0

I have configured the following rewrite rule in an ASP.NET application's "web.config" hosted on IIS:

    <rewrite>
        <rules>
            <rule name="setappname">
                <match url=".*" />
                <serverVariables>
                    <set name="CONTAINER_APP_NAME" value="desiredValue" />
                </serverVariables>
            </rule>
        </rules>
    </rewrite>

And in "applicationHost.config", I have the following snippets:

    <sites>
        <site name="mysite" id="1" serverAutoStart="true">
            <application path="/" applicationPool=".NET v4.5">
                <virtualDirectory path="/" physicalPath="c:\mysite" />
            </application>
            <bindings>
                <binding protocol="http" bindingInformation="*:80:" />
            </bindings>
            <logFile directory="c:\iislog" period="MaxSize" truncateSize="4294967295">
                <customFields>
                    <add logFieldName="x-forwarded-for" sourceName="X-Forwarded-For" sourceType="RequestHeader" />
                    <add logFieldName="container-app" sourceName="CONTAINER_APP_NAME" sourceType="ServerVariable" />
                </customFields>
            </logFile>
            <applicationDefaults preloadEnabled="true" />
        </site>
    </sites>

AND

<system.webServer>
    <rewrite>
        <allowedServerVariables>
            <add name="CONTAINER_APP_NAME" />
        </allowedServerVariables>
    </rewrite>
</system.webServer>

This works fine (I see the 2 custom fields in the logs) except when the Path ends with "/" (e.g.: / or /APath/). In those cases, the value of the container-app field (using Server Variable) is always "-". For instance:

$ curl --silent --output /dev/null -H "X-Forwarded-For:10.3.2.12" http://localhost/APath/

Yields:

2019-12-02 20:47:32 172.29.152.165 GET /APath/ - 80 - 192.168.7.4 curl/7.67.0 - 200 0 0 121 10.3.2.12,+::1 -

Whereas:

$ curl --silent --output /dev/null -H "X-Forwarded-For:10.3.2.12" http://localhost/home.aspx

Yields:

2019-12-02 20:50:17 172.29.152.165 GET /home.aspx - 80 - 192.168.7.4 curl/7.67.0 - 200 0 0 63 10.3.2.12,+::1 desiredValue

I even enabled the Failed Request Tracing to see if perhaps the rewrite rule isn't picking up those paths, but I can confirm that the rule matches the path and the server variable is set to the desired value.

I wonder if there is anything else I can try to troubleshoot this. Why such paths aren't logged properly?

4

1 回答 1

0

我想我找到了问题并将其发布在这里供其他人使用。

通过查看失败的请求跟踪,我可以看到 IIS 为目录的默认文档(以“/”结尾的 URI)创建子请求。显然,根据设计,重写规则不适用于子请求(例如:https ://forums.iis.net/t/1152699.aspx )。

为了解决这个问题,我创建了一个重写规则,将此类请求更改为对文档的显式请求,以便在主进程级别应用另一个重写规则:

       <rewrite>
            <rules>
                <rule name="setExplictDoc">
                    <match url="(.*(APath)/$)" />
                    <action type="Rewrite" url="{R:0}Default.aspx" />
                </rule>
                <rule name="setappname">
                    <match url=".*" />
                    <serverVariables>
                        <set name="CONTAINER_APP_NAME" value="desiredValue" />
                    </serverVariables>
                </rule>
            </rules>
        </rewrite>

这个想法来自https://support.microsoft.com/en-ca/help/3050055/iis-digest-authentication-does-not-permit-pass-though-authentication-f

于 2019-12-02T22:16:57.780 回答