forked from stride3d/stride-website
-
Notifications
You must be signed in to change notification settings - Fork 2
/
web.Release.config
82 lines (80 loc) · 4.58 KB
/
web.Release.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
<?xml version="1.0" encoding="UTF-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer xdt:Transform="InsertIfMissing">
<httpErrors errorMode="Custom" existingResponse="Replace">
<remove statusCode="404" />
<error statusCode="404" path="404.html" responseMode="File" />
</httpErrors>
<httpProtocol>
<customHeaders>
<!-- disables iframing the website from other than the origin -->
<add name="X-Frame-Options" value="DENY" />
<!-- configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari (Webkit). -->
<add name="X-XSS-Protection" value="1; mode=block" />
<add name="Referrer-Policy" value="strict-origin-when-cross-origin"/>
<!-- prevents Google Chrome and Internet Explorer from trying to mime-sniff the content-type of a response away from the one being declared by the server -->
<add name="X-Content-Type-Options" value="nosniff"/>
<add name="Content-Security-Policy" value="upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none';"/>
<add name="Permissions-Policy" value="accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)" />
</customHeaders>
</httpProtocol>
<rewrite>
<rules>
<rule name="Redirect xenko.com to stride3d.net" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^(.*)xenko\.com$" />
</conditions>
<action type="Redirect" url="https://{C:1}stride3d.net/{R:0}" redirectType="Permanent" />
</rule>
<rule name="Redirect /privacypolicy to /legal/privacy-policy">
<match url="^privacypolicy(.*)$" />
<action type="Rewrite" url="legal/privacy-policy{R:1}"/>
</rule>
<rule name="Redirect all requests to https" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action
type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"
redirectType="Permanent" appendQueryString="false" />
</rule>
<rule name="Redirect Blog Page 2" stopProcessing="true">
<match url="^blog/page2/$" />
<action type="Redirect" url="blog/1/" redirectType="Permanent" />
</rule>
<rule name="Redirect Blog Page 3" stopProcessing="true">
<match url="^blog/page3/$" />
<action type="Redirect" url="blog/2/" redirectType="Permanent" />
</rule>
<rule name="Redirect Blog Page 4" stopProcessing="true">
<match url="^blog/page4/$" />
<action type="Redirect" url="blog/3/" redirectType="Permanent" />
</rule>
<rule name="Redirect Blog Page 5" stopProcessing="true">
<match url="^blog/page5/$" />
<action type="Redirect" url="blog/4/" redirectType="Permanent" />
</rule>
<rule name="Redirect Blog Page 6" stopProcessing="true">
<match url="^blog/page6/$" />
<action type="Redirect" url="blog/5/" redirectType="Permanent" />
</rule>
<rule name="Redirect Blog Page 7" stopProcessing="true">
<match url="^blog/page7/$" />
<action type="Redirect" url="blog/6/" redirectType="Permanent" />
</rule>
</rules>
<outboundRules>
<rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
<match serverVariable="RESPONSE_Strict_Transport_Security"
pattern=".*" />
<conditions>
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
</conditions>
<action type="Rewrite" value="max-age=31536000" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>