1

I have XWiki instance running and I am using IIS as reverse proxy to the tomcat for XWiki. For some urls, I get 500 errors. When I access XWiki direct url, I don't get that 500. It is certainly IIS rewrite module which does something that I can't seem to figure out.

Here is one of those urls which throws 500 https://mywikiurl.com/rest/liveData/sources/liveTable/entries?timestamp=1659037220812&namespace=wiki%3Axwiki&sourceParams.resultPage=XWiki.LoggingAdminTableJson&sourceParams.translationPrefix=logging.admin.livetable.&sourceParams.queryFilters=currentlanguage%2Chidden&properties=logger&properties=level&properties=actions&offset=0&limit=15&sort=logger&descending=

When I access the same url directly pointing to the tomcat server, it works just fine and produces the response.

http://mytomcat_server_fqdn:8080/xwiki/rest/liveData/sources/liveTable/entries?timestamp=1659037220812&namespace=wiki%3Axwiki&sourceParams.resultPage=XWiki.LoggingAdminTableJson&sourceParams.translationPrefix=logging.admin.livetable.&sourceParams.queryFilters=currentlanguage%2Chidden&properties=logger&properties=level&properties=actions&offset=0&limit=15&sort=logger&descending=

My web.config for reverse proxy

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules useOriginalURLEncoding="false">
                <clear />
                <rule name="Redirect to Https" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="*" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                        <add input="{HTTPS}" pattern="off" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Found" />
                </rule>
                <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                        <add input="{UNENCODED_URL}" pattern="/(.*)" />
                    </conditions>
                    <action type="Rewrite" url="http://mytomcat_server_fqdn:8080/{C:1}" logRewrittenUrl="false" />
                </rule>
            </rules>
            <outboundRules>
                <preConditions>
                    <preCondition name="ResponseIsHtml1">
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                    </preCondition>
                </preConditions>
            </outboundRules>
        </rewrite>
        <security>
            <requestFiltering allowDoubleEscaping="true">
   <requestLimits maxAllowedContentLength="3521478366" />
                <hiddenSegments>
                    <remove segment="bin" />
                </hiddenSegments>
            </requestFiltering>
        </security>
    </system.webServer>
    <system.web>
  <httpRuntime requestPathInvalidCharacters="" relaxedUrlToFileSystemMapping="true"/>     
        <authentication mode="Windows" />
        <identity impersonate="false" />
    </system.web>
</configuration>

Tomcat server.xml (only modified config sections)

<Connector
           port="8080"
           protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443"
           compression="on"
           compressableMimeType= "text/html,text/xml,text/plain,text/css,text/javascript,application/javascript">
   </Connector>

<Engine name="Catalina" defaultHost="localhost">
  <Valve className="org.apache.catalina.valves.RemoteIpValve"
    internalProxies="127\.0\.[0-1]\.1"
    remoteIpHeader="x-forwarded-for"
    requestAttributesEnabled="true"
    protocolHeader="x-forwarded-proto"
    protocolHeaderHttpsValue="https"></Valve>
    .
    .
    .
 </Engine>

Is there anything I am missing? Anything I need to do on IIS or Tomcat side?
Please let me know if any other information needed on installation and something that I can try out.

Andy Johnson
  • 639
  • 8
  • 27
  • Is the 500-error page produced by the tomcat or IIS? (You might be able to check this by looking at the tomcat "localhost_access" log. If a request coming in via IIS is logged there, the tomcat produced the error, otherwise the IIS.) I do not know much about IIS, but IIS seems to add a `HRESULT` to the error code that might help to narrow down the issue, if the error page is generated from IIS. – Clemens Klein-Robbenhaar Aug 30 '22 at 20:25
  • This error is produced by IIS. When I go to the url bypassing the reverse proxy (directly hitting tomcat), everything works fine – Andy Johnson Sep 01 '22 at 20:42
  • I can only think that the `%3A` (which is an encoded `:`) is blocked by IIS, as the server thinks one tries to access a local file on the server somehow (by trying to inject a drive letter). Is the dummy url https://mywikiurl.com/?a=%3A giving a 500 error, too? – Clemens Klein-Robbenhaar Sep 02 '22 at 22:25
  • assuming you copy/pasted the relevant urls, `https://mywikiurl.com/rest/liveData` and `http://mytomcat_server_fqdn:8080/xwiki/rest/liveData` does not share the same paths. If thats right, find out why `xwiki` is being stripped from the urls. – highboi Sep 21 '22 at 18:51
  • `xwiki` part is covered by IIS reverse proxy. that is why it is not there in the url – Andy Johnson Sep 23 '22 at 13:03

0 Answers0