forked from inexorabletash/travellermap
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Web.config.sample
159 lines (144 loc) · 7.54 KB
/
Web.config.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
<?xml version="1.0"?>
<configuration>
<system.web>
<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to enable ASPX debugging. Otherwise, setting this value to
false will improve runtime performance of this application.
Set compilation debug="true" to insert debugging symbols (.pdb information)
into the compiled page. Because this creates a larger file that executes
more slowly, you should set this value to true only when debugging and to
false at all other times. For more information, refer to the documentation about
debugging ASP.NET files.
-->
<compilation defaultLanguage="c#" debug="true" targetFramework="4.5.1"/>
<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.
"On" Always display custom (friendly) messages.
"Off" Always display detailed ASP.NET error information.
"RemoteOnly" Display custom (friendly) messages only to users not running
on the local Web server. This setting is recommended for security purposes, so
that you do not display application detail information to remote clients.
-->
<customErrors mode="Off"/>
<!-- AUTHENTICATION
This section sets the authentication policies of the application. Possible modes are "Windows",
"Forms", "Passport" and "None"
"None" No authentication is performed.
"Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to
its settings for the application. Anonymous access must be disabled in IIS.
"Forms" You provide a custom form (Web page) for users to enter their credentials, and then
you authenticate them in your application. A user credential token is stored in a cookie.
"Passport" Authentication is performed via a centralized authentication service provided
by Microsoft that offers a single logon and core profile services for member sites.
-->
<authentication mode="None"/>
<!-- AUTHORIZATION
This section sets the authorization policies of the application. You can allow or deny access
to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<allow users="*"/>
<!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>
<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page within an application.
Set trace enabled="true" to enable application trace logging. If pageOutput="true", the
trace information will be displayed at the bottom of each page. Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your web application
root.
-->
<trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true"/>
<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong to a particular session.
If cookies are not available, a session can be tracked by adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState mode="Off" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="true" timeout="20"/>
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization requestEncoding="utf-8" responseEncoding="utf-8" fileEncoding="utf-8"/>
<xhtmlConformance mode="Legacy"/>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
<!-- Disable most ASP.NET request validation -->
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="<,>,%,&,:,\,?"/>
</system.web>
<system.webServer>
<urlCompression doStaticCompression="true" doDynamicCompression="true"/>
<!-- Disable WebDAV so ASP.NET can handle OPTIONS header for CORS requests. -->
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule" />
<!-- <add name="PageFooter" type="Maps.HTTP.PageFooter" /> -->
</modules>
<!-- Enable CORS -->
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
<!-- Pass URLs with things like + along to routing. -->
<security>
<requestFiltering allowDoubleEscaping="true" />
</security>
<rewrite>
<rules>
<rule name="Remove www" stopProcessing="true">
<match url="(.*)" ignoreCase="true" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="^www\.(.+)$" />
</conditions>
<action type="Redirect" url="https://{C:1}/{R:1}" redirectType="Permanent" />
</rule>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTPS}" pattern="off" />
<add input="{HTTP_HOST}" pattern="localhost" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
<rule name="Extensionless Pages" stopProcessing="true">
<match url="^(world|(doc|make|print|tools)/\w+)$"/>
<action type="Rewrite" url="{R:0}.html"/>
</rule>
</rules>
</rewrite>
<handlers>
<remove name="WebDAV"/>
<remove name="OPTIONSVerbHandler"/>
</handlers>
<!-- Allow cache of static content for 24 hours -->
<staticContent>
<clientCache cacheControlCustom="public" cacheControlMode="UseMaxAge" cacheControlMaxAge="24:00:00"/>
<remove fileExtension=".json"/> <!-- May be present already in IIS8 -->
<mimeMap fileExtension=".json" mimeType="application/json" />
<remove fileExtension=".svg"/> <!-- May be present already in IIS8 -->
<mimeMap fileExtension=".svg" mimeType="image/svg+xml"/>
<mimeMap fileExtension=".sec" mimeType="text/plain"/>
<mimeMap fileExtension=".msec" mimeType="text/plain"/>
<mimeMap fileExtension=".t5col" mimeType="text/plain"/>
<mimeMap fileExtension=".t5tab" mimeType="text/plain"/>
<mimeMap fileExtension=".tab" mimeType="text/plain"/>
</staticContent>
<!-- Custom HTTP error pages -->
<httpErrors existingResponse="Auto" errorMode="Custom">
<remove statusCode="404" subStatusCode="-1"/>
<error statusCode="404" prefixLanguageFilePath="" path="404.html" responseMode="File"/>
</httpErrors>
</system.webServer>
<connectionStrings>
<add name="SqlDev" connectionString="DEVELOPMENT_CONNECTION_STRING" providerName="System.Data.SqlClient"/>
<add name="SqlProd" connectionString="PRODUCTION_CONNECTION_STRING" providerName="System.Data.SqlClient"/>
</connectionStrings>
<appSettings>
<add key="AdminKey" value="YOUR_KEY_HERE"/>
<!-- <add key="PageFooter" value="PAGE_FOOTER_HERE"/> -->
</appSettings>
</configuration>