Remove the added section, and then restart. Works OK? Then just put in an empty <rewrite> </rewrite> Then restart. Works OK? then put in empty <rules>, etc. to see when it fails.
I added <rewrite> </rewrite> and the application fails.
If I install https://stackoverflow.com/questions/37948865/iis-server-asp-net-core-500-19-with-error-code-0x8007000d-on-httpplatformhan?rq=1, can I cause damage? the Vps?
Yes .. but error! ****************************** <?xml version="1.0" encoding="utf-8"?> <configuration> <system.webServer>
<modules> <!-- Remove WebDAV module so that we can make DELETE requests --> <remove name="WebDAVModule" /> </modules> <handlers> <!-- Remove WebDAV module so that we can make DELETE requests --> <remove name="WebDAV" /> <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" /> </handlers> <!-- When deploying on Azure, make sure that "dotnet" is installed and the path to it is registered in the PATH environment variable or specify the full path to it --> <aspNetCore requestTimeout="23:00:00" processPath=".\Nop.Web.exe" arguments="" forwardWindowsAuthToken="false" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" startupTimeLimit="3600" hostingModel="InProcess"> <environmentVariables> <environmentVariable name="ASPNETCORE_ENVIRONMENT" value="Development" /> <environmentVariable name="COMPLUS_ForceENC" value="1" /> </environmentVariables> </aspNetCore> <httpProtocol> <customHeaders> <remove name="X-Powered-By" /> <!-- Protects against XSS injections. ref.: https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers/ --> <add name="X-XSS-Protection" value="1; mode=block" /> <!-- Protects against Clickjacking attacks. ref.: http://stackoverflow.com/a/22105445/1233379 --> <add name="X-Frame-Options" value="SAMEORIGIN" /> <!-- Protects against MIME-type confusion attack. ref.: https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers/ --> <add name="X-Content-Type-Options" value="nosniff" /> <!-- Protects against Clickjacking attacks. ref.: https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet --> <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" /> <!-- CSP modern XSS directive-based defence, used since 2014. ref.: http://content-security-policy.com/ --> <add name="Content-Security-Policy" value="default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';" /> <!-- Prevents from leaking referrer data over insecure connections. ref.: https://scotthelme.co.uk/a-new-security-header-referrer-policy/ --> <add name="Referrer-Policy" value="same-origin" /> <!--Feature-Policy is a new header that allows a site to control which features and APIs can be used in the browser. ref.: https://wicg.github.io/feature-policy/ --> <add name="Feature-Policy" value="accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment *; usb 'none'" /> </customHeaders> </httpProtocol>
Solved ! Okay so i got a reply from their customer care. They have gone ahead and made the change for me in my webconfig file. Amazing support webwiz hosting has provided and i greatly appreciate help.
They have put the following lines of code into webconfig file to force SSL.
<add input="{URL}" pattern="/DefaultWorkflows/.+\.xamlx.*" negate="true" /> You can find HTTP -> HTTPS redirect for IIS easily on web but this line is the part specifically needed for nopCommerce. Your nopCommerce website will keep redirecting to "/" in some cases if this is not added.
Thanks again!
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.