AspNetCoreModule is ignoring request validation hints during redirection

[danielcrenna]

I am using the .NET Core Redirection Module to forward some external traffic to an internal URL.

The logs on the IIS reverse proxy site appear fine.

info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 POST http://localhost/SiteWithReverseProxy/OldUrl text/xml 545
info: Microsoft.AspNetCore.Rewrite.RewriteMiddleware[9]
      Request was redirected to http://localhost:9999/NewUrl

This results, I think understandably, in a validation rejection, due to the port delimiter:

A potentially dangerous Request.Path value was detected from the client (:)

However, I cannot get the AspNetCoreModule to respect web.config changes to validation policy.

Worth noting that the ported destination is running in-process and otherwise responsive.

This is my proxy web.config, with the usual cabal of validation changes:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.web>
    <pages validateRequest="false" />
    <httpRuntime requestValidationMode="2.0" relaxedUrlToFileSystemMapping="true" requestPathInvalidCharacters="" />
  </system.web>
  <system.webServer>
    <handlers>
      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
    </handlers>
    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" forwardWindowsAuthToken="false" stdoutLogEnabled="false">
      <environmentVariables>
        <environmentVariable name="ASPNETCORE_ENVIRONMENT" value="Tokens" />
      </environmentVariables>
    </aspNetCore>
  </system.webServer>
</configuration>