[仅当使用IIS ARR代理时HTTP 401错误

问题描述 投票:0回答:1

包含Web界面的应用程序正在装有IIS 10和ARR的Windows Server 2019系统上运行。使用IP:Port导航到网页时,网页将正确加载。当使用domain.com导航到网页时,网站上的某些内容在控制台中显示401错误,并且页面无法正确加载。

Chrome Console

导航到域时,请求通过IIS和URL重写传递。在通过代理传递信息方面似乎存在一些问题。

这是IIS中重写规则的代码:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://localhost:33337/{R:1}" />
                <serverVariables>
                        <set name="HTTP_ACCEPT_ENCODING" value="" />
                </serverVariables>
                </rule>
            </rules>
            <outboundRules>
                <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
                    <match filterByTags="A, Form, Img" pattern="^http(s)?://localhost:33337\/?(.*)" />
                    <action type="Rewrite" value="http{R:1}://sub.domain.com/{R:2}" />
                </rule>
                <preConditions>
                    <preCondition name="ResponseIsHtml1">
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                    </preCondition>
                </preConditions>
            </outboundRules>
        </rewrite>
        <urlCompression doStaticCompression="false" doDynamicCompression="true" dynamicCompressionBeforeCache="false" />
    </system.webServer>
</configuration>

这是此特定问题的GitHub问题链接:https://github.com/qbittorrent/qBittorrent/issues/11207

iis url-rewriting arr
1个回答
0
投票
显然,qBittorrent希望客户端发送相同来源的Referer标头。您的情况必须是localhost:33337,但显然正在发送sub.domain.com

通过Enable Cross-Site Request Forgery (CSRF) protection可以通过qBitorrent > Options > Web UI > Security设置激活此安全措施。

您有两种解决方案。

禁用设置。

    用适当的值重写Referer标头。
  • 如果要重写标题,请像对HTTP_REFERER那样允许服务器变量HTTP_ORIGINHTTP_ACCEPT_ENCODING之后,应按如下所示更改规则。
  • <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <rewrite> <rules> <rule name="ReverseProxyInboundRule1" stopProcessing="true"> <match url="(.*)" /> <action type="Rewrite" url="http://localhost:33337/{R:1}" /> <!-- New Optional Condition --> <conditions logicalGrouping="MatchAny"> <add input="{HTTP_REFERER}" pattern="^(?:https?://[^/]*/(.*))?$" /> </conditions> <serverVariables> <set name="HTTP_ACCEPT_ENCODING" value="" /> <!-- New Header Rewrite --> <set name="HTTP_REFERER" value="http://localhost:33337/{C:1}" /> <!-- Remove Origin Header --> <set name="HTTP_ORIGIN" value="" /> </serverVariables> </rule> </rules> <outboundRules> <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1"> <match filterByTags="A, Form, Img" pattern="^http(s)?://localhost:33337\/?(.*)" /> <action type="Rewrite" value="http{R:1}://sub.domain.com/{R:2}" /> </rule> <preConditions> <preCondition name="ResponseIsHtml1"> <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" /> </preCondition> </preConditions> </outboundRules> </rewrite> <urlCompression doStaticCompression="false" doDynamicCompression="true" dynamicCompressionBeforeCache="false" /> </system.webServer> </configuration>

    BTW请注意,qBittorrent会警告您该问题。记住要检查“执行日志”选项卡。

    << img src =“ https://image.soinside.com/eyJ1cmwiOiAiaHR0cHM6Ly9pbWcuaW1ndXIuY29tLzlYek9mSTcucG5nIn0=” alt =“ qBittorrent执行日志”>“ >>
  • © www.soinside.com 2019 - 2024. All rights reserved.