Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

Minesh Shah (Netcel)
Feb 28, 2023
(5 votes)

URL Rewrites in CMS12 (.Net 6)

URL rewriting is a common technique used in web applications to create user-friendly URLs that are easier to understand, provide consistency and have SEO benefits. In the past, URL rewriting was commonly accomplished using IIS URL Rewrite module. However, with the release of .NET Core, the process of rewriting URLs has undergone some changes.

Microsoft has introduced a new URL rewriting middleware called Microsoft.AspNetCore.Rewrite. This middleware is part of the ASP.NET Core framework and is designed to rewrite URLs in a much more flexible and efficient way.

One of the key benefits of using the Microsoft.AspNetCore.Rewrite middleware is that it allows URL rewriting without requiring IIS or any other web server. This means that we can create Optimizely Solutions that are completely self-contained and can be run on any platform.

Here is an example of how to use the Microsoft.AspNetCore.Rewrite middleware in .NET 6 to handle some common conventions like redirecting to https, enforcing lowercase urls and adding trailing slash to the end of all URLs:

Lower Case URL – Implement IRule Base Rule

    public class LowercaseUrlsRule : IRule
        public int StatusCode { get; } = (int)HttpStatusCode.MovedPermanently;

        public void ApplyRule(RewriteContext context)
            HttpRequest request = context.HttpContext.Request;
            PathString path = context.HttpContext.Request.Path;
            HostString host = context.HttpContext.Request.Host;

            if (path.HasValue && path.Value.Any(char.IsUpper) || host.HasValue && host.Value.Any(char.IsUpper))
                HttpResponse response = context.HttpContext.Response;
                response.StatusCode = StatusCode;
                response.Headers[HeaderNames.Location] = (request.Scheme + "://" + host.Value + request.PathBase.Value + request.Path.Value).ToLower() + request.QueryString;
                context.Result = RuleResult.EndResponse;
                context.Result = RuleResult.ContinueRules;

Use Rules in Middleware Startup.cs

In the example below we are using the RewriteOptions class to define paths that should be negated, and adding the rules for forcing HTTPS, Lowercase and Trailing Slashes. I have explicitly added below app.UseStaticFiles() so the rules do not get added to files like css, javascript or images.


        var options = new RewriteOptions()
            .Add(context =>
                    if (context.HttpContext.Request.Path.StartsWithSegments("/util") || 
                        context.HttpContext.Request.Path.StartsWithSegments("/episerver") || 
                        context.Result = RuleResult.SkipRemainingRules;
            // Redirect to HTTPS
            // Enforce lower case. 
            .Add(new LowercaseUrlsRule())
            // Enforce trailing slash.
            .AddRedirect("(.*[^/])$", "$1/");


These techniques are not Optimizely specific and can be applied to any .Net Solution, more info on IRule based rewrites can be found here

Feb 28, 2023


EVT Jul 25, 2023 10:37 AM


response.Headers[HeaderNames.Location] = url.ToLowerInvariant() + request.QueryString;

fails if there is a non ascii character in the URL. Perhaps it should be changed to 

response.Headers[HeaderNames.Location] = UriHelper.Encode(new Uri((request.Scheme + "://" + host.Value + request.PathBase.Value + request.Path.Value).ToLower() + request.QueryString));

Please login to comment.
Latest blogs
A day in the life of an Optimizely Developer - Optimizely CMS 12: The advantages and considerations when exploring an upgrade

GRAHAM CARR - LEAD .NET DEVELOPER, 28 Nov 2023 In 2022, Optimizely released CMS 12 as part of its ongoing evolution of the platform to help provide...

Graham Carr | Nov 28, 2023

A day in the life of an Optimizely Developer - OptiUKNorth Meetup January 2024

It's time for another UK North Optimizely meet up! After the success of the last one, Ibrar Hussain (26) and Paul Gruffydd (Kin + Carta) will be...

Graham Carr | Nov 28, 2023

Publish content to Optimizely CMS using a custom GPT from OpenAI 🤖

Do you find the traditional editor interface complicated and cluttered? Would you like an editorial AI assistant you can chat with? You can!

Tomas Hensrud Gulla | Nov 28, 2023 | Syndicated blog

Optimizely Graph and Next.js: Building Scalable Headless Solutions

Optimizely Graph harnesses the capabilities of GraphQL, an intuitive and efficient query language to, transform content within an Optimizely CMS in...

Szymon Uryga | Nov 27, 2023

Getting Started with Optimizely SaaS Core and Next.js Integration: Testing Content Updates

The blog post discusses the challenges of content updates on a website using Optimizely CMS, Next.js, and the Apollo Client due to Apollo's local...

Francisco Quintanilla | Nov 27, 2023 | Syndicated blog

Performance optimization – the hardcore series – part 4

Let’s take a break from the memory allocation, and do some optimization on another aspect, yet as important (if not even more important) – database...

Quan Mai | Nov 25, 2023 | Syndicated blog