网站开启了URL重写，用于屏蔽第三方抓取，但如何放行微信小程序读取

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <!-- URL重写规则配置 -->
    <rewrite>
      <rules>
        <!-- 规则1：放行微信小程序请求（停止后续规则） -->
        <rule name="Allow WeChat MiniProgram" stopProcessing="true">
          <match url=".*" />
          <conditions logicalGrouping="MatchAny">
            <!-- 匹配User-Agent包含微信小程序标识 -->
            <add input="{HTTP_USER_AGENT}" pattern="miniProgram|MicroMessenger|wechatdevtools" ignoreCase="true" />
            <!-- 匹配Referer包含微信官方域名（增强验证） -->
            <add input="{HTTP_REFERER}" pattern="servicewechat.com" ignoreCase="true" />
          </conditions>
          <action type="None" /> <!-- 放行，不执行任何操作 -->
        </rule>

        <!-- 规则2：屏蔽非微信小程序的请求（执行重写） -->
        <rule name="Block Non-MiniProgram Access" stopProcessing="true">
          <match url=".*" />
          <action type="Redirect" url="/anti_crawl.html" redirectType="Permanent" />
          <!-- 可选：直接拒绝访问（替换上面的action）
          <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Access denied" />
          -->
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <!-- 规则1：允许微信相关User-Agent -->
                <rule name="AllowWeChat" stopProcessing="true">
                    <match url=".*" />
                    <conditions>
                        <!-- 微信内置浏览器（公众号/小程序） -->
                        <add input="{HTTP_USER_AGENT}" pattern="MicroMessenger" />
                    </conditions>
                    <action type="None" />
                </rule>

                <!-- 规则2：阻止常见爬虫 -->
                <rule name="BlockCrawlers" stopProcessing="true">
                    <match url=".*" />
                    <conditions logicalGrouping="MatchAny">
                        <!-- 常见爬虫User-Agent -->
                        <add input="{HTTP_USER_AGENT}" pattern="bot|crawler|spider|scraper|httrack|wget|curl|libwww|python|java|scrapy" />
                        <!-- 特定爬虫 -->
                        <add input="{HTTP_USER_AGENT}" pattern="Googlebot|Baiduspider|Bingbot|YandexBot|Slurp|DuckDuckBot" />
                        <!-- 空User-Agent -->
                        <add input="{HTTP_USER_AGENT}" pattern="^$" />
                    </conditions>
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Access Denied" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <!-- 规则1：放行微信小程序请求 -->
        <rule name="Allow WeChat MiniProgram" stopProcessing="true">
          <match url=".*" ignoreCase="true" />
          <conditions logicalGrouping="MatchAny">
            <add input="{HTTP_USER_AGENT}" pattern="miniProgram|MicroMessenger|wechatdevtools" ignoreCase="true" />
            <add input="{HTTP_REFERER}" pattern="servicewechat.com" ignoreCase="true" negate="false" />
          </conditions>
          <action type="None" />
        </rule>

        <!-- 规则2：屏蔽非小程序请求（可选：二选一） -->
        <!-- 方式1：重定向到防抓取页面 -->
        <rule name="Block Non-MiniProgram Redirect" stopProcessing="true">
          <match url=".*" ignoreCase="true" />
          <action type="Redirect" url="/anti_crawl.html" redirectType="Permanent" />
        </rule>

        <!-- 方式2：直接返回403（注释掉方式1后启用）
        <rule name="Block Non-MiniProgram 403" stopProcessing="true">
          <match url=".*" ignoreCase="true" />
          <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Access denied" />
        </rule>
        -->
      </rules>
    </rewrite>

    <!-- 可选：开启详细错误（便于调试） -->
    <httpErrors errorMode="Detailed" />
    <asp scriptErrorSentToBrowser="true" />
  </system.webServer>
</configuration>

改写规则：

<rewrite>
    <rules>
        <!-- 规则1：允许微信小程序和公众号访问 -->
        <rule name="AllowWeChat" stopProcessing="true">
            <match url="^.*\.(jpg|png|zip|rar|ttf|otf|svg|gif|woff|eot|mp3|mp4|wav|css)$" />
            <conditions>
                <!-- 微信内置浏览器（包括小程序和公众号） -->
                <add input="{HTTP_USER_AGENT}" pattern="MicroMessenger" />
            </conditions>
            <action type="None" />
        </rule>

        <!-- 规则2：允许来自白名单域名的访问 -->
        <rule name="AllowReferer" stopProcessing="true">
            <match url="^.*\.(jpg|png|zip|rar|ttf|otf|svg|gif|woff|eot|mp3|mp4|wav|css)$" />
            <conditions>
                <add input="{HTTP_REFERER}" pattern="^https?://([^/]*\.)?(ziti163.com|ziti163.cn)/.*$" />
            </conditions>
            <action type="None" />
        </rule>

        <!-- 规则3：重定向其他所有访问（原规则） -->
        <rule name="tes1" enabled="true" stopProcessing="true">
            <match url="^.*\.(jpg|png|zip|rar|ttf|otf|svg|gif|woff|eot|mp3|mp4|wav|css)$" />
            <conditions>
                <add input="{HTTP_REFERER}" pattern="^https?://([^/]*\.)?(ziti163.com|ziti163.cn)/.*$" negate="true" />
            </conditions>
            <action type="Redirect" url="https://www.baidu.com/img/PCtm_d9c8750bed0b3c7d089fa7d55720d6cf.png" />
        </rule>
    </rules>
</rewrite>

