Rewrite 403 error

Topics: Developer Forum, User Forum
Oct 29, 2010 at 8:51 AM

I am using IIRF v2.1 on IIS6. IIS contain many websites. I have added IIRF as ISAPI filter for only one webiste and its loaded successfully. This website contains two virtual directory "product" and "sale".

Now I have written below rewrite rule in website Iirf.ini file. But when I request sitemap.xml, it gives 403 access forbidden error.

RewriteRule  (.*)/sitemap.xml(.*)  $1/product/sitemap.aspx$2

I have checked website and virtual directory "product" both have required access permissions. If I directly browse "product/sitemap.aspx " then it runs successfully or If I create Redirect rule instead of Rewrite then it works. Please help me to resolve this issue.


Nov 4, 2010 at 1:10 AM

Your rule doesn't look quite right.

As for specifically why you are seeing a 403 - it could be because you are trying to rewrite a request to a different AppPool.  When you use IIRF, you provide rules in a regular text file, present in the physical directory that corresponds to the IIS virtual directory.  Therefore, implicitly, IIRF rules apply to a particular virtual directory.  Here is a second implication that is noted in the documentation, but may not be clear to you:  Using IIRF, you cannot rewrite a request so that it will be serviced outside the worker process that initially received the request.  If there is a separate app pool that services a different site or vdir, you cannot rewrite a request into that other set.  See the reference page for RewriteRule for the details.

ok, having said that, the URL pattern of (.*)/sitemap.xml(.*) seems wrong.  What exactly are you trying to match, with that sort of pattern?  Normally I think a sitemap request is Foo/bar/sitemap.xml , with no query string.  Is that what you would expect in your case?  If that's so, then why are you not using the RewriteBase and using a simple pattern of sitemap.xml$  ?  You could also NOT use RewriteBase, and then explicitly specify the virtual path in the pattern, as with /products/sitemap.xml$ .  But I don't see a reason why you would ever want to use (.*)/sitemap.xml(.*) .

So I suggest you need to think a little more about just what you want and make sure you get your rewriterule correct.  This should allow you to avoid the 403 but get the dynamic sitemap the way you want.


Nov 13, 2010 at 10:46 AM
Edited Nov 13, 2010 at 10:46 AM

Hi Cheeso,

Thanks for your reply and yes issue is of different application pool. I have made used same application pool for website and vdir and issue has been resolved.

Now regarding pattern (.*)/sitemap.xml(.*).

"Normally I think a sitemap request is Foo/bar/sitemap.xml , with no query string. "
My site contains more than 50,000 links and according to google sitemap rule if site contains more than 50,000 link then you have to divide sitemap in to 50,000 links and in this case sitemap URL contains querystring and for this I have to place "(.*)" [$2] after sitemap.xml.

Regarding first "(.*)" [$1] : I have created one website (for example: in IIS and it has 10 host headers (,, ..., Now I want to do rewrite for sitmap.xml file and for all URLs/host headers.  Suggest if you have other alternate pattern.


Nov 13, 2010 at 11:25 AM

I can't make any suggestions at this point, because I don't know what you expect to receive, for sitemap requests.

Yoiu have said that for sitemap requests, there can be a query string, and there can be different hostnames, but so far you have not clearly described what these sitemap requests look like.  Can you give some examples of these requests?  Also, clearly describe what you want to rewrite those URLs to, in each case.  What does the query string get rewritten to?  What do you propose to do with the hostname?  You'll need to give enough answers to illustrate all the variability you expect in sitemap requests.

 for example:

/A/sitemap.xml   ==>   /sitemap.aspx?path=A

and so on... 

Nov 15, 2010 at 4:07 AM

I have used CMS system which has one installation [source code/database] and many websites. In IIS, I have created one website and created one virtual directory "CMS" which points to the my source code.

Now when I need to create a new website in my CMS application, I have two options either I create new website and vdir "CMS" in IIS which points to the source code or I can create host header of it on "" website. I  have chosen second option as I want to use same application pool for all my websites and whatever settings of IIS (like IIRF ISAPI filter, 404, etc) I do for will available for all host headers.

Now regarding sitemap, IN CMS application, Sitemap is created based on the URL(website URL) and for that I have created one .aspx page which returns sitemap [XML format].

Eample of sitemap URL that google will request  is

(1) Now this needs to be rewritten to

(2) Now this needs to be rewritten to

For above rewritten I have installed IIRF on website and added below rule in website IIRf.ini file.

(.*)/sitemap.xml(.*)  $1/cms/sitemap.aspx$2

Nov 15, 2010 at 11:19 AM
ruchirpatel wrote:

For above rewritten I have installed IIRF on website and added below rule in website IIRf.ini file.

(.*)/sitemap.xml(.*)  $1/cms/sitemap.aspx$2

ok that's helpful.

The "rule" you described includes no actual directive.  Of course you will need a RewriteRule directive there.  And, you use (.*) at the beginning of the pattern to capture ... something, I don't know what. The examples you give don't show any preceding url path.  So why do you need the first capture group?  Eliminate it.  Also, you don't include any beginning-of-string marker ( ^ ), which is normally a good idea.  Also consider using the QSA modifier, to capture any query string and append it to the replacement string.  This removes the need for the 2nd capture group.  The result is like this:

RewriteRule  ^/sitemap.xml     /cms/sitemap.aspx    [QSA,L]

Read the documentation on the QSA modifier (on the page for Rewriterule) to understand what that means. 

If all requests for different hostnames arrive at the same IIS site, then you don't need different rules for different hosts. This one rule will work for all domains.  This assumes that the "/cms" portion of the url path in the rewritten url is the same for domain1 and domain2.  If the "/cms" is different for each hostname, then you will need to do something different.  You will need a RewriteCond to match/capture the hostname, and a RewriteMap to map from the short hostname to the url path segment for that hostname.  Read the documentation on RewriteMap to understand what I mean.

Good luck.