stevewithington · November 9, 2020 18:25
diff --git a/web.config b/web.config
 <?xml version="1.0" encoding="UTF-8"?>
 <configuration>
 	<system.webServer>
 		<rewrite>
 			<rules>
 				<clear />
 				<!-- `stopProcessing` is irrelavent for `redirect` rules -->

 				<rule name="MAINTENANCE MODE" enabled="true">
 					<match url="^(.*)$" ignoreCase="true" />
 					<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
            					<!-- Add your IP Address to the `pattern` attribute and uncomment to allow yourself to navigate the site -->
 						<!-- <add input="{REMOTE_ADDR}" pattern="^12\.34\.56\.78" ignoreCase="false" negate="true" /> -->
            
            					<!-- This assumes you have a file named `maintenance.html` at the ROOT of your site -->
 						<add input="{URL}" pattern="^/maintenance\.html$" negate="true" />
 						<add input="{URL}" pattern="\.(jpe?g?|png|gif|css|js|ico)" negate="true" />
 					</conditions>
 					<action type="Redirect" url="https://{HTTP_HOST}/maintenance.html" redirectType="Temporary" appendQueryString="false" />
 				</rule>

 				<rule name="Enforce HTTPS" enabled="true">
 					<match url="^(.*)$" ignoreCase="true" />
 					<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
 						<add input="{HTTPS}" pattern="off" />
 					</conditions>
 					<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
 				</rule>
 			</rules>

 			<outboundRules>
 				<rule name="AddSameSiteCookieFlag">
 					<match serverVariable="RESPONSE_Set-Cookie" pattern="^(.*)(CFID|CFTOKEN|JSESSIONID)(=.*)$" />
 					<action type="Rewrite" value="{R:0};SameSite=None;Secure" />
 				</rule>
 			</outboundRules>

 		</rewrite>

 		<httpProtocol allowKeepAlive="true" />
 		<httpErrors errorMode="Detailed" />
 	</system.webServer>
 	<system.web>
 		<httpCookies httpOnlyCookies="true" requireSSL="true" sameSite="Lax" />
 		<sessionState mode="Off" />
 	</system.web>
 </configuration>
	<?xml version="1.0" encoding="UTF-8"?>
	<configuration>
	<system.webServer>
	<rewrite>
	<rules>
	<clear />
	<!-- `stopProcessing` is irrelavent for `redirect` rules -->

	<rule name="MAINTENANCE MODE" enabled="true">
	<match url="^(.*)$" ignoreCase="true" />
	<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
	<!-- Add your IP Address to the `pattern` attribute and uncomment to allow yourself to navigate the site -->
	<!-- <add input="{REMOTE_ADDR}" pattern="^12\.34\.56\.78" ignoreCase="false" negate="true" /> -->

	<!-- This assumes you have a file named `maintenance.html` at the ROOT of your site -->
	<add input="{URL}" pattern="^/maintenance\.html$" negate="true" />
	<add input="{URL}" pattern="\.(jpe?g?\|png\|gif\|css\|js\|ico)" negate="true" />
	</conditions>
	<action type="Redirect" url="https://{HTTP_HOST}/maintenance.html" redirectType="Temporary" appendQueryString="false" />
	</rule>

	<rule name="Enforce HTTPS" enabled="true">
	<match url="^(.*)$" ignoreCase="true" />
	<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
	<add input="{HTTPS}" pattern="off" />
	</conditions>
	<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
	</rule>
	</rules>

	<outboundRules>
	<rule name="AddSameSiteCookieFlag">
	<match serverVariable="RESPONSE_Set-Cookie" pattern="^(.)(CFID\|CFTOKEN\|JSESSIONID)(=.)$" />
	<action type="Rewrite" value="{R:0};SameSite=None;Secure" />
	</rule>
	</outboundRules>

	</rewrite>

	<httpProtocol allowKeepAlive="true" />
	<httpErrors errorMode="Detailed" />
	</system.webServer>
	<system.web>
	<httpCookies httpOnlyCookies="true" requireSSL="true" sameSite="Lax" />
	<sessionState mode="Off" />
	</system.web>
	</configuration>