方案三：增强版微信识别（推荐使用）

<rewrite>
    <rules>
        <rule name="ResourceProtection" enabled="true" stopProcessing="true">
            <match url="^.*\.(jpg|jpeg|png|gif|ico|bmp|zip|rar|7z|ttf|otf|svg|woff|woff2|eot|mp3|mp4|wav|css|js)$" />
            <conditions logicalGrouping="MatchAll">
                <!-- 不是来自白名单域名 -->
                <add input="{HTTP_REFERER}" pattern="^https?://([^/]*\.)?(ziti163\.(com|cn))/.*$" negate="true" />
                <!-- 不是微信访问 -->
                <add input="{HTTP_USER_AGENT}" pattern="(MicroMessenger|miniProgram|wechatdevtools)" negate="true" />
                <!-- 可选：允许空Referer（直接访问或某些APP） -->
                <!-- <add input="{HTTP_REFERER}" pattern="^$" negate="false" /> -->
            </conditions>
            <action type="Redirect" url="https://www.baidu.com/img/PCtm_d9c8750bed0b3c7d089fa7d55720d6cf.png" />
        </rule>
    </rules>
</rewrite>

问题分析
小程序User-Agent可能不包含MicroMessenger - 小程序可能使用独立的User-Agent

小程序可能不带Referer或Referer格式特殊

微信开发者工具和真机环境可能不同

解决方案
方案一：专门适配小程序的规

<rewrite>
    <rules>
        <rule name="AllowMiniProgram" stopProcessing="true">
            <match url="^.*\.(jpg|jpeg|png|gif|ico|bmp|zip|rar|7z|ttf|otf|svg|woff|woff2|eot|mp3|mp4|wav|css|js)$" />
            <conditions logicalGrouping="MatchAny">
                <!-- 微信小程序User-Agent特征 -->
                <add input="{HTTP_USER_AGENT}" pattern="miniProgram" />
                <!-- 微信开发者工具 -->
                <add input="{HTTP_USER_AGENT}" pattern="wechatdevtools" />
                <!-- 某些小程序User-Agent格式 -->
                <add input="{HTTP_USER_AGENT}" pattern="NetType/.*Language/.* MicroMessenger" />
                <!-- 请求头中包含小程序标识 -->
                <add input="{HTTP_X_WECHAT_SOURCE}" pattern=".*" />
                <add input="{HTTP_X_WECHAT_VERSION}" pattern=".*" />
            </conditions>
            <action type="None" />
        </rule>

        <rule name="ResourceProtection" enabled="true" stopProcessing="true">
            <match url="^.*\.(jpg|jpeg|png|gif|ico|bmp|zip|rar|7z|ttf|otf|svg|woff|woff2|eot|mp3|mp4|wav|css|js)$" />
            <conditions logicalGrouping="MatchAll">
                <!-- 不是来自白名单域名 -->
                <add input="{HTTP_REFERER}" pattern="^https?://([^/]*\.)?(ziti163\.(com|cn))/.*$" negate="true" />
                <!-- 不是微信访问 -->
                <add input="{HTTP_USER_AGENT}" pattern="MicroMessenger" negate="true" />
                <!-- 不是小程序访问 -->
                <add input="{HTTP_USER_AGENT}" pattern="miniProgram" negate="true" />
                <!-- 不是微信开发者工具 -->
                <add input="{HTTP_USER_AGENT}" pattern="wechatdevtools" negate="true" />
            </conditions>
            <action type="Redirect" url="https://www.baidu.com/img/PCtm_d9c8750bed0b3c7d089fa7d55720d6cf.png" />
        </rule>
    </rules>
</rewrite>

最终推荐方案（保守但有效）

<rewrite>
    <rules>
        <!-- 第一步：允许所有可能的情况 -->
        <rule name="AllowAllPossibleCases" stopProcessing="true">
            <match url="^.*\.(jpg|jpeg|png|gif|ico|bmp|zip|rar|7z|ttf|otf|svg|woff|woff2|eot|mp3|mp4|wav|css|js)$" />
            <conditions logicalGrouping="MatchAny">
                <!-- 来自白名单 -->
                <add input="{HTTP_REFERER}" pattern="^https?://([^/]*\.)?(ziti163\.(com|cn))/.*$" />
                <!-- 微信相关 -->
                <add input="{HTTP_USER_AGENT}" pattern="(MicroMessenger|miniProgram|wechatdevtools)" />
                <!-- 空Referer（很多APP都没有Referer） -->
                <add input="{HTTP_REFERER}" pattern="^$" />
                <!-- 直接访问（没有Referer） -->
                <add input="{HTTP_REFERER}" pattern="^https?://[^/]*$" />
            </conditions>
            <action type="None" />
        </rule>

        <!-- 第二步：阻止其他 -->
        <rule name="BlockOthers" enabled="true" stopProcessing="true">
            <match url="^.*\.(jpg|jpeg|png|gif|ico|bmp|zip|rar|7z|ttf|otf|svg|woff|woff2|eot|mp3|mp4|wav|css|js)$" />
            <action type="Redirect" url="https://www.baidu.com/img/PCtm_d9c8750bed0b3c7d089fa7d55720d6cf.png" />
        </rule>
    </rules>
</rewrite>