IIS 重写规则中的多个条件未被识别

我正在使用 IIS 重写规则来尝试重定向子域 - 例如

• 来自：

  www.example.com

• 致：

  example.com

或者

• 来自：

  this.example.com

• 致：

  example.com

规则：

<rule name="RedirectAll" enabled="true" stopProcessing="false">
   <match url="(.*)" />
      <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
         <add input="{HTTP_HOST}" pattern="^(www\.)(.*)$" />
         <add input="{HTTP_HOST}" pattern="^(this\.)(.*)$" />
      </conditions>
   <action type="Redirect" url="https://{C:2}{REQUEST_URI}" redirectType="Permanent" />
</rule>

www

重定向有效，但规则的

this

部分不会触发，因此，如果我转到

this.example.com

，我最终会得到以下响应：

您的连接不是私人的 攻击者可能试图窃取您的 来自 this.example.com 的信息（例如密码、消息 或信用卡）。了解更多NET::ERR_CERT_COMMON_NAME_INVALID

我并不是在寻求有关该错误的帮助，因为我意识到该错误是因为我没有链接到子域的证书。

即使我更改规则并删除

www

部分，

this

条件也不会触发：

<rule name="RedirectAll" enabled="true" stopProcessing="false">
   <match url="(.*)" />
      <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
         <add input="{HTTP_HOST}" pattern="^(this\.)(.*)$" />
      </conditions>
   <action type="Redirect" url="https://{C:2}{REQUEST_URI}" redirectType="Permanent" />
</rule>

