IIS rewrite always triggers the same rule - iis

I have a issue with configuring IIS to do URL rewrite.
I have an aplication running on tomcat using port 1512 and IIS runing on port 80 where i want to catch two different cases:
1) calls coming in on port 80 without any add-on, myserver:80/, should be routed to myserver:1512/pim/webaccess
2) calls coming in with pim in the url, myserver:80/pim/scripts/script.js, should be routed to myserver:1512/pim/scripts/script.js
I have setup two rules like below but when running this it always fire the one in example 1 above which results in the login page being returned instead of e.g. the js file. Not sure what I am doing wrong?
The links to e.g. script files are on the format /pim/scripts/script.js in the login page can that have something to do with it?
Getting really frustrated right now :P
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpRedirect enabled="false" destination="http://myserver123:1512/pim/webaccess" exactDestination="true" />
<rewrite>
<rules>
<clear />
<rule name="UrlWithPimRewrite" stopProcessing="true">
<match url="/pim.*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
<action type="Rewrite" url="http://localhost:1512{R0}" appendQueryString="true" logRewrittenUrl="false" />
</rule>
<rule name="UrlWithoutPIM" enabled="true" stopProcessing="true">
<match url="/*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
<action type="Rewrite" url="http://localhost:1512/pim/webaccess" appendQueryString="false" logRewrittenUrl="false" />
</rule>
</rules>
<outboundRules>
<clear />
<rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
<match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
<action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
</rule>
<preConditions>
<preCondition name="NeedsRestoringAcceptEncoding">
<add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
<urlCompression doStaticCompression="false" />
</system.webServer>
</configuration>

I found you used the /pim. as the url match part. But it will just match the pim/scripts/script.js url pattern. So you will find it just always doesn't match the first rule.
The right rule is as below:
<rule name="UrlWithPimRewrite" stopProcessing="true">
<match url="pim.*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
<action type="Rewrite" url="http://localhost:1512{R0}" appendQueryString="true" logRewrittenUrl="false" />
</rule>

#brando-zhang
I changed the original rules and now I have the below config. The initial one just going to http://servername:123/ works but everything else like e.g. http://servername:123/pim/scripts/script.js gives me a 404 for some reason. Any ideas??
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpRedirect enabled="false" />
<rewrite>
<rules>
<clear />
<rule name="UrlWithPimRewrite" stopProcessing="true">
<match url="pim.*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
<action type="Rewrite" url="{C:1}://localhost:1512/{R0}" appendQueryString="true" logRewrittenUrl="false" />
</rule>
<rule name="UrlWithoutPIM" enabled="true" stopProcessing="true">
<match url="^(.*)$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{URL}" pattern="/pim" negate="true" />
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
<action type="Rewrite" url="{C:1}://localhost:1512/pim/webaccess" appendQueryString="false" logRewrittenUrl="false" />
</rule>
</rules>
<outboundRules>
<clear />
<rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
<match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
<action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
</rule>
<preConditions>
<preCondition name="NeedsRestoringAcceptEncoding">
<add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
<urlCompression doStaticCompression="true" />
<directoryBrowse enabled="false" />
</system.webServer>
</configuration>

