I have two domain names for my website, one of which is the ubiquitous cookie-less static content domain. One name is merely an alias for the "main" name (using CNAME), so without additional configuration, any resource could be accessed through either domain. For security reasons in addition to just wanting navigation to be intuitive, I want to make sure that static content and only static content is available through the static domain, and in particular, that static content is NOT available through the main domain.
I accomplished the latter using IIS's URL Rewrite, with the following rule:
<rule name="StaticContentRes" patternSyntax="ECMAScript" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="^maindomain$" />
<add input="{REQUEST_URI}" pattern="^/res/.*$" />
</conditions>
<action type="Redirect" url="https://staticdomain/{R:0}" />
</rule>
This works perfectly fine, and ensures requests for certain static content (all located in the "res" directory) are served only through staticdomain. However, I tried to further enforce that staticdomain be used ONLY for requests to that directory:
<rule name="RegularContent" patternSyntax="ECMAScript" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="^staticdomain$" />
<add input="{REQUEST_URI}" pattern="^/res/.*$" negate="true" />
</conditions>
<action type="Redirect" url="https://maindomain/{R:0}" />
</rule>
Adding this second rule results in an infinite redirect loop whenever either domain is used to serve that directory. I'm completely stumped, as I thought the negate="true" logic was perfectly clean and workable. What can I do so that staticdomain requests are let through only if they're to the "res" dir, without incurring this loop?
Aucun commentaire:
Enregistrer un commentaire