The web service environment is operated by Windows 2012 server, IIS8.5, Classic asp.
this is problem about Chrome 80ver SameSite Issue.
On our site, we make payments by calling iframes and receive the results by returnurl.
However, there is a problem in returnurl that changes the existing session value (sometimes it is maintained and sometimes it is changed).
I tried to
First. Add header in source code as follows
Response.AddHeader "Set-Cookie", "SameSite=None; Secur; path=/; HttpOnly"
Second. Add web.config
<system.web>
<httpCookies httpOnlyCookies="true" requireSSL="true" sameSite="None" />
<sessionState cookieSameSite="None" />
Third. Add web.config rewrite
<rewrite>
<outboundRules>
<rule name="AddSameSiteCookieFlag">
<match serverVariable="RESPONSE_Set-Cookie" pattern="^(.*SessionID)(SameSite=Lax)" />
<action type="Rewrite" value="{R:1};SameSite=None" />
</rule>
</outboundRules>
Is there a way to set the samesite setting to none in IIS8.5?
I'm running the exact configuration mentioned in this question and found the following web.config rewrite rules to work as a baseline solution:
<rewrite>
<outboundRules>
<rule name="Add HttpOnly" preCondition="No HttpOnly">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; HttpOnly" />
<conditions>
</conditions>
</rule>
<rule name="Add SameSite" preCondition="No SameSite">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; SameSite=None; Secure" />
</rule>
<preConditions>
<preCondition name="No HttpOnly">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; HttpOnly" negate="true" />
</preCondition>
<preCondition name="No SameSite">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; SameSite=None; Secure" negate="true" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
Related
I've set up an IIS reverse proxy to serve some content from within WSL with the following web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:6006/{R:1}" />
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
</rule>
</rules>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A, Form, Img" pattern="^http(s)?://localhost:6006/(.*)" />
<action type="Rewrite" value="http{R:1}://iansdesktop/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
However this results in a 500.52 error complaining that the response is encoded (it isn't encoded, I've verified with telnet) and the encoding reported is "identity" which apparently means no encoding at all.
How can I change my rules to fix this?
I am banging my head into the wall. Every single URL is re-written by IIS URL Rewrite module but the response having https://nginx-server/socket.io/?EIO=3&transport=polling&t=1486150196479-0 when I open my Network tab in chrome, I see:
https://nginx-server.com/socket.io/?EIO=3&transport=polling&t=1486150196479-0
https://nginx-server.com/socket.io/?EIO=3&transport=polling&t=1486150196479-0
https://iis-reverse-proxy-server.com/t/assets/images/chat-logo.png
https://iis-reverse-proxy-server.com/config.js
https://iis-reverse-proxy-server.com/t/assets/images/main_logo.png
I am trying to reverse proxy the https://nginx-server. IIS reverse proxy rewrite all the URL that are accessing nginx except those having socket.io URI in them . Same thing happens when some api is called and the IIS just stop rewriting outbound rules.
this is my web.config.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
<match url="^(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<serverVariables>
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
<action type="Rewrite" url="{C:1}://nginx-server.com/{R:0}" />
</rule>
</rules>
<outboundRules>
<clear />
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1" stopProcessing="true">
<match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Img, Input, Link, Script" pattern="^(.*)?://nginx-server.com/(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="{R:1}://iis-reverse-proxy-server.com/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/(.+)" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
<urlCompression doStaticCompression="true" doDynamicCompression="true" />
</system.webServer>
</configuration>
==========Edit:===========
This is my updated web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
<match url="^(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="HTTP_ACCEPT_ENCODING" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
<action type="Rewrite" url="{C:1}://nginx-server.com/{R:0}" />
</rule>
</rules>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1" stopProcessing="true">
<match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Img, Input, Link, Script" pattern="^(.*)?://nginx-server.com/(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="{R:1}://iis-reverse-proxy-server.com/{R:2}" />
</rule>
<rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
<match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
<action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
</rule>
<rule name="Atag" preCondition="ResponseIsHtml1">
<match pattern="href=(.*?)https://nginx-server.com/(.*?)\s" />
<action type="Rewrite" value="href={R:1}https://iis-reverse-proxy-server.expertflow.com/{R:2}" />
</rule>
<rule name="elementencodedaction" preCondition="ResponseIsHtml1">
<match pattern="action=(.*?)https://nginx-server.com/(.*?)\\" />
<action type="Rewrite" value="‘action={R:1}https://iis-reverse-proxy-server.expertflow.com/{R:2}\" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/(.+)" />
</preCondition>
<preCondition name="NeedsRestoringAcceptEncoding">
<add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
Where am I making mistake?
