Not able to use IIS reverse proxy since 3.3.13

[Rouzax]

qBittorrent version and Operating System:

qBittorent: 3.3.13 till 3.3.16
Windows Server 2016 fully pathed

What is the problem:

Since 3.3.13 I'm unable to upgrade beacuse my reverse Proxy with IIS ARR does not work.

I've following the steps in https://github.com/qbittorrent/qBittorrent/wiki/IIS-ARR-Reverse-Proxy
Unfortunately that results in a weird looking logon screen

When I try to logon I just get an empty screen that has my usename and password in the URL bar.

My web.config has the following line:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="Lets Encrypt" stopProcessing="true">
                    <match url=".well-known/acme-challenge/.*" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
                    <action type="None" />
                </rule>
				<rule name="HTTP Redirect to HTTPS" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
					<match url="*" ignoreCase="true" />
					<conditions>
                        <add input="{HTTPS}" pattern="off" />
					</conditions>
					<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="true" redirectType="Found" />
				</rule>
                <rule name="Torrent Reverse Proxy" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="*" />
                    <action type="Rewrite" url="http://download:8080/{R:1}" />
                    <serverVariables>
                        <set name="HTTP_X-Forwarded-Host" value="{HTTP_HOST}:{SERVER_PORT}" />
                    </serverVariables>
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

Also tried with the temporary 3.3.15 fix that is in the wiki.

[Chocobo1]

I'm unfamiliar with IIS, in general, you could try suppressing both Origin & Referrer headers and also ensure qbt receive correct host header.
i.e. just observe & follow what a normal browser would do.

[JamiePhonic]

After managing to get my own IIS server to play ball, i can confirm that's what you need to do.
Simply add <set name="HTTP_REFERER" value="" /> to your config below <set name="HTTP_X-Forwarded-Host" value="{HTTP_HOST}:{SERVER_PORT}" />
(Obviously you'll need to add it as a variable in the URL rewrite module)

i.e.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="Lets Encrypt" stopProcessing="true">
                    <match url=".well-known/acme-challenge/.*" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
                    <action type="None" />
                </rule>
				<rule name="HTTP Redirect to HTTPS" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
					<match url="*" ignoreCase="true" />
					<conditions>
                        <add input="{HTTPS}" pattern="off" />
					</conditions>
					<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="true" redirectType="Found" />
				</rule>
                <rule name="Torrent Reverse Proxy" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="*" />
                    <action type="Rewrite" url="http://download:8080/{R:1}" />
                    <serverVariables>
                        <set name="HTTP_X-Forwarded-Host" value="{HTTP_HOST}:{SERVER_PORT}" />
                        <set name="HTTP_REFERER" value="" />
                    </serverVariables>
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

[Rouzax]

@JamiePhonic Thanks that bring me a bit further.
My logon screen now look okay but when I try to logon I get the message:
Unable to log in, qBittorrent is probably unreachable.

This is my IIS log, that shows the 401's on the logon.

#Software: Microsoft Internet Information Services 10.0
#Version: 1.0
#Date: 2017-10-13 15:30:56
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
2017-10-13 15:30:56 192.168.2.12 GET / X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=ad36f450-afe0-4259-8379-dc08f600a9e2&SERVER-STATUS=200 443 - 192.168.2.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/61.0.3163.100+Safari/537.36 - 200 0 0 182
2017-10-13 15:30:56 192.168.2.12 GET /css/style.css X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=75569718-5d1b-438a-b374-02d69d911adf&SERVER-STATUS=200 443 - 192.168.2.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/61.0.3163.100+Safari/537.36 - 200 0 0 0
2017-10-13 15:30:56 192.168.2.12 GET /scripts/mootools-1.2-core-yc.js X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=48c0742a-737e-432c-8015-b23998345a7e&SERVER-STATUS=200 443 - 192.168.2.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/61.0.3163.100+Safari/537.36 - 200 0 0 0
2017-10-13 15:30:56 192.168.2.12 GET /images/qbittorrent.png X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=6ebb37a9-26ae-4032-840b-57f0edc680d7&SERVER-STATUS=200 443 - 192.168.2.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/61.0.3163.100+Safari/537.36 - 200 0 0 13
2017-10-13 15:30:56 192.168.2.12 GET /favicon.ico X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=36202bab-536d-4887-8636-781d6be5689c&SERVER-STATUS=200 443 - 192.168.2.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/61.0.3163.100+Safari/537.36 - 200 0 0 46
2017-10-13 15:30:58 192.168.2.12 POST /login X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=9d2cf821-0681-4f5b-b852-f09ab3f96e04&SERVER-STATUS=401 443 - 192.168.2.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/61.0.3163.100+Safari/537.36 - 401 0 0 0
2017-10-13 15:31:01 192.168.2.12 POST /login X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=cedcbf00-bc8d-4166-aed8-54e86569d07f&SERVER-STATUS=401 443 - 192.168.2.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/61.0.3163.100+Safari/537.36 - 401 0 0 15
2017-10-13 15:31:03 192.168.2.12 POST /login X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=7cd46af6-8a38-4b28-840b-9a85b6820a66&SERVER-STATUS=401 443 - 192.168.2.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/61.0.3163.100+Safari/537.36 - 401 0 0 0
2017-10-13 15:31:05 192.168.2.12 POST /login X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=5d4cecb8-76b8-4d96-b0c2-d46f11ff4144&SERVER-STATUS=401 443 - 192.168.2.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/61.0.3163.100+Safari/537.36 - 401 0 0 15

