Summary

Note: The changes documented in this article are included with Laserfiche 11 Update 1.

Administrators can use the URL Rewrite module for IIS to to insert a cache-control header in web client responses. If the URL Rewrite module is not installed for the IIS hosting the web client, please download the extension from the official Microsoft website.

If you have Laserfiche web client 10.4.2 Update 1 installed, perform the following steps:

1. Open the outbountRules.config configuration file for your Web client installation. By default, the configuration file is located at C:\Program Files\Laserfiche\Web Access\Web Files.
2. Create a new rule within the <outboundRules> node by appending the following new <rule> block:

   <rule name="Set Cache-Control cacheability">
       <match serverVariable="RESPONSE_Cache-Control" pattern=".*" />
       <action type="Rewrite" value="no-cache, no-store, must-revalidate" />
   </rule>

3. Save the changes to outboundRules.config.

Saving the rule to will configure the web client to rewrite the "Cache-Control" header in a web client responses to:

no-cache, no-store, must-revalidate

Additional Information

If you are using a previous version of Laserfiche web client 10.x, perform the following steps before adding the cache-control rule.

1. Open the web client web.config file in a text editor. By default, the web client web.config is located at C:\Program Files\Laserfiche\Web Access\Web Files\web.config.
2. Look for the <system.web> block.
3. Within the <system.web> block, add the following line:

   <httpCookies requireSSL="true"/>

4. Under <system.webserver>, look for the <rewrite> block.
5. Within the <rewrite> block, add the following line:

    <outboundRules configSource="outboundRules.config"/> 

6. Save your changes to the web.config file.
7. Within the same directory as the web client's web.config file (e.g., C:\Program Files\Laserfiche\Web Access\Web Files), create a new file in a text editor and name the file outboundRules.config.
8. Save the following to outboundRules.config:

    
   <outboundRules>
     <rule name="Set SameSite to None in the middle">
       <match serverVariable="RESPONSE_Set_Cookie" pattern="(.*)SameSite=([a-zA-Z]+);(.*)" negate="false" />
       <action type="Rewrite" value="{R:1}SameSite=None;Secure;{R:3}" />
     </rule>
     <rule name="Set SameSite to None at the end">
       <match serverVariable="RESPONSE_Set_Cookie" pattern="(.*)SameSite=" negate="false" />
       <action type="Rewrite" value="{R:1}SameSite=None;Secure" />
     </rule>
     <rule name="Add SameSite if it does not exist">
       <match serverVariable="RESPONSE_Set_Cookie" pattern=".*"/>
       <conditions logicalGrouping="MatchAll">
         <add input="{R:0}" pattern="(.*)SameSite=" negate="true"/>
       </conditions>
       <action type="Rewrite" value="{R:0}; SameSite=None;Secure" />
     </rule>
   </outboundRules> 

9. Save the changes to outboundRules.config.