Temporary HTTP 403.16 Forbidden Error - IIS

140 views Asked by At

I have an IIS site running in Docker (mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2016) that for the first 5 minutes of it running, I get a 403.16 - Forbidden Error. Then, the site works fine. The relevant lines from my setup script are:

# Install and Configure US DoD InstallRoot, IIS ARR and HTTP Tracing
Set-ExecutionPolicy Bypass -Scope Process -Force
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
choco install installroot -y
choco install iis-arr -y
Set-WebConfigurationProperty -PSPath 'MACHINE/WEBROOT/APPHOST' -Filter 'system.webServer/proxy' -Name 'enabled' -Value 'True'
Add-WindowsFeature Web-Http-Tracing

#Create and Configure IIS Site
Remove-Website -Name 'Default Web Site'
$iisTheBridgePath = 'C:\inetpub\the-bridge'
New-Item -ItemType Directory -Force -Path $iisTheBridgePath
New-Website -Name 'TheBridge' -PhysicalPath $iisTheBridgePath
# https://github.com/microsoft/iis-docker/issues/67
C:\Windows\System32\inetsrv\appcmd set config -section:system.applicationHost/sites "/[name='TheBridge'].traceFailedRequestsLogging.enabled:True" /commit:apphost
C:\Windows\System32\inetsrv\appcmd set config -section:system.applicationHost/sites "/[name='TheBridge'].traceFailedRequestsLogging.maxLogFiles:50" /commit:apphost
C:\Windows\System32\inetsrv\appcmd set config -section:system.applicationHost/sites "/[name='TheBridge'].traceFailedRequestsLogging.directory:C:\inetpub\logs\FailedReqLogFiles" /commit:apphost
New-WebBinding -Name 'TheBridge' -IPAddress * -Port 443 -Protocol https
$cert = New-SelfSignedCertificate -DnsName 'localhost' -CertStoreLocation cert:\LocalMachine\My
Get-Item "Cert:\LocalMachine\My\$($cert.Thumbprint)" | New-Item 'IIS:\SSLBindings\0.0.0.0!443' # Attach the certificate to the SSL binding
Import-Module IISAdministration
$configSection = Get-IISConfigSection -SectionPath 'system.webServer/security/access' -Location 'TheBridge'
Set-IISConfigAttributeValue -AttributeName sslFlags -AttributeValue 'Ssl, SslNegotiateCert, SslRequireCert' -ConfigElement $configSection

Any ideas?

0

There are 0 answers