sunghwan2789/web.config

## web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <!-- SEO Rules -->
                <rule name="StripSlashes" stopProcessing="true">
                    <conditions>
                        <add input="{UNENCODED_URL}" pattern="^([^\?]*)//(.*)" />
                    </conditions>
                    <action type="Redirect" url="{C:1}/{C:2}" appendQueryString="false" />
                </rule>
                <rule name="RedirectCNAME" stopProcessing="true">
                    <conditions>
                        <add input="{HTTP_HOST}" pattern="^www\.(.+)$" />
                    </conditions>
                    <action type="Redirect" url="{ProtocolMap:{HTTPS}}://{C:1}{REQUEST_URI}" />
                </rule>
                <rule name="UpgradeInsecureRequests" stopProcessing="true">
                    <conditions>
                        <add input="{HTTPS}" pattern="off" />
                        <add input="{HTTP_UPGRADE_INSECURE_REQUESTS}" pattern="1" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" />
                </rule>

                <!-- Security Rules -->
                <rule name="BlockHiddenUrl" stopProcessing="true">
                    <match url="(^|/)\." />
                    <conditions>
                        <add input="{URL}" pattern="(^|/)\.well-known/" negate="true" />
                    </conditions>
                    <action type="Rewrite" statusCode="403" statusReason="Forbidden" />
                </rule>
            </rules>
            <outboundRules>
                <rule name="HSTS">
                    <conditions>
                        <add input="{HTTPS}" pattern="on" />
                    </conditions>
                    <match serverVariable="RESPONSE_Strict_Transport_Security" />
                    <action type="Rewrite" value="max-age=2592000; preload" />
                </rule>
                <rule name="CSP">
                    <conditions>
                        <add input="{HTTPS}" pattern="on" />
                    </conditions>
                    <match serverVariable="RESPONSE_Content_Security_Policy" />
                    <action type="Rewrite" value="upgrade-insecure-requests;" />
                </rule>
            </outboundRules>
            <rewriteMaps>
                <rewriteMap name="ProtocolMap">
                    <add key="on" value="https" />
                    <add key="off" value="http" />
                </rewriteMap>
            </rewriteMaps>
        </rewrite>
        <httpProtocol>
            <customHeaders>
                <add name="X-Content-Type-Options" value="nosniff" />
                <add name="X-Frame-Options" value="deny" />
                <add name="X-XSS-Protection" value="1; mode=block" />
                <add name="X-UA-Compatible" value="IE=edge" />
            </customHeaders>
        </httpProtocol>
    </system.webServer>
</configuration>
	<?xml version="1.0" encoding="UTF-8"?>
	<configuration>
	<system.webServer>
	<rewrite>
	<rules>
	<!-- SEO Rules -->
	<rule name="StripSlashes" stopProcessing="true">
	<conditions>
	<add input="{UNENCODED_URL}" pattern="^([^\?])//(.)" />
	</conditions>
	<action type="Redirect" url="{C:1}/{C:2}" appendQueryString="false" />
	</rule>
	<rule name="RedirectCNAME" stopProcessing="true">
	<conditions>
	<add input="{HTTP_HOST}" pattern="^www\.(.+)$" />
	</conditions>
	<action type="Redirect" url="{ProtocolMap:{HTTPS}}://{C:1}{REQUEST_URI}" />
	</rule>
	<rule name="UpgradeInsecureRequests" stopProcessing="true">
	<conditions>
	<add input="{HTTPS}" pattern="off" />
	<add input="{HTTP_UPGRADE_INSECURE_REQUESTS}" pattern="1" />
	</conditions>
	<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" />
	</rule>

	<!-- Security Rules -->
	<rule name="BlockHiddenUrl" stopProcessing="true">
	<match url="(^\|/)\." />
	<conditions>
	<add input="{URL}" pattern="(^\|/)\.well-known/" negate="true" />
	</conditions>
	<action type="Rewrite" statusCode="403" statusReason="Forbidden" />
	</rule>
	</rules>
	<outboundRules>
	<rule name="HSTS">
	<conditions>
	<add input="{HTTPS}" pattern="on" />
	</conditions>
	<match serverVariable="RESPONSE_Strict_Transport_Security" />
	<action type="Rewrite" value="max-age=2592000; preload" />
	</rule>
	<rule name="CSP">
	<conditions>
	<add input="{HTTPS}" pattern="on" />
	</conditions>
	<match serverVariable="RESPONSE_Content_Security_Policy" />
	<action type="Rewrite" value="upgrade-insecure-requests;" />
	</rule>
	</outboundRules>
	<rewriteMaps>
	<rewriteMap name="ProtocolMap">
	<add key="on" value="https" />
	<add key="off" value="http" />
	</rewriteMap>
	</rewriteMaps>
	</rewrite>
	<httpProtocol>
	<customHeaders>
	<add name="X-Content-Type-Options" value="nosniff" />
	<add name="X-Frame-Options" value="deny" />
	<add name="X-XSS-Protection" value="1; mode=block" />
	<add name="X-UA-Compatible" value="IE=edge" />
	</customHeaders>
	</httpProtocol>
	</system.webServer>
	</configuration>