最近遇到如下问题,网站安全扫描时检测到的漏掉。

http 重定向到 https_服务器环境

 

 

服务器环境: Windows 2008 R2 + IIS 7.5   

网站:ASP.NET

修改了web config 中的设置

 

 



<?xml version="1.0" encoding="UTF-8"?>

<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="http redirect to https" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                        <add input="{HTTPS_HOST}" pattern="^(localhost)" negate="true" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>