I have a REST API service deployed as an Azure App Service and i been trying to remove the Server header from response.
I tried adding a custom outgoing rule to Rewrite module.
In web.config i have
<rewrite>
<outboundRules>
<rule name="Change Server Header">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="My Server" />
</rule>
</outboundRules>
</rewrite>
I also applied a applicationHost.xdt transformation to applicationHost.config in order to add the RESPONSE_Server variable
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<configSections>
<sectionGroup name="system.webServer" xdt:Locator="Match(name)">
<sectionGroup name="rewrite" xdt:Locator="Match(name)">
<section name="allowedServerVariables" overrideModeDefault="Allow" xdt:Locator="Match(name)" xdt:Transform="SetAttributes(overrideModeDefault)" />
</sectionGroup>
</sectionGroup>
</configSections>
<system.webServer>
<rewrite>
<allowedServerVariables>
<add name="RESPONSE_Server" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>
But i still see the Server response http header on a request like following which returns a 500 HTTP status code
https://api.internaltest.com/%3a/
The rewrite rule works in local IIS it removes the http header successfully... but not when doing it in Azure App Service.
Please tell me what i'm missing.
I mention that i have removeServerHeader="true" in web.config also but it only removes the server header on 404 bad request, not on 500 status code.
<security>
<requestFiltering removeServerHeader="true">
<requestLimits maxAllowedContentLength="2147483647" />
</requestFiltering>
</security>
Hope anyone can help me,
Thank you
I manged to make it work by adding the outbound rule in xdt file and not in web.config
Here is the correct application.Host.xdt hope it helps others... It replaces the server header with a value on 500 error HTTP response
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<configSections>
<sectionGroup name="system.webServer" xdt:Locator="Match(name)">
<sectionGroup name="rewrite" xdt:Locator="Match(name)">
<section name="allowedServerVariables" overrideModeDefault="Allow" xdt:Locator="Match(name)" xdt:Transform="SetAttributes(overrideModeDefault)" />
</sectionGroup>
</sectionGroup>
</configSections>
<system.webServer>
<rewrite>
<allowedServerVariables>
<add name="RESPONSE_Server" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" />
</allowedServerVariables>
<outboundRules xdt:Transform="InsertIfMissing">
<rule name="Change Server Header" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="My Server" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
Related
On our DNN site hosted in an Azure app service, we have the following custom rule set on our web.config:
<rewrite>
<rules>
<rule name="Proxy" stopProcessing="true">
<match url="^base3/?(.*)" />
<action type="Rewrite" url="https://(a website hosted in aws s3)/tx/{R:1}" />
<serverVariables>
<set name="HTTP_ACCEPT_ENCODING" value="" />
<set name="HTTP_X_ORIGINAL_HOST" value="{HTTP_HOST}" />
<set name="HTTP_X_Blog" value="1" />
</serverVariables>
</rule>
</rules>
We have also setup the following in our applicationHost.xdt
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" />
<rewrite>
<allowedServerVariables>
<add name="HTTP_X_ORIGINAL_HOST" xdt:Transform="Insert" xdt:Locator="Match(name)"/>
<add name="HTTP_X_UNPROXIED_URL" xdt:Transform="Insert" xdt:Locator="Match(name)"/>
<add name="HTTP_ACCEPT_ENCODING" xdt:Transform="Insert" xdt:Locator="Match(name)"/>
<add name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" xdt:Transform="Insert" xdt:Locator="Match(name)"/>
<add name="HTTP_X_Mischief" xdt:Transform="Insert" xdt:Locator="Match(name)"/>
<add name="HTTP_X_Blog" xdt:Transform="Insert" xdt:Locator="Match(name)"/>
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>
However, when trying to navigate to it (https://(our azure webapp.com)/base3/index.html) we constantly get the error The resource you are looking for has been removed, had its name changed, or is temporarily unavailable. which is confusing because this was the rewrite rule we have used on our other sites.
We even tried the same approach on a fresh app service and the rewrite rule above works just fine..
Trying to figure out what's wrong through heuristic analysis, on our web.config the rewrite rule now works if:
under <system.webServer>
<modules runAllManagedModulesForAllRequests="true">
then commenting <add name="UrlRewrite" type="DotNetNuke.HttpModules.UrlRewriteModule, DotNetNuke.HttpModules" preCondition="managedHandler" />
However, the main site breaks now..
How do we implement a rewrite rule that works properly with DotNetNuke.HttpModules.UrlRewriteModule, DotNetNuke.HttpModules??
UPDATE
<configSections>
<section name="RewriterConfig" type="URLRewriter.Config.RewriterConfigSerializerSectionHandler,URLRewriter" />
</configSections>
......
<RewriterConfig>
<Rules>
<RewriterRule>
<LookFor>^default/([0-9]+)/([_0-9a-z-]+)</LookFor>
<SendTo>11.aspx?id={R:1}</SendTo>
</RewriterRule>
</Rules>
</RewriterConfig>
PRIVIOUS
About the function of url rewrite, the reason is the Web Server integrated by App Service cannot have full control. You can refer my answer in another post .