[JamiePhonic]

Here is a copy of my web.confg file that's working with QBT 3.3.16
(Pastebined for neatness)

https://pastebin.com/TSJEsLnq

[Rouzax]

Still won't work for me. I've literally copied and pasted your web.config and changed it to my domain names. It results in the exact same logon issue.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="Lets Encrypt" stopProcessing="true">
                    <match url=".well-known/acme-challenge/.*" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
                    <action type="None" />
                </rule>
				<rule name="HTTP Redirect to HTTPS" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
					<match url="*" ignoreCase="true" />
					<conditions>
                        <add input="{HTTPS}" pattern="off" />
					</conditions>
					<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="true" redirectType="Found" />
				</rule>
                <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://download:8080/{R:1}" />
					<serverVariables>
                        <set name="HTTP_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
                        <set name="HTTP_ACCEPT_ENCODING" value="EE" />
                        <set name="HTTP_X-Forwarded-Host" value="{HTTP_HOST}:8080" />
                        <set name="HTTP_REFERER" value="" />
                    </serverVariables>
                </rule>
            </rules>
            <outboundRules>
                <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
                    <match filterByTags="A, Form, Img, Link, Script" pattern="^http(s)?://download:8080/(.*)" />
                    <action type="Rewrite" value="http{R:1}://torrent.xxx.yyy/{R:2}" />
                </rule>
                <rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
                  <match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
                  <action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
                </rule>
                <preConditions>
                    <preCondition name="ResponseIsHtml1">
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                    </preCondition>
                    <preCondition name="NeedsRestoringAcceptEncoding">
                        <add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" />
                    </preCondition>
                </preConditions>
            </outboundRules>		
        </rewrite>
    </system.webServer>
</configuration>

I think you have qBittorent on the same host as IIS, in my instance it is on a separate server.

[JamiePhonic]

Yes, My setup is qBittorrent 3.3.16 running on Windows Server 2016 with IIS 10, URL Rewrite 2.5 and ARR 3.0.

Try disabling the "redirect to HTTPS" rule and get the server to listen on HTTP.
If it works that way, it may be related to SSL, though its unlikely.
I'm testing it with an internal self signed certificate, but that shouldn't make any difference.

In the mean time, i'll try installing QBT on a different machine and pointing IIS at that instead to see if i get the same issue as you.

Update
I installed qBittorrent on another host on my network and changed the proxy rules accordingly. Didn't have any issues. (Note: I used the hosts IP address instead of host names.)
Perhaps try re-installing qBittorrent to allow it to re-create any firewall rules that may be missing?
Failing that, i am clean out of ideas!

[Rouzax]

@JamiePhonic You're not changing anything in qBittorrent right?
I can open the qBittorrent webpage from the IIS server without issue.

One thing I also have is hostheaders enabled in IIS as I have 9 websites running with their own subdomain under xxx.yyy

EDIT:
Started a new test were I still use qBittorrent 3.3.12 with the new web.config as posted by me above.
The result is a completely working site.
After the upgrade to 3.3.16 I get the error even if I change the internal hostname to the internal IP address
Also no change if I disable HTTPS rule and try directly over HTTP

Which server variables do you have defined? I now have 4

[JamiePhonic]

I have Host Headers enabled too.

Those are the 4 variables you should have in the server variables setion of the inbound rewrite rule

The first takes the content of the HTTP_ACCEPT_ENCODING variable and stores it in the HTTP_ORIGINAL_ACCEPT_ENCODING variable.
the second clears the value of the HTTP_ACCEPT_ENCODING variable (fixes issues performing rewrites on requests that have compression enabled, the outbound rewrite rule restores this value on the way back out)
the 3rd clears the value of the REFERER header and the 4th sets the X-Forwarded-Host header value.

I'm not sure why you cant get it to work with the exact same configuration i'm using.
Did you try using IP addresses instead of host names to connect to the QBT server?
You could try wiresharking the connection between the web server and QBT to see if IIS is actually manipulating the headers as instructed.
You could also try configuring "Failed Request Tracing" to see if the problem lies with IIS.
Lastly, try hitting F12 in your browser to enable debug view and checking the Console tab for any errors.