Related

IIS reverse proxy with owncloud and keycloak backend

What I'm trying to achieve
I would like to create an IIS reverse proxy with hostname http://innerhub.domain.example/ and I would like to configure it to split the traffic as follows:
http://innerhub.domain.example/owncloud goes to http://192.168.0.192:8080/ as my owncloud service is hosting on that ip:port.
http://innerhub.domain.example/keyclkauth goes to http://192.168.0.192:8180/ as my keycloak service is hosting on that ip:port
Why I'm doing this
As owncloud documentation describes Owncloud's openID connect needs a reverse proxy so your IAPs can access the configuration under .well-known. So I figured I need to setup a reverse proxy between the owncloud and the keycloak in order to rewrite the .well-known url. It would work fine, but in order so owncloud redirects me to the correct url too I need to be able to access keycloak url too from the innerhub. So basically innerhub needs to split and rewrite urls between these two sites.
This is the network graph
What works so far
The url rewrite rules are working and I can reach the apps with http://innerhub.domain.example/*
Where am I stuck
Owncloud and keycloak too has response.redirect messages and I can't find a way to properly handle this in IIS. When owncloud redirects I get a new url: http://innerhub.domain.example/login and obviously it returns a 404, because this should be http://innerhub.domain.example/owncloud/login
My configuration file
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="KeyCloak" stopProcessing="true">
<match url="^/?keyclkauth/(.*)" />
<action type="Rewrite" url="http://192.168.0.192:8180/{R:1}" />
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
<set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
<set name="HTTP_X_FORWARDED_SCHEMA" value="http" />
<set name="HTTP_X_FORWARDED_PROTO" value="http" />
</serverVariables>
</rule>
<rule name="OwnCloudAuth" stopProcessing="true">
<match url="^/?owncloud/\.well-known/openid-configuration" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
<action type="Rewrite" url="http://192.168.0.192:8080/index.php/apps/openidconnect/config" logRewrittenUrl="true" />
</rule>
<rule name="OwnCloud" stopProcessing="true">
<match url="^/?owncloud/?(.*)" />
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
<set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
<set name="HTTP_X_FORWARDED_SCHEMA" value="http" />
<set name="HTTP_X_FORWARDED_PROTO" value="http" />
</serverVariables>
<action type="Rewrite" url="http://192.168.0.192:8080/{R:1}" />
</rule>
</rules>
<allowedServerVariables>
<add name="HTTP_X_FORWARDED_HOST" />
<add name="HTTP_X_FORWARDED_SCHEMA" />
<add name="HTTP_X_FORWARDED_PROTO" />
<add name="From_where" />
</allowedServerVariables>
<outboundRules>
<clear />
<rule name="KeyCloak" preCondition="ResponseIsHtml1">
<match filterByTags="A, Form, Link" pattern="^http(s)?://192.168.0.192:8180/(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="http://innerhub.domain.example/keyclkauth/{R:2}" />
</rule>
<rule name="OwnCloudAuth" preCondition="ResponseIsHtml1" enabled="true" patternSyntax="ExactMatch" stopProcessing="false">
<match filterByTags="A, Form, Link" pattern="http://192.168.0.192:8080/index.php/apps/openidconnect/config" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="http://innerhub.domain.example/owncloud/.well-known/openid-configuration" />
</rule>
<rule name="OwnCloud" preCondition="ResponseIsHtml1" stopProcessing="false">
<match filterByTags="A, Form, Link" pattern="^http(s)?://192.168.0.192:8080/(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="http://innerhub.domain.example/owncloud/{R:2}" />
</rule>
<rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
<match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
<preCondition name="NeedsRestoringAcceptEncoding">
<add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" />
</preCondition>
<preCondition name="isStatus">
<add input="{RESPONSE_STATUS}" pattern="3[0-9][0-9]" />
</preCondition>
<preCondition name="x-forwarded-KeyCloak">
<add input="{HTTP_X_FORWARDED_HOST}" pattern="http://innerhub.domain.example/keyclkauth/.*" />
</preCondition>
<preCondition name="x-forwarded-OwnCloud">
<add input="{HTTP_X_FORWARDED_HOST}" pattern="http://innerhub.domain.example/owncloud/.*" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>

