0

There is a 3rd party client software (which I don't have control of) calling a https endpoint on my web application. Unfortunately, the client sends two User-Agent headers and IIS is responding with a Bad Request (400) response.

Until the 3rd party software is getting fixed, I tried to add a rewrite rule to remove the User-Agent headers from the incoming request. But so far I was out of luck and I'm starting to doubt that it is possible only using IIS. Any idea how to accomplish this?

martinoss
  • 5,268
  • 2
  • 45
  • 53
  • if it's IIS getting upset about the duplicate header, you might need to fix it earlier in the pipeline than IIS. are you using any sort of load balancing tool or WAF? these might have options to remove the offending header. – TZHX Dec 06 '22 at 09:25
  • The 3rd party client I'm talking about is an application gateway which is doing this only for websocket connections. I started off with this question [here](https://stackoverflow.com/questions/74629520/http-error-400-the-request-has-an-invalid-header-name-duplicated-user-agent). Since it turned out that it is IIS related, I separated the question. The app is running on an App Service within Azure ASEv2. ASEv3 seems to be fine with two User-Agent headers. Was able to reproduce the behavior on a local IIS (curl --header "User-Agent: first" --header "User-Agent: second" http://localhost) – martinoss Dec 06 '22 at 12:33

1 Answers1

0

Those 400 errors are thrown by HTTP.sys which is a component working in front of URL Rewrite module. Thus, you cannot expect any rewrite rules to help in this situation, as 400 responses are already sent back and those rules won't be triggered at all.

You have to develop a proxy app to sit in between and remove the unwanted header there. There isn't other easier approach.

Lex Li
  • 60,503
  • 9
  • 116
  • 147