[Rouzax]

Yes I did try to use the internal IP Address as well, the same result however.
I'm getting ready to just pull my hair out 😖.

[Chocobo1]

I'm getting ready to just pull my hair out 😖.

I think I'll be adding code to record these errors/failures in log.

[Rouzax]

@Chocobo1 You mean in qBittorrent?

[Chocobo1]

@Chocobo1 You mean in qBittorrent?

Of course.

UPDATE: see PR #7603.

[Chocobo1]

@Rouzax
Are you running qbt on windows? If so here's a test build for you, look into qbt log.

You can find its source in PR #7603.

[Rouzax]

Running on Windows indeed, will give it a try and post the results.

[Rouzax]

I've tested the test build and this is the output:

(N) 2017-10-20T10:20:28 - qBittorrent v3.4.0beta2 started
(I) 2017-10-20T10:20:28 - qBittorrent is trying to listen on any interface port: 21316
(N) 2017-10-20T10:20:28 - Peer ID: -qB3400-
(N) 2017-10-20T10:20:28 - HTTP User-Agent is 'qBittorrent/3.4.0beta2'
(I) 2017-10-20T10:20:28 - DHT support [ON]
(I) 2017-10-20T10:20:28 - Local Peer Discovery support [ON]
(I) 2017-10-20T10:20:28 - PeX support [ON]
(I) 2017-10-20T10:20:28 - Anonymous mode [OFF]
(I) 2017-10-20T10:20:28 - Encryption support [ON]
(I) 2017-10-20T10:20:28 - Embedded Tracker [OFF]
(I) 2017-10-20T10:20:28 - GeoIP database loaded. Type: GeoLite2-Country. Build time: wo okt 4 23:41:30 2017.
(N) 2017-10-20T10:20:28 - Web UI: Now listening on port 8080
(N) 2017-10-20T10:20:28 - Options were saved successfully.
(I) 2017-10-20T10:20:28 - qBittorrent is successfully listening on interface :: port: TCP/21316
(I) 2017-10-20T10:20:28 - qBittorrent is successfully listening on interface 0.0.0.0 port: TCP/21316
(I) 2017-10-20T10:20:28 - qBittorrent is successfully listening on interface 0.0.0.0 port: UDP/21316
(I) 2017-10-20T10:20:28 - External IP: xxx.xxx.xxx.xxx
(N) 2017-10-20T10:20:28 - 'The.Good.Place.S02E04.720p.HDTV.x264-AVS' resumed. (fast resume)
(N) 2017-10-20T10:20:28 - 'Mindhunter.S01.2160p.NF.WEBRip.DD5.1.x264-NTb' resumed. (fast resume)
(N) 2017-10-20T10:20:28 - 'The.Big.Bang.Theory.S11E03.720p.HDTV.X264-DIMENSION' resumed. (fast resume)
(N) 2017-10-20T10:20:28 - 'A.Ghost.Story.2017.LIMITED.1080p.BluRay.x264-DRONES' resumed. (fast resume)
(N) 2017-10-20T10:20:28 - 'Churchill.2017.1080p.BluRay.x264-VETO' resumed. (fast resume)
(N) 2017-10-20T10:20:28 - 'Free.Fire.2016.REMUX.BluRay.1080p.AVC.DTS-HD.MA5.1-iFT' resumed. (fast resume)
(N) 2017-10-20T10:20:28 - 'The.Wizard.of.Lies.2017.1080p.BluRay.x264-ROVERS' resumed. (fast resume)
(N) 2017-10-20T10:20:28 - 'Their.Finest.2016.1080p.BluRay.DTS.x264-HDS.mkv' resumed. (fast resume)
(N) 2017-10-20T10:20:28 - 'Youre.the.Worst.S04E04.720p.HDTV.x264-AVS' resumed. (fast resume)
(N) 2017-10-20T10:20:28 - 'Shot Caller 2017 1080p BluRay x264 DTS 5.1 - MRG' resumed. (fast resume)
(N) 2017-10-20T10:20:28 - 'The.Good.Place.S02E05.720p.HDTV.x264-AVS' resumed. (fast resume)
(N) 2017-10-20T10:20:28 - 'DuckTales.2017.S01E03.720p.WEB.x264-TBS' resumed. (fast resume)
(W) 2017-10-20T10:20:48 - WebUI: Origin header & Target origin mismatch!
Source IP: '::ffff:192.168.2.12'. Origin header: 'https://torrent.xxx.yyy'. Target origin: 'torrent.xxx.yyy:8080'
(W) 2017-10-20T10:20:49 - WebUI: Origin header & Target origin mismatch!
Source IP: '::ffff:192.168.2.12'. Origin header: 'https://torrent.xxx.yyy'. Target origin: 'torrent.xxx.yyy:8080'
(W) 2017-10-20T10:20:52 - WebUI: Origin header & Target origin mismatch!
Source IP: '::ffff:192.168.2.12'. Origin header: 'https://torrent.xxx.yyy'. Target origin: 'torrent.xxx.yyy:8080'

It looks like it is not switching out the hostheaders to the internal host.

