Notifications
Q&A

How do I get IIS UrlRewrite to handle CSS-delivered woff files appropriately?

+4
−0

Context: Azure; Windows Server 2012; IIS 8

First up, here's the (redacted) web.config for reference

<rewrite>
	<rules>
		<rule name="ReverseProxyInboundRule1" stopProcessing="false">
			<match url="(.*)" />
			<action type="Rewrite" url="https://www.khatam.com/{R:1}" logRewrittenUrl="true" />
			<serverVariables>
				<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
				<set name="HTTP_ACCEPT_ENCODING" value="" />
			</serverVariables>
		</rule>
		<rule name="Capture Http Origin Header" enabled="true">
			<match url=".*" />
			<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
				<add input="{HTTP_ORIGIN}" pattern=".+" />
			</conditions>
			<serverVariables>
				<set name="CAPTURED_ORIGIN" value="{C:0}" />
			</serverVariables>
			<action type="None" />
		</rule>
	</rules>
	<outboundRules>
		<clear />
		<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
			<match filterByTags="None" pattern="^http(s)?://www.khatam.com/(.*)" />
			<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
			<action type="Rewrite" value="http{R:1}://jamuni.pemaish.com.au/{R:2}" />
		</rule>
		
		<rule name="Rewrite mundrjatzxera Assets" preCondition="ResponseIsHtml1" enabled="true">
			<match filterByTags="None" pattern="^/(mundrjat/zxera/.*)" />
			<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
			<action type="Rewrite" value="https://www.khatam.com/{R:1}" />
		</rule>
		
		<rule name="Rewrite Source Srcset in Picture Assets" preCondition="ResponseIsHtml1" enabled="true">
			<match filterByTags="CustomTags" customTags="Source Srcset in Picture" pattern=",?\/(mundrjat\/zxera\/\S+\s\d+w)" />
			<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
			<action type="Rewrite" value="https://www.khatam.com/{R:1}" />
		</rule>

		<rule name="Rewrite X-Frame-Options" enabled="true" patternSyntax="Wildcard">
			<match serverVariable="RESPONSE_X-Frame-Options" pattern="*" />
			<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
			<action type="Rewrite" />
		</rule>
		
		<rule name="Set-Access-Control-Allow-Origin for known origins" enabled="true">
			<match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern=".+" negate="true" />
			<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
			<action type="Rewrite" value="{CAPTURED_ORIGIN}" />
		</rule>
		
		<rule name="Restore Accept Encoding" preCondition="Needs to Restore Original Accept Encoding" enabled="true">
			<match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)$" />
			<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
			<action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
		</rule>
		
		<preConditions>
			<preCondition name="ResponseIsCss">
				<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/css" />
			</preCondition>
			<preCondition name="ResponseIsHtml1">
				<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
			</preCondition>
			<preCondition name="ResponseIsEverything">
				<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/(.+)$" />
			</preCondition>
			<preCondition name="Needs to Restore Original Accept Encoding">
				<add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".*" />
			</preCondition>
		</preConditions>
		
		<customTags>
			<tags name="Source Srcset in Picture">
				<tag name="source" attribute="srcset" />
			</tags>
		</customTags>
	</outboundRules>
</rewrite>
...

<httpProtocol>
	<customHeaders>
		<add name="Access-Control-Allow-Origin" value="*" />
	</customHeaders>
</httpProtocol>

We're reverse proxying a site for a client. The proxied site is www.khatam.com. The server through which the proxying is effected is jamuni.pemaish.com.au (yes, I do speak Urdu, albeit not brilliantly.) The client will have an IFRAME in their site which will interact with khatam.com's site via our jamuni server.

So far so good: the client is able to run everything in khatam's site via their IFRAME. What's NOT working so well is that there are WOFF files referenced in the one of the CSS files and these are not loading.

When in devtools in a browser (which is rendering the IFRAME) all the woffs are in red, with the General headers being

Request URL: https://jamuni.pemaish.com.au/vgera.mukljuga/jugabisbis/mukljuga/khatam/vesael/icomoon.woff
Request Method: GET
Status Code: 500 URL Rewrite Module Error.
Remote Address: XXX.XXX.XXX.XXX:443
Referrer Policy: no-referrer-when-downgrade

I have tried to write a rule to change the CSS, viz

<rule name="Rewrite vgera.mukljuga Assets" preCondition="ResponseIsCss" enabled="true">
       <match filterByTags="None" pattern="url\((khatam/vesael/.*?.woff)" />
       <conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
       <action type="Rewrite" value="url(https://www.khatam.com/vgera.mukljuga/jugabisbis/mukljuga/{R:1}" />
</rule>

but whether the target or the intermediate is specified, I still get the 500 error. Now as I re-read this I'm wondering if I'm having the output of one rewrite being picked up by another leading to a loop or a race. If I take the link from the General above and put it into the address bar of the browser, I get a woff file suggesting that there's contention between two or more rules.

The CSS rules are relative-pathed. Here's one of them:

@font-face {
	font-family: trade-gothic-condensed;
	src: url(khatam/vesael/tradegothicltcom-bdcn20-webfont.woff) format("woff");
	font-weight: 700;
	font-style: normal;
	-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}

Suggestions welcome.

Why should this post be closed?

3 comments

"…leading to a loop or a race": what happens when you add stopProcessing="true"? ‭Jack Douglas‭ 3 months ago

My concern is where to place that rule. Should it be at the end of everything? I'm still hazy on what "stopProcessing" means. ‭bugmagnet‭ 3 months ago

Rewrite can swallow errors or bubble them up as something else. Have you and they made sure woff is configured as a mime type on all web servers involved? Can you browse directly to a rewritten woff URL? ‭ShowMeBillyJo‭ 2 months ago

0 answers

Sign up to answer this question »