Re: Using IIS as a reverse proxy in front of Apache/SVN

Thu, 22 Sep 2022 23:30:07 -0700 

I'm following up on an old e-mail [1] on how to use IIS as a reverse proxy
in front of Apache Subversion.

Previously I found found a way to use the URL Rewrite module to forward
requests to mod_dav_svn. This was working fine until I tried to access a
file with a "+" encoded in the filename.

[[[
$ svn log "https://svn.example.com/svn/repo/file with + in filename.txt"

svn: E170013: Unable to connect to a repository at URL '
https://svn.example.com/svn/repo/file%20with%20+%20in%20filename.txt'

svn: E160013: '/svn/repo/file%20with%20+%20in%20filename.txt' path not found

$
]]]

It turns out that IIS will not accept requests with "+" and will reply with
http error 404.11 instead of rewriting the request and forwarding to
mod_dav_svn.

A similar problem is described here [2] and IIS can be configured to
"allowDoubleEscaping" [3]. With this configuration changed everything
worked as expected.

The solution was found by supp...@visualsvn.com (we use their software
stack on the server).

The relevant parts of web.config can be found below.

Kind regards,
Daniel Sahlberg


[1] https://lists.apache.org/thread/bcx15smyth43v1t1vvhqnc8bhxt5b5kd
[2] https://github.com/go-gitea/gitea/issues/10236
[3]
https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/#attributes

[[[
    <system.webServer>
        <rewrite>
            <rules>
                <clear />
                <rule name="To https" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions logicalGrouping="MatchAll"
trackAllCaptures="false">
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect"
url="https://{HTTP_HOST}{REQUEST_URI}";
/>
                </rule>
                <rule name="ProxyWithDestination" enabled="true"
patternSyntax="ECMAScript" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions logicalGrouping="MatchAll"
trackAllCaptures="false">
                        <add input="{HTTP_DESTINATION}" pattern="https://(.*)"
/>
                    </conditions>
                    <serverVariables>
                        <set name="HTTP_DESTINATION" value="http://{C:1}"; />
                    </serverVariables>
                    <action type="Rewrite" url="http://127.0.0.1:81/{R:0}";
logRewrittenUrl="true" />
                </rule>
                <rule name="ProxyRest" patternSyntax="ECMAScript"
stopProcessing="true">
                    <match url="(.*)" negate="false" />
                    <conditions logicalGrouping="MatchAll"
trackAllCaptures="false" />
                    <action type="Rewrite" url="http://127.0.0.1:81/{R:0}";
logRewrittenUrl="true" />
                </rule>
            </rules>
        </rewrite>
        <security>
            <requestFiltering allowDoubleEscaping="true" />
        </security>
    </system.webServer>
]]]

Reply via email to