Posted: 11 March 2010 at 4:59pm | IP Logged

Hello,

We want to use Ape on our web sites with SE friendly URLs. With Isapi Rewrite we were able to block access to the underlying .asp or .aspx files and only allow incoming requests with SE friendly URLs using rules like the below:

RewriteRule (.*)\.aspx / [F]
RewriteRule / /default.aspx [L]
RewriteRule /frequenty-asked-questions /faq.aspx [L]
RewriteRule /about-us /about.aspx [L]

etc.

We are now trying Ape on IIS 7.5 but this doesn't work because after matching a rule and rewriting the URL to its underlying file, mod_rewrite runs again beginning from top and gets blocked by the first rule returning 403 to every request.

How can we solve this?

Posted: 12 March 2010 at 10:59am | IP Logged

Hi Anton,

Unfortunately, the rules you recommend did't work either. To make the case simpler, consider the Default Web Site on a freshly installed IIS 7.5.

There is only one page in the root of the site: iisstart.htm

We want this page to be accessed only through a virtual URL like

http://localhost/start

but return a 403 or 410 response to requests for the real file

http://localhost/iisstart.htm

We don't want the file URLs to be accessible and be indexed by search engines. This is to avoid duplicate page penalties as well as to hide the underlying file/directory structure for safety.

In my trial setup the contents of the .htaccess file is as follows:

RewriteEngine on
RewriteBase /

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule .*\.htm - [F,L]

RewriteRule ^start iisstart.htm [NC,L]

Here is the rewrite.log trace with RewriteLogLevel 9 for the request http://localhost/start:

::1 ::1  [12.Mar.2010:18:03:43] [localhost/sid#1][rid#49491130/initial] (1) [perdir c:\inetpub\wwwroot\] init rewrite engine with /start
::1 ::1  [12.Mar.2010:18:03:43] [localhost/sid#1][rid#49491130/initial] (5) [perdir c:\inetpub\wwwroot\] strip matching prefix: /start -> start
::1 ::1  [12.Mar.2010:18:03:43] [localhost/sid#1][rid#49491130/initial] (3) [perdir c:\inetpub\wwwroot\] applying pattern ^(.*)\.htm to uri start
::1 ::1  [12.Mar.2010:18:03:43] [localhost/sid#1][rid#49491130/initial] (5) [perdir c:\inetpub\wwwroot\] strip matching prefix: /start -> start
::1 ::1  [12.Mar.2010:18:03:43] [localhost/sid#1][rid#49491130/initial] (3) [perdir c:\inetpub\wwwroot\] applying pattern ^start to uri start
::1 ::1  [12.Mar.2010:18:03:43] [localhost/sid#1][rid#49491130/initial] (5) [perdir c:\inetpub\wwwroot\] add per-dir prefix: iisstart.htm -> /iisstart.htm
::1 ::1  [12.Mar.2010:18:03:43] [localhost/sid#1][rid#49491130/initial] (1) [perdir c:\inetpub\wwwroot\] Rewrite URL to >> /iisstart.htm [REWRITE]
::1 ::1  [12.Mar.2010:18:03:43] [localhost/sid#1][rid#49491130/initial] (1) [perdir c:\inetpub\wwwroot\] Rewrite URL /start to >> /iisstart.htm [INTERNAL_REDIRECT]
::1 ::1  [12.Mar.2010:18:03:43] [localhost/sid#1][rid#29318719/initial/1] (5) [perdir c:\inetpub\wwwroot\] strip matching prefix: /iisstart.htm -> iisstart.htm
::1 ::1  [12.Mar.2010:18:03:43] [localhost/sid#1][rid#29318719/initial/1] (3) [perdir c:\inetpub\wwwroot\] applying pattern ^(.*)\.htm to uri iisstart.htm
::1 ::1  [12.Mar.2010:18:03:43] [localhost/sid#1][rid#29318719/initial/1] (4) [perdir c:\inetpub\wwwroot\] RewriteCond: input='C:\inetpub\wwwroot\iisstart.htm' pattern='-f' => matched
::1 ::1  [12.Mar.2010:18:03:43] [localhost/sid#1][rid#29318719/initial/1] (5) [perdir c:\inetpub\wwwroot\] add per-dir prefix: iisstart.htm -> /iisstart.htm
::1 ::1  [12.Mar.2010:18:03:43] [localhost/sid#1][rid#29318719/initial/1] (2) [perdir c:\inetpub\wwwroot\] forcing responsecode 403 for /iisstart.htm

Isn't there a way to avoid running the rule set after a rewrite occurs or to discriminate between an original request and an INTERNAL_REDIRECT and apply or skip the blocking rule accordingly?

Regards