Window 2016 / IIS 10.
I want to block all requests that are using the servername:portnumber/service and enforce the use of DNS-aliases. Problem at the moment seems to be that when the rule "Allow SOAPUI" matches it does not stop processing and therefore the last one kicks in and blocks SOAPUI
<rule name="Allow SOAPUI" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="dsttst100*" />
<add input="{HTTP_USER_AGENT}" pattern="*SOAPUI*" negate="true" />
</conditions>
<action type="Rewrite" url="http://redirect.to.what" />
</rule>
<rule name="Only allow requests from loadbalancer" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions logicalGrouping="MatchAny" trackAllCaptures="false">
<add input="{REMOTE_ADDR}" pattern="111.22.55.11" negate="true" />
</conditions>
<action type="CustomResponse" statusCode="403" subStatusCode="6" statusReason="Only allowed from IISAR01 (use DNS) or using SOAPUI" statusDescription="Use dns-alias" />
</rule>
While trying do describe my issue I did figure out the solution - at least one possible solution. The reason for the second rule being triggered is that whenever a request with servername:port and SOAPUI user agent was triggered it did not match the first rule...since it was SOAPUI. Solution was to create a second rule with action type none if servername:portnumber AND SOAPUI.
<rule name="Servername - allow SOAPUI" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="dsttst100*" />
<add input="{HTTP_USER_AGENT}" pattern="*SOAPUI*" />
</conditions>
<action type="None" />
</rule>
This will then prevent the last rule to be processed.