IIS remove index.php

iis

Below are my web.config, my problem is when access the www.domain.com it will forward to www.domain.com/index.php but some will stay on www.domain.com (without the index.php)

How do I ensure even user access using index.php it will redirect to / ?

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <directoryBrowse enabled="true" />
        <defaultDocument>
            <files>
                <clear />
        <add value="index.php" />
                <add value="Default.htm" />
                <add value="Default.asp" />
                <add value="index.htm" />
                <add value="Default.aspx" />
            </files>
        </defaultDocument>
        <httpErrors>
            <remove statusCode="403" subStatusCode="-1" />
            <error statusCode="403" prefixLanguageFilePath="" path="https://www.domain.com" responseMode="Redirect" />
        </httpErrors>
    </system.webServer>
</configuration>

Best Answer

If you want your index document rewritten to the base of the path in the URI, do the following:

Install the URL Rewrite Module 2.0 for IIS
Use the following rule to accomplish your rewrites:

<rule name="Default document rewrite" stopProcessing="true">
  <match url="(.*)index.php" />
  <action type="Redirect" url="{R:1}" redirectType="Permanent" />
</rule>

Related Solutions

How to Determine the Installed Version of IIS

As a more general answer, not specifically aimed at your question, Microsoft has a support article which lists all old versions and the operating systems that provide each one.

IIS version   Built-in  
5.0           Windows 2000
5.1           Windows XP Pro
6.0           Windows Server 2003
7.0           Windows Vista and Windows Server 2008
7.5           Windows 7 and Windows Server 2008 R2
8.0           Windows 8 and Windows Server 2012

Current versions are on Wikipedia

8.5           Windows 8.1 and Windows Server 2012 R2
10.0 v1607    Windows Server 2016 and Windows 10.*
10.0 v1709    Windows Server 2016 v1709 and Windows 10.*
10.0 v1809    Windows Server 2019  and Windows 10.* October

IIS ASP.NET – How to Remove IIS/ASP.NET Response Headers

Your security department wants you to do this to make the server type harder to identify. This may lessen the barrage of automated hacking tools and make it more difficult for people to break into the server.

Within IIS, open the web site properties, then go to the HTTP Headers tab. Most of the X- headers can be found and removed here. This can be done for individual sites, or for the entire server (modify the properties for the Web Sites object in the tree).

For the Server header, on IIS6 you can use Microsoft's URLScan tool to remote that. Port 80 Software also makes a product called ServerMask that will take care of that, and a lot more, for you.

For IIS7 (and higher), you can use the URL Rewrite Module to rewrite the server header or blank it's value. In web.config (at a site or the server as a whole), add this content after the URL Rewrite Module has been installed:

<rewrite>    
  <outboundRules rewriteBeforeCache="true">
    <rule name="Remove Server header">
      <match serverVariable="RESPONSE_Server" pattern=".+" />
      <action type="Rewrite" value="" />
    </rule>
  </outboundRules>
</rewrite>

You can put a custom value into the rewrite action if you'd like. This sample sourced from this article which also has other great information.

For the MVC header, in Global.asax:

MvcHandler.DisableMvcResponseHeader = true;

Edited 11-12-2019 to update the IIS7 info since the TechNet blog link was no longer valid.

Best Answer

Related Solutions

How to Determine the Installed Version of IIS

IIS ASP.NET – How to Remove IIS/ASP.NET Response Headers

Related Topic