We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

URL Rewrite Module 2.0 for IIS 7 - Release Candidate LockedRSS

0 replies

Last post Nov 09, 2009 01:32 PM by ruslany

  • URL Rewrite Module 2.0 for IIS 7 - Release Candidate

    Nov 09, 2009 01:32 PM|ruslany|LINK

    The URL Rewrite Module 2.0 - Release Candidate is available for download. The release contains functionality and stability improvements and it is believed to have a quality level suitable for production deployments.

    Install the URL Rewrite Module 2.0 - RC

    To install the URL Rewrite Module 2.0 - RC, use the download links at the module's home page at http://www.iis.net/extensions/urlrewrite.


    • If a previous version of URL Rewrite Module, such as v1.0 and v1.1, is already installed then it will be upgraded to the v2.0 RC
    • If a beta version of the URL Rewrite Module 2.0 is already installed, then it has to be uninstalled before installing v2.0 RC.

    Changes since the beta release

    Here are the new features and changes that were added to the module in the RC release. For the complete list of the URL Rewrite 2.0 features refer to Using URL Rewrite Module 2.0.

    • Rewriting of HTTP response headers. Outbound rewrite rules can be used modify any existing HTTP response headers or to set new ones.
    • Logging of rewritten URLs. The rewrite rules can be configured to log the rewritten URL in IIS W3C logs as opposed to logging an originally requested URL.
    • Evaluating HTTP response headers from rewrite rules. The rewrite rules now can access and evaluate the values in the HTTP response headers.
    • Allow list for server variables. To prevent distributed rewrite rules from accidentally or purposefully modifying IIS server variables that may affect security or runtime behavior of a web application the modifiable server variables now have to be explicitly added to the allow list.
    • HtmlEncode function. Outbound rewrite rules may often use an un-trusted data (e.g. query string or HTTP headers) to build a replacement string to insert into the HTTP response. In those cases the HtmlEncode function should be used to prevent insertion of client-side scripts into the response, which could result in cross-site scripting vulnerability.
    • Updated user interface in IIS Manager. The user interface has been significantly improved to better represent the module configuration and to simplify such common tasks as configuring of rewrite rules and rewrite conditions.

    More information