分享程序员开发的那些事...
更新时间:2023-09-04 23:20:46
I have an answer for the specific case of a child IIS Application here: https://***.com/a/25817317/292060. The child app seems to be the usual culprit, but isn't explicitly described in this question.
To try to answer the questions, here are my opinions from dealing with IIS and Microsoft for years. I don't have hard sources to cite; some of this is just gut feelings.
- Why? Is the intent still relevant?
I think it stemmed from the original "default document" feature, namely index.html. Websites wanted their home page to just be the domain, then this extended to subfolders. With url rewriting, the intent isn't relevant anymore - you can rewrite to your heart's content, and would rather IIS get out of the way. It's common to want friendly urls, and no trailing slash (except for the domain/website root - that is required to have a trailing slash, even if some browsers like Chrome get cute and hide it).
- Any security implications?
I think the only security implication was the original directory browsing. If you forgot to do a default document, and directory browsing was left turned on, then people could browse your website files. As far as I know, directory browsing has been long disabled as the default setting.
With any requests, whether trailing slash or not, url rewriting or not, your server and code need to withstand bad requests. This is true for all situations, not just specific to the slashes. http://xkcd.com/327/
- How can I disable it to make this work with a URL Rewrite rule "RemoveTrailingSlashRule"
I have an answer if the issue is the child application, here: https://***.com/a/25817317/292060 The summary is, in IIS:
If this question is for a more general issue, including regular subfolders even if not a child app, consider removing the "Is Not a Directory" from the rule, and let this redirect even when it sees a directory. That may work, or may create an infinite redirect loop, I'm not sure.