IIS7 and ARR as reverse proxy for Subversion

iis-7 svn reverse-proxy

Solution 1:

IIS7 has an applicationHost.config file which has a security section that limits file extensions:

<requestFiltering>
  <fileExtensions allowUnlisted="true" applyToWebDAV="true">
    <add fileExtension=".cs" allowed="false" />
    <add fileExtension=".csproj" allowed="false" />
    <add fileExtension=".vb" allowed="false" />
    <add fileExtension=".vbproj" allowed="false" />
    ....
  </fileExtensions>

More information:

http://learn.iis.net/page.aspx/143/how-to-use-request-filtering/

I added a similar section to my site's web.config and used a <clear /> node to remove all extensions. Now I can serve .cs, .csproj files and others, but I cannot serve .config files yet.

Edit: Removing the hiddenSection nodes corrected this for web.config files too. Here is my local web.config file:

<system.webServer>
  <security>
    <requestFiltering>
      <fileExtensions allowUnlisted="true" applyToWebDAV="true">
        <clear />
      </fileExtensions>
      <verbs allowUnlisted="true" applyToWebDAV="true" />
      <hiddenSegments applyToWebDAV="true">
        <clear />
      </hiddenSegments>
    </requestFiltering>
  </security>
</system.webServer>

Solution 2:

I got it working with my web.config looking like so:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{CACHE_URL}" pattern="^(https?)://" />
                    </conditions>
                    <action type="Rewrite" url="{C:1}://localhost:8080/{R:1}" />
                </rule>
            </rules>
            <outboundRules>
                <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
                    <match filterByTags="A, Form, Img" pattern="^http(s)?://localhost:8080/(.*)" />
                    <action type="Rewrite" value="http{R:1}://svn.mysite.com/{R:2}" />
                </rule>
                <preConditions>
                    <preCondition name="ResponseIsHtml1">
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                        <add input="{RESPONSE_CONTENT_ENCODING}" pattern="[^(gzip)]" />
                    </preCondition>
                </preConditions>
            </outboundRules>
        </rewrite>
        <security>
        <requestFiltering>
          <fileExtensions allowUnlisted="true" applyToWebDAV="true">
            <clear />
          </fileExtensions>
          <verbs allowUnlisted="true" applyToWebDAV="true" />
          <hiddenSegments applyToWebDAV="true">
            <clear />
          </hiddenSegments>
        </requestFiltering>
      </security>
    </system.webServer>
</configuration>

Related

How can I restore my Perl environment and modules to a known state on Mac OS X? [closed]
Using an assertion library with GoDog test framework
removing duplicate rows based on two conditionals on columns r
Upgrading from Python 2.6 to 2.7 isn't working
Install ImageMagick for paperclip gem in a Mac OS 10.5.8
TF, access the filenames of the elements in a dataset object: dataset.group_by_window group by filename?
How to correct calculation error on Python
Exit If Statement
Find strings where the first half matches the second
How to show only hours and minutes from javascript date.toLocaleTimeString()?
How to correctly use ImageDataGenerator in Keras?
Cannot run Carlini and Wagner Attack using foolbox on a tensorflow Model