From 65f163c37840a0f2ac67b2b4aba6421231858214 Mon Sep 17 00:00:00 2001
From: Slikkster <13022736+Slikkster@users.noreply.github.com>
Date: Fri, 17 Sep 2021 15:39:27 -0700
Subject: [PATCH] Updating to match the changes to
 https://github.com/qbittorrent/qBittorrent/wiki/NGINX-Reverse-Proxy-for-Web-UI/841c1849f6eb1733b53ed3a6a7bfc932fbda3100

---
 IIS-ARR-Reverse-Proxy.md | 51 +++++++++++++++++++++++++---------------
 1 file changed, 32 insertions(+), 19 deletions(-)

diff --git a/IIS-ARR-Reverse-Proxy.md b/IIS-ARR-Reverse-Proxy.md
index 15afdf5..d6a879c 100644
--- a/IIS-ARR-Reverse-Proxy.md
+++ b/IIS-ARR-Reverse-Proxy.md
@@ -1,4 +1,4 @@
-For users that run qBittorrent via Microsoft IIS as a reverse proxy an extra header is needed. You must install the [URL Rewrite](https://www.iis.net/downloads/microsoft/url-rewrite) and [Application Request Routing](https://www.iis.net/downloads/microsoft/application-request-routing) addons first. Reverse proxy support will be enabled when creating the first rule.
+For users that run qBittorrent via Microsoft IIS as a reverse proxy some extra headers are needed. You must install the [URL Rewrite](https://www.iis.net/downloads/microsoft/url-rewrite) and [Application Request Routing](https://www.iis.net/downloads/microsoft/application-request-routing) addons first. Reverse proxy support will be enabled when creating the first rule.
 
 1. In the IIS Manager, Click on the machine name to view general configuration options
 2. Click on **Application Request Routing Cache**
@@ -7,36 +7,49 @@ For users that run qBittorrent via Microsoft IIS as a reverse proxy an extra hea
 5. Select the site and then open **URL Rewrite**
 6. On the right hand side, open **View Server Variables**
 7. Click **Add** and in the box that appears enter `HTTP_X-Forwarded-Host`
-8. Repeat this for `HTTP_REFERER` and `HTTP_ORIGIN`
+8. Repeat this for `HTTP_X-Forwarded-For` and `RESPONSE_Set_Cookie`
 9. Return to the rules page
 10. Open **Add Rules** and select **Reverse Proxy**
 11. Enter the server IP:Port without `http://` (for example `127.0.0.1:8080`), then click **OK**
 12. Open the new rule and change the path to a subdirectory if needed (for example **qbweb/(.*)** = http://domain.tld/qbweb/)
-13. Under **Server Variables** add the following 3 rules:
+13. Under **Server Variables** add the following rules:
 
     | Server variable name  | Value                     |
     | --------------------- | ------------------------- |
     | HTTP_X-Forwarded-Host | {HTTP_HOST}:{SERVER_PORT} |
-    | HTTP_REFERER          | 0                         |
-    | HTTP_ORIGIN           | 0                         |
+    | HTTP_X-Forwarded-For  | {REMOTE_ADDR}             |
 
-14. In the IIS Manager, right click on the site name and select **Explore**
-15. Look for the `web.config` file and open it your text editor of choice
-16. Find the lines `<set name="HTTP_REFERER" value="0" />` and `<set name="HTTP_ORIGIN" value="0" />` and delete `0` from the **value** of both.
+14. Apply and return to the rules page
+15. Open **Add Rules** and select **Blank rule** under **Outbound rules**
+16. Enter the name `Update Cookie Path`
+17. Change **Matching scope** to `Server Variable`
+18. Enter the variable name `RESPONSE_Set_Cookie`
+19. Enter the pattern `^(.*; path=/)$`
+20. Under **Action Properties** enter the value `{R:1}; Secure`
+21. Apply
 
-The result should look similar to this (Note: you must use the GUI first so reverse proxy support is enabled in IIS):
+The result should look similar to this in your web.config (Note: you must use the GUI first so reverse proxy support is enabled in IIS):
 ```xml
-<rule name="Qbittorrent" stopProcessing="true">
-  <match url="qbweb/(.*)" />
-  <action type="Rewrite" url="http://127.0.0.1:8080/{R:1}" />
-  <serverVariables>
-    <set name="HTTP_X-Forwarded-Host" value="{HTTP_HOST}:{SERVER_PORT}" />
-    <set name="HTTP_REFERER" value="" />
-    <set name="HTTP_ORIGIN" value="" />
-  </serverVariables>
-</rule>
+            <rules>
+                <rule name="Reverse Proxy">
+                    <match url="qbweb/(.*)" />
+                    <action type="Rewrite" url="http://127.0.0.1:8080/{R:1}" />
+                    <serverVariables>
+                        <set name="HTTP_X-Forwarded-Host" value="{HTTP_HOST}:{SERVER_PORT}" />
+                        <set name="HTTP_X-Forwarded-For" value="{REMOTE_ADDR}" />                        
+                    </serverVariables>
+                </rule>
+            </rules>
+            <outboundRules>
+                <rule name="Update Cookie Path">
+                    <match serverVariable="RESPONSE_Set_Cookie" pattern="^(.*; path=/)$" negate="false" />
+                    <action type="Rewrite" value="{R:1}; Secure" />
+                </rule>
+            </outboundRules>
 ```
 
 You can use HTTPS to access the URL via IIS and it will use HTTP to communicate with qBittorrent. There is no need for HTTPS on localhost. 
- 
+
+Note: If you find yourself seeing `WebAPI login failure. Reason: IP has been banned, IP: 127.0.0.1` and needing to restart qBittorrent, you may want to set the ban after failure count to `0` which will disable it.
+
 This tutorial is based on the assistance of Chocobo1 in [this thread](https://github.com/qbittorrent/qBittorrent/issues/7311) and in [this thread](https://github.com/qbittorrent/qBittorrent/issues/7577) for version 3.3.13 onwards.