IIS7 and ARR as reverse proxy for Subversion

Solution 1:

IIS7 has an applicationHost.config file which has a security section that limits file extensions:

<requestFiltering>
  <fileExtensions allowUnlisted="true" applyToWebDAV="true">
    <add fileExtension=".cs" allowed="false" />
    <add fileExtension=".csproj" allowed="false" />
    <add fileExtension=".vb" allowed="false" />
    <add fileExtension=".vbproj" allowed="false" />
    ....
  </fileExtensions>

More information:

http://learn.iis.net/page.aspx/143/how-to-use-request-filtering/

I added a similar section to my site's web.config and used a <clear /> node to remove all extensions. Now I can serve .cs, .csproj files and others, but I cannot serve .config files yet.

Edit: Removing the hiddenSection nodes corrected this for web.config files too. Here is my local web.config file:

<system.webServer>
  <security>
    <requestFiltering>
      <fileExtensions allowUnlisted="true" applyToWebDAV="true">
        <clear />
      </fileExtensions>
      <verbs allowUnlisted="true" applyToWebDAV="true" />
      <hiddenSegments applyToWebDAV="true">
        <clear />
      </hiddenSegments>
    </requestFiltering>
  </security>
</system.webServer>

Solution 2:

I got it working with my web.config looking like so:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{CACHE_URL}" pattern="^(https?)://" />
                    </conditions>
                    <action type="Rewrite" url="{C:1}://localhost:8080/{R:1}" />
                </rule>
            </rules>
            <outboundRules>
                <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
                    <match filterByTags="A, Form, Img" pattern="^http(s)?://localhost:8080/(.*)" />
                    <action type="Rewrite" value="http{R:1}://svn.mysite.com/{R:2}" />
                </rule>
                <preConditions>
                    <preCondition name="ResponseIsHtml1">
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                        <add input="{RESPONSE_CONTENT_ENCODING}" pattern="[^(gzip)]" />
                    </preCondition>
                </preConditions>
            </outboundRules>
        </rewrite>
        <security>
        <requestFiltering>
          <fileExtensions allowUnlisted="true" applyToWebDAV="true">
            <clear />
          </fileExtensions>
          <verbs allowUnlisted="true" applyToWebDAV="true" />
          <hiddenSegments applyToWebDAV="true">
            <clear />
          </hiddenSegments>
        </requestFiltering>
      </security>
    </system.webServer>
</configuration>