如果我在 IIS 中测试上述规则

this

它工作正常：

为什么在网站上使用时只有

www

条件有效，而

this

测试不起作用，即使根据屏幕截图测试这两个规则时，两者都工作正常？

一旦该规则包含在 web.config 中并与现有设置一起包含，IIS 是否会忽略除

wwww

规则之外的任何内容？

下面列出了完整的 web.config。

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <httpErrors errorMode="Custom" defaultResponseMode="ExecuteURL">
            <remove statusCode="500" subStatusCode="100" />
            <remove statusCode="500" subStatusCode="-1" />
            <remove statusCode="404" subStatusCode="-1" />
            <error statusCode="404" path="/error_404.asp" responseMode="ExecuteURL" />
            <error statusCode="500" prefixLanguageFilePath="" path="/error_500.asp" responseMode="ExecuteURL" />
            <error statusCode="500" subStatusCode="100" path="/error_500.asp" responseMode="ExecuteURL" />
        </httpErrors>
        <rewrite>
            <!-- https://blog.elmah.io/web-config-redirects-with-rewrite-rules-https-www-and-more/ -->
            <rules>
                <rule name="RedirectToHTTPS" enabled="true" stopProcessing="true">
                  <match url="(.*)" />
                  <conditions>
                    <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                  </conditions>
                  <action type="Redirect" url="https://{SERVER_NAME}/{R:1}" redirectType="Permanent" />
                </rule>
                <rule name="RedirectAll" enabled="true" stopProcessing="false">
                   <match url="(.*)" />
                      <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
                         <add input="{HTTP_HOST}" pattern="^(www\.)(.*)$" />
                         <add input="{HTTP_HOST}" pattern="^(this\.)(.*)$" />
                      </conditions>
                   <action type="Redirect" url="https://{C:2}{REQUEST_URI}" redirectType="Permanent" />
                </rule>
                <!-- https://sublimecoding.com/blocking-bots-in-iis/ Added 30th September 2020 -->
                <rule name="RequestBlockingRule1" enabled="true" stopProcessing="true">
                    <match url=".*" />
                    <conditions>
                        <add input="{HTTP_USER_AGENT}" matchType="Pattern" pattern="^$|EasouSpider|Add Catalog|PaperLiBot|Spiceworks|ZumBot|RU_Bot|Wget|Java/1.7.0_25|Slurp|FunWebProducts|80legs|Aboundex|AcoiRobot|Acoon Robot|AhrefsBot|aihit|AlkalineBOT|AnzwersCrawl|Arachnoidea|ArchitextSpider|archive|Autonomy Spider|Baiduspider|BecomeBot|benderthewebrobot|BlackWidow|Bork-edition|Bot mailto:[email protected]|botje|catchbot|changedetection|Charlotte|ChinaClaw|commoncrawl|ConveraCrawler|Covario|crawler|curl|Custo|data mining development project|DigExt|DISCo|discobot|discoveryengine|DOC|DoCoMo|DotBot|Download Demon|Download Ninja|eCatch|EirGrabber|EmailSiphon|EmailWolf|eurobot|Exabot|Express WebPictures|ExtractorPro|EyeNetIE|Ezooms|Fetch|Fetch API|filterdb|findfiles|findlinks|FlashGet|flightdeckreports|FollowSite Bot|Gaisbot|genieBot|GetRight|GetWeb!|gigablast|Gigabot|Go-Ahead-Got-It|Go!Zilla|GrabNet|Grafula|GT::WWW|hailoo|heritrix|HMView|houxou|HTTP::Lite|HTTrack|ia_archiver|IBM EVV|id-search|IDBot|Image Stripper|Image Sucker|Indy Library|InterGET|Internet Ninja|internetmemory|ISC Systems iRc Search 2.1|JetCar|JOC Web Spider|k2spider|larbin|larbin|LeechFTP|libghttp|libwww|libwww-perl|linko|LinkWalker|lwp-trivial|Mass Downloader|metadatalabs|MFC_Tear_Sample|Microsoft URL Control|MIDown tool|Missigua|Missigua Locator|Mister PiX|MJ12bot|MOREnet|MSIECrawler|msnbot|naver|Navroad|NearSite|Net Vampire|NetAnts|NetSpider|NetZIP|NextGenSearchBot|NPBot|Nutch|Octopus|Offline Explorer|Offline Navigator|omni-explorer|PageGrabber|panscient|panscient.com|Papa Foto|pavuk|pcBrowser|PECL::HTTP|PHP/|PHPCrawl|picsearch|pipl|pmoz|PredictYourBabySearchToolbar|RealDownload|Referrer Karma|ReGet|reverseget|rogerbot|ScoutJet|SearchBot|seexie|seoprofiler|Servage Robot|SeznamBot|shopwiki|sindice|sistrix|SiteSnagger|SiteSnagger|smart.apnoti.com|SmartDownload|Snoopy|Sosospider|spbot|suggybot|SuperBot|SuperHTTP|SuperPagesUrlVerifyBot|Surfbot|SurveyBot|SurveyBot|swebot|Synapse|Tagoobot|tAkeOut|Teleport|Teleport Pro|TeleportPro|TweetmemeBot|TwengaBot|twiceler|UbiCrawler|uptimerobot|URI::Fetch|urllib|User-Agent|VoidEYE|VoilaBot|WBSearchBot|Web Image Collector|Web Sucker|WebAuto|WebCopier|WebCopier|WebFetch|WebGo IS|WebLeacher|WebReaper|WebSauger|Website eXtractor|Website Quester|WebStripper|WebStripper|WebWhacker|WebZIP|WebZIP|Wells Search II|WEP Search|Widow|winHTTP|WWWOFFLE|Xaldon WebSpider|Xenu|yacybot|yandex|YandexBot|YandexImages|yBot|YesupBot|YodaoBot|yolinkBot|youdao|Zao|Zealbot|Zeus|ZyBORG|PetalBot|petalbot|aiohttp|Yahoo Ad monitoring" ignoreCase="true" negate="false" />
                    </conditions>
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
                </rule>
            </rules>
        </rewrite>
        <httpCompression directory="%SystemDrive%\websites\_compressed" minFileSizeForComp="1024" noCompressionForProxies="false" noCompressionForHttp10="false">
            <scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" />
            <staticTypes>
                <add mimeType="text/*" enabled="true" />
                <add mimeType="message/*" enabled="true" />
                <add mimeType="application/javascript" enabled="true" />
                <add mimeType="application/json" enabled="true" />
                <add mimeType="image/jpeg" enabled="true" />
                <add mimeType="image/gif" enabled="true" />
                <add mimeType="image/png" enabled="true" />
                <add mimeType="application/javascript" enabled="true" />
                <add mimeType="text/css" enabled="true" />
                <add mimeType="*/*" enabled="false" />
            </staticTypes>
        </httpCompression>
        <staticContent>
         <clientCache cacheControlCustom="public" cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00" />
        </staticContent>
        <tracing>
            <traceFailedRequests>
                <remove path="*" />
            </traceFailedRequests>
        </tracing>
        <security>
            <requestFiltering>
                <filteringRules>
                    <remove name="BlockBots" />
                </filteringRules>
            </requestFiltering>
        </security>
    </system.webServer>
</configuration>