ASP.NET App_Offline.htm Problems

18 November 2019

One of my asp.net sites on IIS is just used occassionaly, so I often want to turn it off completely.

To do so I was using the old App_Offline.htm trick, by putting this file in the root of the web site, no other pages or resources are served. Just the content of that file is returned for all requests.

When I tried to do this recently, rather than showing the content of that page, a 503 error page was returned.

A second problem is that I am using LetsEncrypt for many sites. I am using a http-challenge and my server script automatically updates the certificates every 2 months. For this particular web site, the renewal didn't work when App_Offline.htm was in place. This is understandable because even though my scripts creates the acme-challenge file, the page is not served to the LetsEncrypt checking process.

The first problem is the topic of a Stack Overflow question my answer there explains a bit what happens.

By setting

 <httpErrors existingResponse="Replace">

we instruct IIS to ignore whatever asp.net (who is responsible for the App_Offline.htm trick) sends us and return its own IIS 503 page.

a 

 <httpErrors existingResponse="Auto">

would work, but this may have other side effects and I didn't want my site's offline status depend on a seemingly unrelated setting.

App_Offline.htm may also not work for any static pages because they may not run through the asp.net pipeline.

So I decided to retired the App_Offline.htm approach and change the way I offline my sites.

A feature of IIS I use quite a bit is the URL Rewrite module, so I created a new rule:

<rule name="AppOffline" enabled="true" stopProcessing="true">
    <match url=".*"></match>
    <action type="Rewrite" url="/appisoffline.html"></action>
</rule>

This matches all requests, asp.net or static and rewrites them to a static page. I can simple change enabled="false" to turn this on or off.

What about the LetsEncrypt problem, I want the certificate renewal to work, even though the site is offline. So pretty much all I want to allow is a single file location, I just added a condition to my rule: If the request is for a file in the LetsEncrypt challenge directory and has a restricted name with at least 25 characters I will allow the request.

Tags: ASP.Net | IIS | Web

Pages in this section

Categories

ASP.Net | Community | Development | IIS | IT Pro | Security | SQL (Server) | Tools | Web | Work on the road | Windows