Introduction
I was asked to show a maintenance page during the
deployment for our website for a specific duration, at the same time, the website should be accessible for specific
IPs
for our development team to make the sanity check, once this is done, we should remove the maintenance page so the
end-user can access the website again.
I googled a lot and I found some articles regarding applying this
approach using some C# code, but I need something simple without writing any code or affecting our website.
The Idea
We will use the rewrite rule in IIS to redirect all traffic to the maintenance page, and at the same time, we will use it to allow specific IPs to access the website normally.
Steps
- Add
the maintenance HTML page to your website root and name it #App_Offline.htm
(If you removed the hashtag from the file name, that will force the website to "shut down" and display the content of the "App_Offline.htm" file itself, use this method if you don't want to whitelist specific IPs) - Add
the below XML to your website web.config file that is in your website folder (create it if
this file is not there already)
01020304050607080910111213141516171819202122<?
xml
version
=
"1.0"
encoding
=
"UTF-8"
?>
<
configuration
>
<
system.webServer
>
<
rewrite
>
<
rules
>
<
rule
name
=
"RequestBlockingDuringDowntime"
enabled
=
"true"
patternSyntax
=
"Wildcard"
stopProcessing
=
"true"
>
<
match
url
=
"*"
/>
<
conditions
logicalGrouping
=
"MatchAll"
trackAllCaptures
=
"true"
>
<!-- IP1 -->
<
add
input
=
"{HTTP_X_FORWARDED_FOR}"
pattern
=
"156.215.114.99"
negate
=
"true"
/>
<!-- IP2 -->
<
add
input
=
"{HTTP_X_FORWARDED_FOR}"
pattern
=
"156.219.163.72"
negate
=
"true"
/>
<!-- IP3 -->
<
add
input
=
"{REMOTE_ADDR}"
pattern
=
"10.30.1.12"
negate
=
"true"
/>
</
conditions
>
<
action
type
=
"Rewrite"
url
=
"#App_Offline.htm"
/>
</
rule
>
</
rules
>
</
rewrite
>
</
system.webServer
>
</
configuration
>
Explanation
Any HTTP request has some headers that define the operating parameters for an HTTP transaction, from these headers,
we're interested only in two of them, the REMOTE_ADDR which returns the IP address of the remote
host making the request and the HTTP_X_FORWARDED_FOR which identifying the originating IP address
of a client connecting to a web server through an HTTP proxy or load balancer.
If the server that hosts
your website is under a load balancer, then probably you will use HTTP_X_FORWARDED_FOR instead
of REMOTE_ADDR