How to allow utm_source & utm_medium in IIS Rewrite / Reverse Proxy

I have created reverse proxy Windows server 2016 and IIS.
Everything is working fine, but the problem is following it doesnt allow the url like this,
https://mywebsite/shop/product/3231?utm_source=IGShopping&utm_medium=Social
but when I replace utm_source as utm_sour or something then it works fine.
In simple words, with utm_source and utm_medium variables it gives this error.
Screenshot of the error
Directly with the localhost it works fine.
https://mywebsite/shop/product/3231?utm_source=IGShopping&utm_medium=Social
For the reference, my web.config file is as follows
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<outboundRules>
<clear />
<rule name="Add SameSite" preCondition="No SameSite">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; SameSite=None; Secure" />
</rule>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1" enabled="true">
<match filterByTags="A, Form, Img" pattern="^http(s)?://localhost:8068/(.*)" />
<action type="Rewrite" value="http{R:1}://mocauae.ae/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
<preCondition name="No SameSite">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; SameSite=None; Secure" negate="true" />
</preCondition>
</preConditions>
</outboundRules>
<rules>
<rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:8068/{R:1}" />
</rule>
<rule name="HTTPS" enabled="false" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="http://localhost:8068" redirectType="Found" />
</rule>
<rule name="HTTPS force" enabled="false" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://localhost:8068" appendQueryString="false" redirectType="Permanent" />
</rule>
<rule name="https pure" enabled="false" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<action type="Redirect" url="https://localhost:8068" redirectType="Found" />
<conditions>
<add input="{HTTP}" pattern="off" />
</conditions>
</rule>
</rules>
</rewrite>
<httpRedirect enabled="false" destination="http://localhost:8068" exactDestination="true" />
</system.webServer>
</configuration>
I the solution by just simply ignoring the url parameter and it worked for me
<rule name="IngnoreUTMSource" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{QUERY_STRING}" pattern="utm_source=.*" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{R:0}" appendQueryString="false" redirectType="Permanent" />
</rule>

IIS can't rewrite outbound rule having soket.io query

I am banging my head into the wall. Every single URL is re-written by IIS URL Rewrite module but the response having https://nginx-server/socket.io/?EIO=3&transport=polling&t=1486150196479-0 when I open my Network tab in chrome, I see:
https://nginx-server.com/socket.io/?EIO=3&transport=polling&t=1486150196479-0
https://nginx-server.com/socket.io/?EIO=3&transport=polling&t=1486150196479-0
https://iis-reverse-proxy-server.com/t/assets/images/chat-logo.png
https://iis-reverse-proxy-server.com/config.js
https://iis-reverse-proxy-server.com/t/assets/images/main_logo.png
I am trying to reverse proxy the https://nginx-server. IIS reverse proxy rewrite all the URL that are accessing nginx except those having socket.io URI in them . Same thing happens when some api is called and the IIS just stop rewriting outbound rules.
this is my web.config.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
<match url="^(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<serverVariables>
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
<action type="Rewrite" url="{C:1}://nginx-server.com/{R:0}" />
</rule>
</rules>
<outboundRules>
<clear />
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1" stopProcessing="true">
<match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Img, Input, Link, Script" pattern="^(.*)?://nginx-server.com/(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="{R:1}://iis-reverse-proxy-server.com/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/(.+)" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
<urlCompression doStaticCompression="true" doDynamicCompression="true" />
</system.webServer>
</configuration>
==========Edit:===========
This is my updated web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
<match url="^(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="HTTP_ACCEPT_ENCODING" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
<action type="Rewrite" url="{C:1}://nginx-server.com/{R:0}" />
</rule>
</rules>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1" stopProcessing="true">
<match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Img, Input, Link, Script" pattern="^(.*)?://nginx-server.com/(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="{R:1}://iis-reverse-proxy-server.com/{R:2}" />
</rule>
<rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
<match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
<action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
</rule>
<rule name="Atag" preCondition="ResponseIsHtml1">
<match pattern="href=(.*?)https://nginx-server.com/(.*?)\s" />
<action type="Rewrite" value="href={R:1}https://iis-reverse-proxy-server.expertflow.com/{R:2}" />
</rule>
<rule name="elementencodedaction" preCondition="ResponseIsHtml1">
<match pattern="action=(.*?)https://nginx-server.com/(.*?)\\" />
<action type="Rewrite" value="‘action={R:1}https://iis-reverse-proxy-server.expertflow.com/{R:2}\" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/(.+)" />
</preCondition>
<preCondition name="NeedsRestoringAcceptEncoding">
<add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
Where am I making mistake?
Thanks everyone for the efforts for intended help. It turned out the config file in the application re writing the URL so that is why IIS could not be able to rewrite the URL. Updating URL in config file resolved my issue.

How do I get IIS UrlRewrite to handle CSS-delivered woff files appropriately?