Thanks everyone for the efforts for intended help. It turned out the config file in the application re writing the URL so that is why IIS could not be able to rewrite the URL. Updating URL in config file resolved my issue.
Context: Azure; Windows Server 2012; IIS 8
First up, here's the (redacted) web.config for reference
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="false">
<match url="(.*)" />
<action type="Rewrite" url="https://www.khatam.com/{R:1}" logRewrittenUrl="true" />
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
</rule>
<rule name="Capture Http Origin Header" enabled="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<add input="{HTTP_ORIGIN}" pattern=".+" />
</conditions>
<serverVariables>
<set name="CAPTURED_ORIGIN" value="{C:0}" />
</serverVariables>
<action type="None" />
</rule>
</rules>
<outboundRules>
<clear />
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="None" pattern="^http(s)?://www.khatam.com/(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="http{R:1}://jamuni.pemaish.com.au/{R:2}" />
</rule>
<rule name="Rewrite mundrjatzxera Assets" preCondition="ResponseIsHtml1" enabled="true">
<match filterByTags="None" pattern="^/(mundrjat/zxera/.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="https://www.khatam.com/{R:1}" />
</rule>
<rule name="Rewrite Source Srcset in Picture Assets" preCondition="ResponseIsHtml1" enabled="true">
<match filterByTags="CustomTags" customTags="Source Srcset in Picture" pattern=",?\/(mundrjat\/zxera\/\S+\s\d+w)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="https://www.khatam.com/{R:1}" />
</rule>
<rule name="Rewrite X-Frame-Options" enabled="true" patternSyntax="Wildcard">
<match serverVariable="RESPONSE_X-Frame-Options" pattern="*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" />
</rule>
<rule name="Set-Access-Control-Allow-Origin for known origins" enabled="true">
<match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern=".+" negate="true" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="{CAPTURED_ORIGIN}" />
</rule>
<rule name="Restore Accept Encoding" preCondition="Needs to Restore Original Accept Encoding" enabled="true">
<match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
</rule>
<preConditions>
<preCondition name="ResponseIsCss">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/css" />
</preCondition>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
<preCondition name="ResponseIsEverything">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/(.+)$" />
</preCondition>
<preCondition name="Needs to Restore Original Accept Encoding">
<add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".*" />
</preCondition>
</preConditions>
<customTags>
<tags name="Source Srcset in Picture">
<tag name="source" attribute="srcset" />
</tags>
</customTags>
</outboundRules>
</rewrite>
...
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
We're reverse proxying a site for a client. The proxied site is www.khatam.com. The server through which the proxying is effected is jamuni.pemaish.com.au (yes, I do speak Urdu, albeit not brilliantly.) The client will have an IFRAME in their site which will interact with khatam.com's site via our jamuni server.
So far so good: the client is able to run everything in khatam's site via their IFRAME. What's NOT working so well is that there are WOFF files referenced in the one of the CSS files and these are not loading.
When in devtools in a browser (which is rendering the IFRAME) all the woffs are in red, with the General headers being
Request URL: https://jamuni.pemaish.com.au/vgera.mukljuga/jugabisbis/mukljuga/khatam/vesael/icomoon.woff
Request Method: GET
Status Code: 500 URL Rewrite Module Error.
Remote Address: XXX.XXX.XXX.XXX:443
Referrer Policy: no-referrer-when-downgrade
I have tried to write a rule to change the CSS, viz
<rule name="Rewrite vgera.mukljuga Assets" preCondition="ResponseIsCss" enabled="true">
<match filterByTags="None" pattern="url\((khatam/vesael/.*?.woff)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="url(https://www.khatam.com/vgera.mukljuga/jugabisbis/mukljuga/{R:1}" />
</rule>
but whether the target or the intermediate is specified, I still get the 500 error. Now as I re-read this I'm wondering if I'm having the output of one rewrite being picked up by another leading to a loop or a race. If I take the link from the General above and put it into the address bar of the browser, I get a woff file suggesting that there's contention between two or more rules.
The CSS rules are relative-pathed. Here's one of them:
#font-face {
font-family: trade-gothic-condensed;
src: url(khatam/vesael/tradegothicltcom-bdcn20-webfont.woff) format("woff");
font-weight: 700;
font-style: normal;
-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}
Suggestions welcome.
In the process of getting the Tracing role installed, the 500 error above fixed itself suggesting that the issue had more to do with (likely user-introduced) IIS instability rather than anything else.
I'm trying to integrate ASP.net and Node.js on a single server.
