- Contents
CIC Web Applications Installation and Configuration Guide
Appendix A: IIS XML Configuration
To configure IIS XML
-
Add the following location entry in ApplicationHost.config at %WINDIR%\system32\inetsrv\config\applicationHost.config
Put this location entry above or below the other location entry already present in order to avoid breaking applicationHost.config
The location path needs to match the IIS Site name.
<location path="ININApps"> <system.webServer> <rewrite> <allowedServerVariables> <add name="WEB_APP" /> <add name="ICWS_HOST" /> <add name="HTTP_ININ-ICWS-Original-URL" /> <</allowedServerVariables> </rewrite> </system.webServer> </location>
-
If there is not a web.config file, create a web.config file with the following content in the CIC Web Applications folder on your web server:
<configuration> <system.webServer> <rewrite> <rules> <rule name="inin-api-rewrite" enabled="true" stopProcessing="true"> <match url="(?:^(.*/)api|^api)/([^/]+)(/.*)" /> <serverVariables> <set name="WEB_APP" value="{R:1}" /> <set name="ICWS_HOST" value="{R:2}" /> <set name="HTTP_ININ-ICWS-Original-URL"
value="{MapScheme:{HTTPS}}://{HTTP_HOST}{UNENCODED_URL}" replace="false" /> </serverVariables> <action type="Rewrite" url="http://{ICWS_HOST}:8018{R:3}" logRewrittenUrl="true" />
<!-- If you are securing the ICWS host(s) with https, use
the following rewrite rule instead <action type="Rewrite" url="https://{ICWS_HOST}:8019{R:3}" logRewrittenUrl="true" /> --> </rule> </rules> <outboundRules> <rule name="inin-cookie-paths"> <match serverVariable="RESPONSE_Set_Cookie" pattern="(.*)Path=(/icws.*)" /> <action type="Rewrite" value="{R:1}Path=/{WEB_APP}api/{ICWS_HOST}{R:2}" /> </rule> <rule name="inin-location-paths"> <match serverVariable="RESPONSE_Location" pattern="^/icws/.*" /> <action type="Rewrite" value="/{WEB_APP}api/{ICWS_HOST}{R:0}" /> </rule> </outboundRules> <rewriteMaps> <rewriteMap name="MapScheme"> <add key="on" value="https" /> <add key="off" value="http" /> </rewriteMap> </rewriteMaps> </rewrite> <security> <requestFiltering allowHighBitCharacters="true" /> </security> <httpCompression> <staticTypes> <add mimeType="application/x-javascript" enabled="true" /> </staticTypes> </httpCompression> </system.webServer> <location path="client/lib"> <system.webServer> <staticContent> <clientCache cacheControlMode="UseMaxAge" cacheControl MaxAge="365.00:00:00" /> </staticContent> </system.webServer> </location> <location path="client/nls"> <system.webServer> <staticContent> <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00" /> </staticContent> </system.webServer> </location> <location path="client/addins"> <system.webServer> <staticContent> <clientCache cacheControlMode="DisableCache" /> </staticContent> </system.webServer> </location> <location path="client/config"> <system.webServer> <staticContent> <clientCache cacheControlMode="DisableCache" /> </staticContent> </system.webServer> </location> <location path="client/index.html"> <system.webServer> <staticContent> <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="0.00:15:00" /> </staticContent> </system.webServer> </location> </configuration> -
To prevent cross-frame scripting or clickjacking, add the following custom header to web.config. Set the options to DENY, SAMEORIGIN, or ALLOW-FROM origin. For more information, see Security Considerations.
<system.webServer> ... <httpProtocol> <customHeaders> <add name="X-Frame-Options" value="deny" /> </customHeader> </httpProtocol> ... </system.webServer>
-
To disable directory listing, add this to web.config. For more information, see Security Considerations.
Note: In addition to the recommended configuration changes, you should also assign the appropriate ACLs (Access Control Lists) to the directories on the web server used by your organization.
<system.webServer> <directoryBrowse enabled="false" /> </system.webServer>
-
Create a .htaaccess file in the related application directory. In the .htaccess file write:
Options - Indexes