You can use the Application Gateway to implement the url rewriting function.
I have set up Application Request Routing in IIS 8.5 for reverse proxy.
Proxy is working but I have to pass additional Authorization header to the site behind the proxy so it can authorize automatically. Problem is that it does not add the header. Is there something wrong with the configuration?
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<allowedServerVariables>
<add name="HTTP_AUTHORIZATION" />
</allowedServerVariables>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://https://my.test.service.url.com/{R:1}" />
<serverVariables>
<set name="HTTP_AUTHORIZATION" value="Bearer token12345=" />
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
I have upgraded the Node.js version to 8.8.1, and updated this in the process environmental variables, iisnode.yml, Web.config and package.json.
Nonetheless, requests going to the app now get rejected with the following error:
The iisnode module is unable to start the node.exe process. Make sure
the node.exe executable is available at the location specified in the
https://github.com/tjanczuk/iisnode/blob/master/src/samples/configuration/web.config>system.webServer/iisnode/#nodeProcessCommandLine
element of web.config. By default node.exe is expected in one of the
directories listed in the PATH environment variable.
I tried to update the file path in Kudu to reflect the path to the node.exe I'm interested in ("D:\Program Files (x86)\nodejs\8.1.1\node.exe"), but got an error saying I was not authorized to do this.
The relevant files:
iisnode.yml:
nodeProcessCommandLine: "D:\Program Files (x86)\nodejs\8.1.1\node.exe"
loggingEnabled: true
devErrorsEnabled: true
Web.config
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your Node.js application, please visit
-->
<configuration>
<appSettings>
<!--
<add key="StorageAccountName" value="" />
<add key="StorageAccountKey" value="" />
<add key="ServiceBusNamespace" value="" />
<add key="ServiceBusIssuerName" value="" />
<add key="ServiceBusIssuerSecretKey" value="" />
-->
</appSettings>
<system.webServer>
<!-- mimeMap enables IIS to serve particular file types as specified by fileExtension. -->
<staticContent>
<mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
</staticContent>
<modules runAllManagedModulesForAllRequests="false" />
<!-- Web.Debug.config adds attributes to this to enable remote debugging when publishing in Debug configuration. -->
<!--<iisnode watchedFiles="web.config;*.js;routes\*.js;views\*.pug"/>-->
<!-- Remote debugging (Azure Website with git deploy): Comment out iisnode above, and uncomment iisnode below. -->
<iisnode watchedFiles="web.config;*.js;routes\*.js;views\*.pug"
loggingEnabled="true"
devErrorsEnabled="true"
nodeProcessCommandLine="D:\Program Files (x86)\nodejs\8.8.1\node.exe --debug"/>
<!-- indicates that the server.js file is a Node.js application
to be handled by the iisnode module -->
<handlers>
<add name="iisnode" path="index.js" verb="*" modules="iisnode" />
<!-- Remote debugging (Azure Website with git deploy): Uncomment NtvsDebugProxy handler below.
Additionally copy Microsoft.NodejsTools.WebRole to 'bin' from the Remote Debug Proxy folder.-->
<add name="NtvsDebugProxy" path="ntvs-debug-proxy/blablabla" verb="*" resourceType="Unspecified"
type="Microsoft.NodejsTools.Debugger.WebSocketProxy, Microsoft.NodejsTools.WebRole"/>
</handlers>
<security>
<requestFiltering>
<hiddenSegments>
<remove segment="bin" />
</hiddenSegments>
</requestFiltering>
</security>
<rewrite>
<rules>
<clear />
<!-- Remote debugging (Azure Website with git deploy): Uncomment the NtvsDebugProxy rule below. -->
<rule name="NtvsDebugProxy" enabled="true" stopProcessing="true">
<match url="^ntvs-debug-proxy/.*"/>
</rule>
<!-- Don't interfere with requests for node-inspector debugging -->
<rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^server.js\/debug[\/]?" />
</rule>
<rule name="app" enabled="true" patternSyntax="ECMAScript" stopProcessing="true">
<match url="iisnode.+" negate="true" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="index.js" />
</rule>
</rules>
</rewrite>
</system.webServer>
<!-- Remote debugging (Azure Website with git deploy): uncomment system.web below -->
<system.web>
<httpRuntime targetFramework="4.5"/>
<customErrors mode="Off"/>
</system.web>
</configuration>
In iisnode.yml, you have nodeProcessCommandLine pointing to 8.1.1 instead of 8.8.1. Maybe that's just it?
I'm trying to get a reverse proxy set up by using Azure Websites, roughly following this guide that explains how to modify ApplicationHost.config on such a website - but it doesn't work for me.
I've have this applicationHost.xdt:
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" />
<rewrite>
<allowedServerVariables>
<add name="HTTP_X_ORIGINAL_HOST" xdt:Transform="InsertIfMissing" />
<add name="HTTP_X_UNPROXIED_URL" xdt:Transform="InsertIfMissing" />
<add name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" xdt:Transform="InsertIfMissing" />
<add name="HTTP_ACCEPT_ENCODING" xdt:Transform="InsertIfMissing" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>
I put it in the site directory of my web app.
