The URL Rewrite Module 2.0 – Release Candidate is available for download. The release contains functionality and stability improvements and it is believed to have a quality level suitable for production deployments.
Microsoft URL Rewrite Module 2.0 for IIS 7 is an incremental release that includes all the features from version 1.1, and adds support for outbound response headers and content rewriting. More specifically, it can be used to:
- Replace the URLs generated by a web application in the response HTML with a more user friendly and search engine friendly equivalent
- Modify the links in the HTML markup generated by a web application behind a reverse proxy.
- Fix up the content of any HTTP response by using regular expression pattern matching.
- Modify HTTP request headers and IIS server variables.
- Modify HTTP response headers
Install the URL Rewrite Module 2.0 – RC
To install the URL Rewrite Module 2.0 – RC, use the download links at the module’s home page at http://www.iis.net/extensions/urlrewrite.
- If a previous version of URL Rewrite Module, such as v1.0 and v1.1, is already installed then it will be upgraded to the v2.0 RC
- If a beta version of the URL Rewrite Module 2.0 is already installed, then it has to be uninstalled before installing v2.0 RC.
Changes since the beta release
Here are the new features and changes that were added to the module in the RC release. For the complete list of the URL Rewrite 2.0 features refer to Using URL Rewrite Module 2.0.
- Rewriting of HTTP response headers. Outbound rewrite rules can be used modify any existing HTTP response headers or to set new ones.
- Logging of rewritten URLs. The rewrite rules can be configured to log the rewritten URL in IIS W3C logs as opposed to logging an originally requested URL.
- Evaluating HTTP response headers from rewrite rules. The rewrite rules now can access and evaluate the values in the HTTP response headers.
- Allow list for server variables. To prevent distributed rewrite rules from accidentally or purposefully modifying IIS server variables that may affect security or runtime behavior of a web application the modifiable server variables now have to be explicitly added to the allow list.
- HtmlEncode function. Outbound rewrite may often use an un-trusted data (e.g. query string or HTTP headers) to build a replacement string to insert into the HTTP response. In those cases the HtmlEncode function should be used to prevent insertion of client-side scripts into the response, which could result in cross-site scripting vulnerability.
- Updated user interface in IIS Manager. The user interface has been significantly improved to better represent the module configuration and to simplify such common tasks as configuring of rewrite rules and rewrite conditions.
- Using URL Rewrite Module 2.0
- Creating Outbound Rewrite Rules for URL Rewrite Module
- Reverse Proxy with URL Rewrite and Application Request Routing
- Setting HTTP Request Headers and IIS Server Variables
- Modifying HTTP Response Headers
- Using Outbound Rules to Add Web Analytics Tracking Code
- URL Rewrite Module 2.0 – Configuration Reference