« Previous Next »

• 07-15-2009, 5:06 AM

  nelson_cerqueira Joined on 07-15-2009, 4:51 AM Posts 7

  REMOTE_ADDR IP restriction and DFS Reply Contact We install Microsoft Application Request Routing on a server and we are using it as a reverse proxy server. All the url rewrite rules work, if we update the rule set with new rules everything still works but if we introduce or modify any rule that contains any IP condition and use REMOTE_ADDR as a variable the web server breaks and stop serving. ie: <add input="{REMOTE_ADDR}" pattern="^(10.0.0.1|127.0.0.1)" /> We can only resume serving when we restart the web server. This is very problematic as we use this reverse proxy as a production server and we cant be starting it whenever we want. Can someone have any ideas for solving this? Many thanks.

  Tags: ARRApplication Request RoutingRedirectIIS7 ARRARR Proxy Reverse Proxyapplication Request Routing reverse proxyreverse proxyapplication Request Routing reverse proxy iis iis7 arrARR Reverse proxywebfarmURLRewriteload balanceREMOTE_ADDRIP restrictionIIS 7

• 07-15-2009, 3:49 PM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343	Re: REMOTE_ADDR IP restriction Reply Contact Are these rule changes at the ARR node or the backend web-server node?  Which node stops responding?  What does "appcmd list requests" say?  Do you know how to collect hang dumps and can you collect and send them? Anil Ruia Senior Software Design Engineer IIS Core Server

• 07-16-2009, 5:03 AM

  In reply to

  nelson_cerqueira Joined on 07-15-2009, 4:51 AM Posts 7

  Re: REMOTE_ADDR IP restriction Reply Contact I was trying to simplify the explanation of our system. We have a load balanced system of two reverse proxy servers with a dfs replication system between them on the "url rewrite" web.config rules. Every time that we change a IP based rule on one server (RP1) the other one (RP2) will pick the change thru the DFS replication and after that the only served page will be a 404 error page for all requests made to that server (RP2). The funny thing is if you change or introduce a rule that isn't IP based both servers would be happy with that change.

  Tags: ARRURLRewriteDFS

• 07-16-2009, 12:45 PM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343	Re: REMOTE_ADDR IP restriction Reply Contact Can you collect a failed request trace log of the 404 response? Anil Ruia Senior Software Design Engineer IIS Core Server

• 07-21-2009, 11:02 AM

  In reply to

  nelson_cerqueira Joined on 07-15-2009, 4:51 AM Posts 7

  Re: REMOTE_ADDR IP restriction Reply Contact I set the "The failed request tracing module" on both servers and the only thing codes being logged were 200 codes. When I changed the IP based rule on server A server B crashed only 404 appeared on the browser but no 404 log were logged.   I can only receive logs again when on server B if I restart the web server.   Can you see why is this happening? Is this something to do with the DFS replication of the rules?

• 07-21-2009, 12:58 PM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343

  Re: REMOTE_ADDR IP restriction Reply Contact When you say server B crashed - do you mean the whole machine crashed (BSOD) or that w3wp.exe on server B crashed?  If it is the latter, you should be able to find a crash dump under control panel -> problem reports and solutions.  Is there a way you can share the crash dump (zipping it should make it considerably smaller) - otherwise, reporting the crash to microsoft should copy the dump to microsoft and generate a bucket id for the problem which I can use to locate a copy of the dump. Anil Ruia Senior Software Design Engineer IIS Core Server

• 07-22-2009, 4:53 AM

  In reply to

  nelson_cerqueira Joined on 07-15-2009, 4:51 AM Posts 7

  Re: REMOTE_ADDR IP restriction Reply Contact When I said server B crashed wasn't really the best term because I could remotely access the box and every thing worked as expected not even w3wp.exe was down. I meant to say crash in the sense all links that I tried to access thru the reverse proxy would result on a 404 error page but no error was logged on the failed request tracing rules. After I change the IP based rule on server A and the rules replicate to server B thru DFS, server B stopped logging requests and the only output was 404 error pages. No windows logs or DFS replications were logged at the time.

• 07-26-2009, 9:49 AM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343	Re: REMOTE_ADDR IP restriction Reply Contact Did you configure failed request tracing on server B or the proxy and did you not get failed request tracing at either place?  Can you provide some of the 404 lines from the IIS or httperr log from server B? Anil Ruia Senior Software Design Engineer IIS Core Server

• 07-27-2009, 5:02 AM

  In reply to

  nelson_cerqueira Joined on 07-15-2009, 4:51 AM Posts 7	Re: REMOTE_ADDR IP restriction Reply Contact Yes. Fail request tracing was set on both servers but no 404 error were logged only 200 codes. c:\Windows\System32\LogFiles\HTTPERR don't report any issues either this is very strange. Is like this 404 is a ghost I can't see it in any log but this is the only thing that appears on the browser.  Do you have any idea why is this happening?

• 07-27-2009, 7:25 AM

  In reply to

  nelson_cerqueira Joined on 07-15-2009, 4:51 AM Posts 7

  Re: REMOTE_ADDR IP restriction Reply Contact We reproduced this issue on a test environment with 2 virtual servers and DFS replication on the web.config file.We have two Intel Xeon 64-bit windows 2008 SP1 servers with 4gb of RAM.We have installed: - MS ARR v 1 for IIS7; - MS Web Platform Installer 2.0 RC; - MS Administration Pack for IIS 7.0; - IIS Advanced Logging; - IIS Database Manager RC; - MS External Cache v 1 for IIS 7; - MS URL Rewrite Module 1.1 for IIS 7; - MS Web Farm Framework v 1 for IIS 7; - MS Powershell snap-in for IIS 7;This is a simplify "web.config" with a rule that is causing the issue:  <?xml version="1.0" encoding="utf-8"?> <configuration>       <system.webServer>             <rewrite>                   <rules>                         <clear />                           <rule name="Restrict IP" stopProcessing="true">                               <match url="^(sports/OLB_Listener.*)" ignoreCase="true" />                               <conditions logicalGrouping="MatchAll">                                     <add input="{REMOTE_ADDR}" pattern="^(10.0.0.1|127.0.0.1)" />                                     <add input="{CACHE_URL}" pattern="^(https?)://" />                               </conditions>                               <action type="Rewrite" url="{C:1}://IIS6WebFarm/{R:1}" />                         </rule>                     </rules>             </rewrite>             <tracing>                   <traceFailedRequests>                         <add path="*">                               <traceAreas>                                     <add provider="ASP" verbosity="Verbose" />                                     <add provider="ASPNET" areas="Infrastructure,Module,Page,AppServices" verbosity="Verbose" />                                     <add provider="ISAPI Extension" verbosity="Verbose" />                                     <add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module,Rewrite,RequestRouting" verbosity="Verbose" />                               </traceAreas>                               <failureDefinitions timeTaken="00:00:00" statusCodes="100-600" verbosity="Error" />                         </add>                   </traceFailedRequests>             </tracing>       </system.webServer> </configuration>   Can you see any problem in this configuration that lead to the 404 issues when we change the IP rules on one of the servers and the other one pick it trhu DFS?

• 08-03-2009, 8:42 AM

  In reply to

  nelson_cerqueira Joined on 07-15-2009, 4:51 AM Posts 7	Re: REMOTE_ADDR IP restriction Reply Contact Can you see any problem in this configuration that lead to the 404 issues when we change the IP rules on one of the servers and the other one pick it trhu DFS?