The transforms appear to get executed (from the transform log):
2017-09-06T12:12:20 StartSection Executing InsertIfMissing (transform line 8, 50)
2017-09-06T12:12:20 on /configuration/system.webServer/rewrite/allowedServerVariables/add
2017-09-06T12:12:20 Applying to 'allowedServerVariables' element (no source line info)
2017-09-06T12:12:20 EndSection Done executing InsertIfMissing
I have indeed four of those blocks.
I still get 500s on setting the headers with rewrite. The detailed error message contains this:
<h3>HTTP Error 500.50 - URL Rewrite Module Error.</h3>
<h4>The server variable "HTTP_X_UNPROXIED_URL" is not allowed to be set. Add the server variable name to the allowed server variable list.</h4>
Not sure what to do at this point. Any ideas?
I faced the same issue with the TomSSL article, #David Ebbo's comment ultimately got me to the answer, but felt it was worth adding this to save people some time. It's because applicationHost.config is missing xdt:Locator="Match(name)":
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false"/>
<rewrite xdt:Transform="InsertIfMissing">
<allowedServerVariables xdt:Transform="InsertIfMissing">
<add name="HTTP_X_ORIGINAL_HOST" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
<add name="HTTP_X_UNPROXIED_URL" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
<add name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
<add name="HTTP_ACCEPT_ENCODING" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>
The key to investigating these issues is to determine whether the problem is with the transform not doing the right thing, or with the applicationhost.config not working as you expect.
You can check the generated applicationhost.config in D:\local\Config from Kudu console.
See this page for more details about this.
Technical Information
Azure Website
Installed IIS Manager Site Extension by shibayan
Scenario
I have implemented a reverse proxy on my Azure Website, however the receiving server doesn't get any indication of whether the initial request was over HTTPS or not.
What I want to do is send the HTTPS flag of ON/OFF from the initial request to the proxied server, via a custom HTTP Header.
In Theory
Using shibayan's IIS Manager Site Extension, I can edit the applicationHost.xdt file, give it a Transform to insert an <allowedServerVariables> tag and that should allow me to set a custom HTTP Header.
In Practise
I've configured my rewrite rule as such:
<rule name="Proxy" stopProcessing="true" xdt:Transform="Replace" xdt:Locator="Match(name)">
...
<serverVariables>
<set name="HTTP_X_USE_HTTPS" value="{HTTPS}" />
</serverVariables>
...
</rule>
And have attempted a few combinations of where to put the <serverVariables> tag...
Attempt one:
As described in this answer.
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<proxy enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" xdt:Transform="Insert" />
<rewrite>
<allowedServerVariables>
<add name="HTTP_X_USE_HTTPS" xdt:Transform="Insert" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>
Result:
HTTP Error 500.50 - URL Rewrite Module Error.
The server variable "HTTP_X_USE_HTTPS" is not allowed to be set. Add
the server variable name to the allowed server variable list.
Attempt two:
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<location path="~1[app service name]" overrideMode="Allow">
<system.webServer>
<proxy enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" xdt:Transform="Insert" />
<rewrite>
<allowedServerVariables>
<add name="HTTP_X_USE_HTTPS" xdt:Transform="Insert" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</location>
</configuration>
Result: HTTP 500.50
Attempt three:
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<location path="" overrideMode="Allow">
<system.webServer>
<proxy enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" xdt:Transform="Insert" />
<rewrite>
<allowedServerVariables>
<add name="HTTP_X_USE_HTTPS" xdt:Transform="Insert" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</location>
</configuration>
Result: HTTP 503
Attempt four:
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<location path="[app service name]" overrideMode="Allow">
<system.webServer>
<proxy enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" xdt:Transform="Insert" />
<rewrite>
<allowedServerVariables>
<add name="HTTP_X_USE_HTTPS" xdt:Transform="Insert" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</location>
</configuration>
Result: HTTP 503
I am aware that in the applicationHost.config file for an Azure Website there are a few places that <system.webServer> can be defined, such as under the following elements:
<configuration>
<configuration><location>
...however I've tried these combinations to no avail.
Questions
Is there another possible location?
Have I misconfigured my .xdt file in any way?
Am I missing something from my applicationHost.config?
You have to create a applicationHost.xdt file under the site folder d:\home\site\applicationHost.xdt with this content:
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<rewrite>
<allowedServerVariables>
<add name="HTTP_X_USE_HTTPS" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>
Now you can use the new variable in your web.config file
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Proxy">
<serverVariables>
<set name="HTTP_X_USE_HTTPS" value="{HTTPS}"/>
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
See also https://azure.microsoft.com/en-us/documentation/articles/web-sites-transform-extend/ or https://github.com/projectkudu/kudu/wiki/Xdt-transform-samples