locked
SharePoint 2010 Publishing Through UAG - (/_layouts/ Nintex Issue) RRS feed

  • Question

  • Hi,

    We are publishing SharePoint out through UAG in a reverse proxy scenario. We noticed a few issues with Nintex Workflow 2010 through UAG access. After closer inspection to the web monitor we see the following requests being blocked.

    A request from source IP address 172.XXXXXXX, user xxx-sp-server-test on trunk extranetdev; Secure=1 for application SharePoint Extranet Dev of type SharePoint14AAM failed. The URL /_layouts/NintexWorkflow/undefined&ListId=8f234bf1-eebb-4115-b145-439183389b29 contains an illegal path. The rule applied is Default rule. The method is GET.

    A request from source IP address 172.XXXXXXX, user XXXX on trunk extranetdev; Secure=1 for application SharePoint Extranet Dev of type SharePoint14AAM failed. The URL /_layouts/'%20+ contains an illegal path. The rule applied is Default rule. The method is GET.

    It looks like some _layouts resources are blocked. Is there a way I can allow _layouts/* (all)? What would the RegExp be? Looking at the error messages, does anyone else see issues?

    Thanks

    Chris 

     



    Wednesday, January 18, 2012 7:50 PM

Answers

  • if you wanted to allow all the requests under that subdirectory you'd add an accept rule with /_layouts/.* as the URL.  You'd probably ignore parameters and use a method of GET.   Like all the other sharepoint 2010 rules the rule name should be:  SharePoint14AAM_something

    Thanks,

    Mark


    • Edited by Mark Resnik Thursday, January 19, 2012 2:06 AM
    • Proposed as answer by Ran [MSFT] Saturday, January 21, 2012 1:46 PM
    • Marked as answer by Chrisjwhitney Monday, February 20, 2012 6:30 PM
    Thursday, January 19, 2012 2:05 AM

All replies

  • if you wanted to allow all the requests under that subdirectory you'd add an accept rule with /_layouts/.* as the URL.  You'd probably ignore parameters and use a method of GET.   Like all the other sharepoint 2010 rules the rule name should be:  SharePoint14AAM_something

    Thanks,

    Mark


    • Edited by Mark Resnik Thursday, January 19, 2012 2:06 AM
    • Proposed as answer by Ran [MSFT] Saturday, January 21, 2012 1:46 PM
    • Marked as answer by Chrisjwhitney Monday, February 20, 2012 6:30 PM
    Thursday, January 19, 2012 2:05 AM
  • Of course the other option is to search thru all the existing rules that would allow /_layouts/something and see what is different about your requests that the default rules don't allow and either adjust those default rules slightly or add rules similar to them that cover your non-vanilla case without being so wide open with a .* and totally ignoring parameters..
    Thursday, January 19, 2012 2:09 AM
  • We are having the problem with SP 2013 and the latest version of Nintex.  We tried setting the UAG with a URL set like the following:

    SharePoint15_Rule61_xap - Accept - /_layouts/.* - Ignore - no note - Get

    This did not solve the problem - any further suggestions???




    Friday, September 18, 2015 11:33 PM
  • We got the Nixtex Workflow to go through the UAG by removing any entry in the "URL Set" that we through would work and adding the following entry in the trunk configuration, "Portal" > "Edit..." (in the "Do not parse the response bodies to these requests:" area).  We added the following entry for the specific server:

    .*NintexWorkflow/.*

    This allowed the traffic to go through the UAG.

    Monday, September 21, 2015 8:42 PM
  • ...oops... "the URL Set  that we THOUGHT would work..."
    Monday, September 21, 2015 11:05 PM