Context: Azure; Windows Server 2012; IIS 8
First up, here's the (redacted) web.config for reference
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="false">
<match url="(.*)" />
<action type="Rewrite" url="https://www.khatam.com/{R:1}" logRewrittenUrl="true" />
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
</rule>
<rule name="Capture Http Origin Header" enabled="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<add input="{HTTP_ORIGIN}" pattern=".+" />
</conditions>
<serverVariables>
<set name="CAPTURED_ORIGIN" value="{C:0}" />
</serverVariables>
<action type="None" />
</rule>
</rules>
<outboundRules>
<clear />
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="None" pattern="^http(s)?://www.khatam.com/(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="http{R:1}://jamuni.pemaish.com.au/{R:2}" />
</rule>
<rule name="Rewrite mundrjatzxera Assets" preCondition="ResponseIsHtml1" enabled="true">
<match filterByTags="None" pattern="^/(mundrjat/zxera/.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="https://www.khatam.com/{R:1}" />
</rule>
<rule name="Rewrite Source Srcset in Picture Assets" preCondition="ResponseIsHtml1" enabled="true">
<match filterByTags="CustomTags" customTags="Source Srcset in Picture" pattern=",?\/(mundrjat\/zxera\/\S+\s\d+w)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="https://www.khatam.com/{R:1}" />
</rule>
<rule name="Rewrite X-Frame-Options" enabled="true" patternSyntax="Wildcard">
<match serverVariable="RESPONSE_X-Frame-Options" pattern="*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" />
</rule>
<rule name="Set-Access-Control-Allow-Origin for known origins" enabled="true">
<match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern=".+" negate="true" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="{CAPTURED_ORIGIN}" />
</rule>
<rule name="Restore Accept Encoding" preCondition="Needs to Restore Original Accept Encoding" enabled="true">
<match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
</rule>
<preConditions>
<preCondition name="ResponseIsCss">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/css" />
</preCondition>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
<preCondition name="ResponseIsEverything">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/(.+)$" />
</preCondition>
<preCondition name="Needs to Restore Original Accept Encoding">
<add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".*" />
</preCondition>
</preConditions>
<customTags>
<tags name="Source Srcset in Picture">
<tag name="source" attribute="srcset" />
</tags>
</customTags>
</outboundRules>
</rewrite>
...
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
We're reverse proxying a site for a client. The proxied site is www.khatam.com. The server through which the proxying is effected is jamuni.pemaish.com.au (yes, I do speak Urdu, albeit not brilliantly.) The client will have an IFRAME in their site which will interact with khatam.com's site via our jamuni server.
So far so good: the client is able to run everything in khatam's site via their IFRAME. What's NOT working so well is that there are WOFF files referenced in the one of the CSS files and these are not loading.
When in devtools in a browser (which is rendering the IFRAME) all the woffs are in red, with the General headers being
Request URL: https://jamuni.pemaish.com.au/vgera.mukljuga/jugabisbis/mukljuga/khatam/vesael/icomoon.woff
Request Method: GET
Status Code: 500 URL Rewrite Module Error.
Remote Address: XXX.XXX.XXX.XXX:443
Referrer Policy: no-referrer-when-downgrade
I have tried to write a rule to change the CSS, viz
<rule name="Rewrite vgera.mukljuga Assets" preCondition="ResponseIsCss" enabled="true">
<match filterByTags="None" pattern="url\((khatam/vesael/.*?.woff)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="url(https://www.khatam.com/vgera.mukljuga/jugabisbis/mukljuga/{R:1}" />
</rule>
but whether the target or the intermediate is specified, I still get the 500 error. Now as I re-read this I'm wondering if I'm having the output of one rewrite being picked up by another leading to a loop or a race. If I take the link from the General above and put it into the address bar of the browser, I get a woff file suggesting that there's contention between two or more rules.
The CSS rules are relative-pathed. Here's one of them:
#font-face {
font-family: trade-gothic-condensed;
src: url(khatam/vesael/tradegothicltcom-bdcn20-webfont.woff) format("woff");
font-weight: 700;
font-style: normal;
-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}
Suggestions welcome.
In the process of getting the Tracing role installed, the 500 error above fixed itself suggesting that the issue had more to do with (likely user-introduced) IIS instability rather than anything else.

