IIS7 and ARR as reverse proxy for Subversion

Question

I am using IIS7 and the Application Request Routing extension to act as a reverse proxy to Subversion running on Apache.

The proxy works fine and I am able to explore the server, and even perform a "check out". However, I cannot browse to files that would normally be forbidden by ASP.NET - for example, .cs, .csproj, and so on. Files ASP.NET wouldn't be concerned with - such as .txt - are fine.

I tried to edit the global web.config to remove the Forbidden handler mapping for these files, but it did not seem to make a difference. Is there any way to allow the URL rewriting module in IIS7 to work, while allowing all file extensions to be rendered?

Answer 1

In addition to Paul Stovell answer, I would recommend activating double escaping. I encountered errors when retrieving files continaing a "+" character in the file name. Double escaping eliminates this problem :

    <configuration>
        <system.webServer>
            <rewrite>
                <rules>
                    <rule name="SVNIn" stopProcessing="false">
                        <match url="(.*)" />
                        <action type="Rewrite" url="http://localhost:8082/svn/{R:1}" />
                    </rule>
                </rules>
            </rewrite>
            <security>
                <requestFiltering allowDoubleEscaping="true">
                    <fileExtensions allowUnlisted="true" applyToWebDAV="true">
                        <clear />
                    </fileExtensions>
                    <verbs allowUnlisted="true" applyToWebDAV="true" />
                    <hiddenSegments applyToWebDAV="true">
                        <clear />
                    </hiddenSegments>
                </requestFiltering>
            </security>
        </system.webServer>
    </configuration>

Answer 2

IIS7 has an applicationHost.config file which has a security section that limits file extensions:

<requestFiltering>
  <fileExtensions allowUnlisted="true" applyToWebDAV="true">
    <add fileExtension=".cs" allowed="false" />
    <add fileExtension=".csproj" allowed="false" />
    <add fileExtension=".vb" allowed="false" />
    <add fileExtension=".vbproj" allowed="false" />
    ....
  </fileExtensions>

More information:

http://learn.iis.net/page.aspx/143/how-to-use-request-filtering/

I added a similar section to my site's web.config and used a <clear /> node to remove all extensions. Now I can serve .cs, .csproj files and others, but I cannot serve .config files yet.

Edit: Removing the hiddenSection nodes corrected this for web.config files too. Here is my local web.config file:

<system.webServer>
  <security>
    <requestFiltering>
      <fileExtensions allowUnlisted="true" applyToWebDAV="true">
        <clear />
      </fileExtensions>
      <verbs allowUnlisted="true" applyToWebDAV="true" />
      <hiddenSegments applyToWebDAV="true">
        <clear />
      </hiddenSegments>
    </requestFiltering>
  </security>
</system.webServer>