A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More

AI OnAI Off

Edit mode errors with CMS 6 R2 behind reverse proxy

Magnus Olsson
Magnus Olsson
Vote:
 
We are trying to set up a reverse proxy in front of a Episerver CMS 6 R2 site. For this we are using IIS, URL Rewrite and Application Request Routing to enable to run this site in parallell with some other applications. This site is the "main" site and we simply have the rewrite rule for this last in the reverse proxy's config as a "catch everything else and just pass through".
 
The site is fairly battle tested for many years and everything looked straight forward putting the site behind the reverse proxy. Site works just fine for visitors and at a first glance everything seemed OK.
 
However, we are getting some some strange errors in Epi edit which only occurs for the Preview tab and visiting the page (as logged in editor) on the website.
And the errors only occur on tree nodes at the first couple of levels like this:
Start (redirects to A)  
| - Section A Error
     | - Subpage 1 Error
          | - Sub subpage x Works
          | - Sub subpage y Works
| - Section B Error
     | - Subpage 1 Error
          | - Sub subpage x Works
          | - Sub subpage y Works

 

The error we are experiencing when loading the Preview tab is:

[HttpException (0x80004005): Cannot use a leading .. to exit above the top directory.]
   System.Web.Util.UrlPath.ReduceVirtualPath(String path) +9902254
   System.Web.Util.UrlPath.Reduce(String path) +50
   System.Web.Util.UrlPath.Combine(String appPath, String basepath, String relative) +217
   System.Web.VirtualPath.Combine(VirtualPath relativePath) +130
   System.Web.VirtualPath.Combine(VirtualPath v1, VirtualPath v2) +53
   System.Web.VirtualPathUtility.Combine(String basePath, String relativePath) +39
   System.Web.Mvc.PathHelpers.MakeAbsolute(String basePath, String relativePath) +32
   System.Web.Mvc.PathHelpers.GenerateClientUrlInternal(HttpContextBase httpContext, String contentPath) +258
   System.Web.Mvc.PathHelpers.GenerateClientUrl(HttpContextBase httpContext, String contentPath) +69
   System.Web.Mvc.UrlHelper.GenerateUrl(String routeName, String actionName, String controllerName, RouteValueDictionary routeValues, RouteCollection routeCollection, RequestContext requestContext, Boolean includeImplicitMvcValues) +139
   System.Web.Mvc.UrlHelper.GenerateUrl(String routeName, String actionName, String controllerName, String protocol, String hostName, String fragment, RouteValueDictionary routeValues, RouteCollection routeCollection, RequestContext requestContext, Boolean includeImplicitMvcValues) +34
   System.Web.Mvc.UrlHelper.RouteUrl(String routeName, Object routeValues, String protocol) +60
   EPiServer.Shell.Web.UI.PageExtensions.ActionUrl(Page page, Object routeValues) +151
   EPiServer.Shell.Web.UI.PageExtensions.ActionUrl(Page page, String moduleName, String controllerName, String action) +60
   EPiServer.Web.PageExtensions.ContextMenu.RegisterMenuScripts(Object sender, EventArgs e) +1347
   System.EventHandler.Invoke(Object sender, EventArgs e) +0
   System.Web.UI.Control.OnInit(EventArgs e) +95
   System.Web.UI.Page.OnInit(EventArgs e) +13
   EPiServer.PageBase.OnInit(EventArgs e) +12
   System.Web.UI.Control.InitRecursive(Control namingContainer) +139
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +489

Is this Epi trying to load some resources need for the on page editing features and somehow getting confused? Any help on this matter would be greatly appreciated.

//Magnus

#181816
Edited, Aug 31, 2017 8:23
Magnus Olsson
Magnus Olsson
Vote:
 

We temporarily worked around the problem by disabling the Context Menu by unchecking the  Admin -> Config tab -> Plug-in Manager -> EPiServer -> Overview tab -> Page Extensions section -> ContextMenu checkbox

Apparantly the editors are not using this feature in their day to day work so it's not a showstopper. But it would still perhaps be interesting to solve this in long run.

//Magnus

#181823
Aug 31, 2017 9:50
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.