ASP.net is at localhost:8080
NodeJs is at localhost:4000
My expectation is here.
client ----> IIS Server ----> ASP.NET (no rewriting except /api/* localhost:80)
(rev.0970.co.kr) |---> Node.js (matching with /api/* localhost:4000)
Node app is executed as a windows service, and serve localhost:4000/api/ locally. And should be accessed with http://rev.0970.co.kr/api/signin
All request excepting /api/ should be served normal IIS asp.net. (ex. http://rev.0970.co.kr/index.aspx)
My Setting Steps
- install ARR and UrlRewrite module
- enable proxy of ARR
- add rule to urlrewrite section as below.
<rule name="Proxy">
<match url="api/(.*)"/>
<conditions>
<add input="{HTTP_HOST}" pattern="rev.0970.co.kr" />
</conditions>
<action type="Rewrite" url="http://localhost:4000/api/{R:1}" />
</rule>
Result
- http://rev.0970.co.kr/api/signin : success
- http://rev.0970.co.kr/index.aspx : fail - 404 not found
I thought http://rev.0970.co.kr/index.aspx did not match api/(.*), so IIS might render index.aspx.
When I removed whole rule settings of urlrewrite, http://rev.0970.co.kr/index.aspx worked.
What did I do wrong?
edit
Here is my full web.config file.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A, Form, Img" pattern="^http(s)?://localhost:4000/(.*)" />
<action type="Rewrite" value="http{R:1}://rev.0970.co.kr/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
<rules>
<rule name="Proxy">
<match url="api/(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="rev.0970.co.kr" />
</conditions>
<action type="Rewrite" url="http://localhost:4000/api/{R:1}" />
</rule>
</rules>
</rewrite>
<tracing>
<traceFailedRequests>
<add path="*">
<traceAreas>
<add provider="ASP" verbosity="Verbose" />
<add provider="ASPNET" areas="Infrastructure,Module,Page,AppServices" verbosity="Verbose" />
<add provider="ISAPI Extension" verbosity="Verbose" />
<add provider="WWW Server" areas="Security,CGI,RequestNotifications,Module,FastCGI" verbosity="General" />
</traceAreas>
<failureDefinitions timeTaken="00:00:00" statusCodes="404" />
</add>
</traceFailedRequests>
</tracing>
</system.webServer>
</configuration>
I have the following inbound and outbound rules defined to get my reverse proxy working.
<rewrite>
<rules>
<rule name="Route the requests for backend app" stopProcessing="true">
<match url="^foldera/folderb/(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="www.site1.com" />
</conditions>
<action type="Rewrite" url="http://www.site2.com/{R:1}" />
<serverVariables>
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
</rule>
</rules>
<outboundRules>
<rule name="RewriteRelativePaths" preCondition="ResponseIsHtml" enabled="true" stopProcessing="false">
<match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Img, Input, Link, Script" pattern="^/(.*)" />
<action type="Rewrite" value="/foldera/folderb/{R:1}" />
<conditions>
<add input="{URL}" pattern="^/foldera/folderb/.*" />
</conditions>
</rule>
<preConditions>
<preCondition name="ResponseIsHtml">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
Now, the site "http://www.site2.com/" is correclty loaded in "http://www.site1.com/foldera/folderb/" and the outbound rule is making sure that every resource from site2 is rewritten to http://www.site1.com/foldera/folderb/{resourcefromsite1}
Unfortunately, the outbound rule is also crashing the rest of my site. Probably because he's trying to rewrite every native resource to this same "http://www.site1.com/foldera/folderb/" folderstructure.
How can I make the outbound rule only to respond to resources that are requested/loaded through path http://www.site1.com/foldera/folderb/ and for instance not through http://www.site1.com/foldera
Cheers
Jeroen
You were very close to solution. To solve this you must add {URL} as input inside your preCondition. Your rewrite rules should look like this finally:
<rewrite>
<rules>
<rule name="Route the requests for backend app" stopProcessing="true">
<match url="^foldera/folderb/(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="www.site1.com" />
</conditions>
<action type="Rewrite" url="http://www.site2.com/{R:1}" />
<serverVariables>
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
</rule>
</rules>
<outboundRules>
<rule name="RewriteRelativePaths" preCondition="ResponseIsHtml" enabled="true" stopProcessing="false">
<match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Img, Input, Link, Script" pattern="^/(.*)" />
<action type="Rewrite" value="/foldera/folderb/{R:1}" />
<!-- Removed condition from here -->
</rule>
<preConditions>
<preCondition name="ResponseIsHtml">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
<add input="{URL}" pattern="^/foldera/folderb/.*" /> <!-- Added your condition here -->
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
This way Outbound Rule will be applied only when Response is HTML and current URL got specified pattern.