excalibur1010/web.config

## web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <httpProtocol>
            <customHeaders>
                <add name="Access-Control-Allow-Headers" value="Origin, Content-Type, Authorization,X-Requested-With" />
                <add name="Access-Control-Allow-Methods" value="GET" />
                <add name="X-Download-Options" value="noopen" />
                <add name="X-Frame-Options" value="DENY" />
                <!-- if you need to allow same origin, comment above line and uncomment below line -->
                <!-- <add name="X-Frame-Options" value="SAMEORIGIN" /> -->
                <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
                <add name="X-XSS-Protection" value="1; mode=block" />
                <add name="X-Content-Type-Options" value="nosniff" />
                <add name="Referrer-Policy" value="origin-when-cross-origin" />
                <remove name="X-Powered-By" />
            </customHeaders>
        </httpProtocol>
        <rewrite>
            <rules>
                <rule name="Imported Rule 1" stopProcessing="true">
                    <match url="^" ignoreCase="false" />
                    <conditions logicalGrouping="MatchAll">
                        <add input="{HTTP_AUTHORIZATION}" ignoreCase="false" />
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
                        <add input="{URL}" pattern="(.+)/$" ignoreCase="false" />
                    </conditions>
                    <action type="Redirect" url="{C:1}" redirectType="Permanent" />
                </rule>
                <rule name="Imported Rule 2" stopProcessing="true">
                    <match url="^" ignoreCase="false" />
                    <conditions logicalGrouping="MatchAll">
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
                    </conditions>
                    <action type="Rewrite" url="index.php" />
                </rule>

                <!-- Uncomment below if you want Force redirect from http to https -->
                <!-- <rule name="http to https" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
                </rule> -->
            </rules>
        </rewrite>
        <staticContent>
            <!-- Use this section to allow needed extensions -->
            <!-- <mimeMap fileExtension=".woff2" mimeType="font/x-woff2" /> -->
        </staticContent>
        <security>
            <requestFiltering>
                <requestLimits maxQueryString="5000" />
                <verbs applyToWebDAV="false">
                    <add verb="TRACE" allowed="false" />
                    <!-- <add verb="OPTIONS" allowed="false" /> -->
                </verbs>
            </requestFiltering>
        </security>
    </system.webServer>
</configuration>
	<?xml version="1.0" encoding="UTF-8"?>
	<configuration>
	<system.webServer>
	<httpProtocol>
	<customHeaders>
	<add name="Access-Control-Allow-Headers" value="Origin, Content-Type, Authorization,X-Requested-With" />
	<add name="Access-Control-Allow-Methods" value="GET" />
	<add name="X-Download-Options" value="noopen" />
	<add name="X-Frame-Options" value="DENY" />
	<!-- if you need to allow same origin, comment above line and uncomment below line -->
	<!-- <add name="X-Frame-Options" value="SAMEORIGIN" /> -->
	<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
	<add name="X-XSS-Protection" value="1; mode=block" />
	<add name="X-Content-Type-Options" value="nosniff" />
	<add name="Referrer-Policy" value="origin-when-cross-origin" />
	<remove name="X-Powered-By" />
	</customHeaders>
	</httpProtocol>
	<rewrite>
	<rules>
	<rule name="Imported Rule 1" stopProcessing="true">
	<match url="^" ignoreCase="false" />
	<conditions logicalGrouping="MatchAll">
	<add input="{HTTP_AUTHORIZATION}" ignoreCase="false" />
	<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
	<add input="{URL}" pattern="(.+)/$" ignoreCase="false" />
	</conditions>
	<action type="Redirect" url="{C:1}" redirectType="Permanent" />
	</rule>
	<rule name="Imported Rule 2" stopProcessing="true">
	<match url="^" ignoreCase="false" />
	<conditions logicalGrouping="MatchAll">
	<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
	<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
	</conditions>
	<action type="Rewrite" url="index.php" />
	</rule>

	<!-- Uncomment below if you want Force redirect from http to https -->
	<!-- <rule name="http to https" stopProcessing="true">
	<match url="(.*)" />
	<conditions>
	<add input="{HTTPS}" pattern="^OFF$" />
	</conditions>
	<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
	</rule> -->
	</rules>
	</rewrite>
	<staticContent>
	<!-- Use this section to allow needed extensions -->
	<!-- <mimeMap fileExtension=".woff2" mimeType="font/x-woff2" /> -->
	</staticContent>
	<security>
	<requestFiltering>
	<requestLimits maxQueryString="5000" />
	<verbs applyToWebDAV="false">
	<add verb="TRACE" allowed="false" />
	<!-- <add verb="OPTIONS" allowed="false" /> -->
	</verbs>
	</requestFiltering>
	</security>
	</system.webServer>
	</configuration>