkflows/.+\.xamlx.*" negate="true" />
                 <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />

vote up if you found this helpful.

Thanks for saving life!

<add input="{URL}" pattern="/DefaultWorkflows/.+\.xamlx.*" negate="true" />
You can find HTTP -> HTTPS redirect for IIS easily on web but this line is the part specifically needed for nopCommerce. Your nopCommerce website will keep redirecting to "/" in some cases if this is not added.

Thanks again!
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.