Intermittent 404.19 even though an extension is allowed

I noticed this for the first time on a Windows Server 2019 system when I was migrating websites from Windows Server 2008 R2 using Web Deploy 3.6 from Microsoft.  I started loading websites to test them and was greeted by IIS Error 404.19 – Denied by filtering rule.  If you hit refresh it might then load successfully and do so a couple of times then fail again with another 404.19 error.  In IIS this is the website -> Request Filtering -> Rules area for a website.

Going to this section of those websites there was nothing there that would block calls.  We had rules to detect for specific query strings and URL items to block that came over with Web Deploy from the previous website as expected.  What I discovered is that we have server level Filter Request Rules so we have one set of rules that cover all IIS websites.  If any of those rules had been modified on the old system to add/remove items at the website level this then created a duplicate of the rule in that website when imported to the new system with those server level rules.  THe real gotcha is that the new rules were given new names on the new server so in the web.config where there’s a clear command it’s not removing the server one in favor of the local website one.  This resulted in having multiple rules doing the exact same thing and it seems that makes IIS very unhappy.  These duplicate rules doing nearly the same thing began causing these intermittent 404.19 errors.  Renaming the server level rule to match what it was on the older server then allowed the clear command in the local website to correctly replace the rule with their custom version.

Comments or questions?

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.