IIS UrlRewrite: How to rewrite from just a domain to domain and path

I have successfully written a web.config that lets me reverse-proxy a site and have it appear in a either a server's IFRAME or even on my own localhost. A reduced/redacted version of it follows.
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="false">
<match url="(.*)" />
<action type="Rewrite" url="https://www.example.com/{R:1}" logRewrittenUrl="true" />
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
</rule>
<rule name="Capture Origin Header">
<match url=".*" />
<conditions>
<add input="{HTTP_ORIGIN}" pattern=".+" />
</conditions>
<serverVariables>
<set name="CAPTURED_ORIGIN" value="{C:0}" />
</serverVariables>
<action type="None" />
</rule>
</rules>
<outboundRules>
<rule name="Rule1" patternSyntax="Wildcard" stopProcessing="false">
<match serverVariable="RESPONSE_X-Frame-Options" pattern="*" />
<action type="Rewrite" value="" />
</rule>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsTextHtml" stopProcessing="false">
<match filterByTags="None" pattern="^http(s)?://www.example.com/(.*)" />
<action type="Rewrite" value="http{R:1}://thing.our-server.com/{R:2}" />
</rule>
<rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
<match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
<action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
</rule>
<rule name="ContentDam" preCondition="ResponseIsTextHtml">
<match filterByTags="None" pattern="^/(content/dam/.*)" />
<action type="Rewrite" value="https://www.example.com/{R:1}" />
</rule>
<rule name="Set-Access-Control-Allow-Origin for known origins">
<match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern=".+" negate="true" />
<action type="Rewrite" value="{CAPTURED_ORIGIN}" />
</rule>
<rule name="source srcset" preCondition="ResponseIsTextHtml">
<match filterByTags="CustomTags" customTags="sourceSrcset" pattern=",?\/(content\/dam\/\S+\s\d+w)" />
<action type="Rewrite" value="https://www.example.com/{R:1}" />
</rule>
<rule name="Change GTM" preCondition="ResponseIsTextAnything" patternSyntax="ExactMatch">
<match pattern="GTM-5GFGV2" />
<action type="Rewrite" value="GTM-5XVB5D" />
</rule>
<preConditions>
<preCondition name="ResponseIsTextHtml">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
<preCondition name="ResponseIsTextAnything">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/(.+)" />
</preCondition>
<preCondition name="NeedsRestoringAcceptEncoding">
<add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".*" />
</preCondition>
</preConditions>
<customTags>
<tags name="sourceSrcset">
<tag name="source" attribute="srcset" />
</tags>
</customTags>
</outboundRules>
</rewrite>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
</system.webServer>
Currently, I point my IFRAME at https://thing.our-server.com/ and the reverse proxy takes the path and query string and hands them off to a request to https://www.example.com/ and rewrites the results (more or less) to this.our-server.com.
What I would prefer is that I can point my IFRAME at https://thing.our-server.com/example/ (plus path and query) and have everything work the same way.
However, when I make the following changes, it doesn't work:
<rule name="ReverseProxyInboundRule1" stopProcessing="false">
<match url="example/(.*)" />
<action type="Rewrite" url="https://www.example.com/{R:1}" logRewrittenUrl="true" />
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
</rule>
and
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsTextHtml">
<match filterByTags="None" pattern="^http(s)?://www.example.com/(.*)" />
<action type="Rewrite" value="http{R:1}://thing.out-server.com/examle/{R:2}" />
</rule>
I expect it's a misspecification, but I can't see it at the moment.
if you have anything after the example/ then you could use the example/(.*) regular expression. otherwise, just use example in a match rule.
and the another point there is typing mistake in below rule:
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsTextHtml">
<match filterByTags="None" pattern="^http(s)?://www.example.com/(.*)" />
<action type="Rewrite" value="http{R:1}://thing.out-server.com/examle/{R:2}" />
</rule>
http{R:1}://thing.out-server.com/examle/{R:2} use the example.

Resources