Subsonic Forum

[JesterEE]

Hello Community,

Problem
I'd like to report an issue I have seen recently when Subsonic server 5 & 6 is used along with Windows Internet Information Services (IIS) set as a reverse proxy with Dynamic IP Restrictions enabled.

TL;DR;
Subsonic only resolves a subset of the forwarded requests as others are denied by the reverse proxy due to "flooding" the server. Result is an intermittent and unstable experience for the web-page based front-end.

Details
My Subsonic server is hosted on a Windows Server with IIS used as a reverse proxy. This setup is not unlike the multitude of users that use Apache/Nginx/etc. on Linux for similar purposes. This experience has been very stable for years, however recently I needed to set up Dynamic IP Restrictions on the server to combat some bots from trolling.

In a nutshell, Dynamic IP Restrictions kind of works like an extremely simplified fail2ban service for IIS hosted services. Using this feature allows the server to stop requests from being processed when a user asks for information too frequently (either simultaneously, or within a time frame) and return errors instead.

Seemingly, when using Subsonic from the web interface, many requests are made to the server simultaneously and in short succession. As a result, after logging in, many of the elements on the page fail to load (the player, cover art, right/left panels, etc.). Looking at the IIS logs, I have confirmed that the error codes associated with the IP restriction settings (403) are returned instead of the successful status code (200). Since the application asks for all these elements at the same time, what loads and what doesn't load changes each time you try so the result is somewhat arbitrary yet always unstable. If I turn dynamic IP restrictions off, all is right in the world of Subsonic and it works as expected (stuff loads, stuff plays, life is good).

Question
Is there any way to control how Subsonic asks the server for data so I can use Dynamic IP Restrictions on my reverse proxy?

Server Configuration

• Windows Server 2012 R2
• IIS 8 Application Request Routing proxy server, URL rewrite reverse proxy, Dynamic IP Restrictions
• Subsonic 5.3 / 6.0b2

Routing Path
Internet/Intranet -> Router -> Windows IIS -> Subsonic Jetty
http://www.MYSERVER.com -> Router Port 80 forward to Windows Server -> IIS URL Rewrite Rule http://www.MYSERVER.com:80>localhost:PORT -> Jetty hosted localhost:PORT

Thanks!
JesterEE

[JesterEE]

I did some more experimenting with IIS today, and I think I found a work around. For posterity, here is my solution.

Since Subsonic works on a Java server, your IIS proxy and rewrite rules that will reroute traffic to that server software typically go at the top level (SERVER [http://localhost], not under the Sites list). This works well because it intercepts all packets headed through IIS and mangles them as you define. However, when using Dynamic IP Restriction with a service such as Subsonic, putting those conditions at the top level is not advisable.

Instead, create an IIS site for Subsonic so you can specialize the IIS conditions it imposes before sending the packets on their way. IIS will not "serve" anything for this site as the proxy/URL rewrite will forward the requests before it can do anything, so this just acts as a settings container. The following instructions are for servers on IIS8.

1) Create a Site in the IIS Site list and define the inputs appropriately.

• Site: Subsonic (Or whatever name you want)
• Application pool: DefaultAppPool (This actually doesn't matter)
• Physical Path: C:\subsonic\install\path (This actually doesn't matter)
• Binding:
  
  • Type: http
  • IP address: All Unassigned
  • Port: 80 (Or whatever port your site is on ... e.g. whatever port your rewrite rules are mangling)
  • Host name: www.yourserver.com/subsonic (THIS IS IMPORTANT!!)

2) Open the site in the Sites list, select the Features View tab, and open IP Address and Domain Restrictions under the IIS heading.

3) In the Actions pane, open "Edit Dynamic Restriction Settings..."

4) Make sure nothing is checked, and Select OK

5) Your done!

What you just did was create specialized Dynamic IP Restrictions (or lack of Dynamic IP Restrictions) for your Subsonic site. You can now set other specialized Dynamic IP Restrictions at the site level for the other sites on your IIS server (e.g. the outward facing site on port 80, etc.). The important part is to leave the server level Dynamic IP Restrictions blank as well. You can add allow/deny rules to the top level as they are Static IP Restrictions and they will proliferate down to the site level on its own.

Hope this helps someone in the future!
JesterEE