mrh*_*des 10 iis cookies rewrite httponly
我找到了许多将HttpOnly添加到我的cookie中的例子,但它对我不起作用,我不知道为什么.我发现的所有例子都是一样的,我从我找到的一个帖子中复制了这个例子.我在IIS 7.0下使用.NET 3.5.希望有人可以告诉我我做错了什么?谢谢
<rewrite>
<outboundRules>
<rule name="Add HttpOnly" preCondition="No HttpOnly">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; HttpOnly" />
<conditions>
</conditions>
</rule>
<preConditions>
<preCondition name="No HttpOnly">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; HttpOnly" negate="true" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
UPDATE
我想出了如何打开跟踪,发现preCondition正在查看所有cookie,而不是每个cookie.
所以不要评估
Set-Cookie: myC5=we have S Cookie; path=/; secure
Set-Cookie: myC6=we have S Cookie; path=/; secure
Set-Cookie: myC7=we have S Cookie; path=/; secure; HttpOnly
正在评估中
myC5=we have S Cookie; path=/; secure,myC6=we have S Cookie; path=/; secure,myC7=we have S Cookie; path=/; secure; HttpOnly
由于整个字符串有; HttpOnly在其中,preCondition失败了.
我如何通过这个?有任何想法吗?
Lia*_*iam 13
我终于通过了这个,所以我想发布其他可能遇到这个问题的人.我删除了我的preConditions并使用了条件.然后我不得不使用后向引用来获取单个cookie.
<rewrite>
<outboundRules>
<rule name="Add HttpOnly">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" />
<conditions>
<add input="{R:0}" pattern="; HttpOnly" negate="true" />
</conditions>
<action type="Rewrite" value="{R:0}; HttpOnly" />
</rule>
<rule name="Add Secure">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" />
<conditions>
<add input="{R:0}" pattern="; Secure" negate="true" />
</conditions>
<action type="Rewrite" value="{R:0}; Secure" />
</rule>
</outboundRules>
</rewrite>
希望这可以帮助将来的某个人.
| 归档时间: |
|
| 查看次数: |
9371 次 |
| 最近记录: |