Just to do a sanity check.
I've created 4 Server Variables under my qBittorrent site:

Then afterwards I edit my web.config with the following settings:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="Lets Encrypt" stopProcessing="true">
                    <match url=".well-known/acme-challenge/.*" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
                    <action type="None" />
                </rule>
				<rule name="HTTP Redirect to HTTPS" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
					<match url="*" ignoreCase="true" />
					<conditions>
                        <add input="{HTTPS}" pattern="off" />
					</conditions>
					<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="true" redirectType="Found" />
				</rule>
                <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://download:8080/{R:1}" />
					<serverVariables>
                        <set name="HTTP_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
                        <set name="HTTP_ACCEPT_ENCODING" value="EE" />
                        <set name="HTTP_X-Forwarded-Host" value="{HTTP_HOST}:8080" />
                        <set name="HTTP_REFERER" value="" />
                    </serverVariables>
                </rule>
            </rules>
            <outboundRules>
                <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
                    <match filterByTags="A, Form, Img, Link, Script" pattern="^http(s)?://download:8080/(.*)" />
                    <action type="Rewrite" value="http{R:1}://torrent.xxx.yyy/{R:2}" />
                </rule>
                <rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
                  <match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
                  <action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
                </rule>
                <preConditions>
                    <preCondition name="ResponseIsHtml1">
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                    </preCondition>
                    <preCondition name="NeedsRestoringAcceptEncoding">
                        <add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" />
                    </preCondition>
                </preConditions>
            </outboundRules>		
        </rewrite>
    </system.webServer>
</configuration>

This is my IIS Faile Request Log
https://pastebin.com/Yyjs0D01

[Chocobo1]

I would try changing to
<set name="HTTP_X-Forwarded-Host" value="https://{HTTP_HOST}" />
or
<set name="HTTP_X-Forwarded-Host" value="https://{HTTP_HOST}:{SERVER_PORT}" />
also not sure whether if the https:// scheme can be omitted or not.

[JamiePhonic]

The HTTP_X-Forwarded-Host value should be fine,

The error is Origin header & Target origin mismatch! which likely means that whatever browser/application you're using is either adding both a Referer AND an Origin header,
OR, is setting the Origin header INSTEAD of the Referer header, however your current web.config rules (admittedly, the ones i gave you) only clear the value of the "Referer` header.

below <set name="HTTP_REFERER" value="" />
Try adding:
<set name="HTTP_ORIGIN" value="" />

which will clear the Origin header too

(Note: I've been using firefox in my testing which appears to only set the Referer header, which could explain why I've not been running into any issues while testing this when only clearing the Referer header. If you're using some other browser/application, it may be setting the Origin header, resulting in this headache!)

[Chocobo1]

Try adding:
<set name="HTTP_ORIGIN" value="" />

ditto, #7577 (comment) , sadly none actually tried the workaround before.

[Rouzax]

@Chocobo1 and @JamiePhonic: Thank you so much it no works.
I'm using Chrome on Windows for your information.
In the end I did not even need all the outgoing rewrite rules and HTTP_X-Forwarded-Host.
The config I now have that works is:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="Lets Encrypt" stopProcessing="true">
                    <match url=".well-known/acme-challenge/.*" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
                    <action type="None" />
                </rule>
                <rule name="HTTP Redirect to HTTPS" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="*" ignoreCase="true" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="true" redirectType="Found" />
                </rule>
                <rule name="qBittorrent Reverse Proxy" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="*" />
                    <action type="Rewrite" url="http://download:8080/{R:1}" />
                    <serverVariables>
                        <set name="HTTP_REFERER" value="" />
                        <set name="HTTP_ORIGIN" value="" />
                    </serverVariables>
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

This works on Chrome and Internet Explorer.

[Chocobo1]

Closing as fixed.

[mbze430]

I am not sure if I should open up a new ticket but I am using the web.config from @Rouzax with Qbittorrent 4.1.6. My screen is looking like this:

I am on IIS 7.5 using a reverse proxy. HTTPS -> IIS 7.5 -> HTTP qbittorrent. SSL CA is from Let's Encrypt

There is ONE thing though. When I am on the IIS 7.5 host and do a http://localhost/qtweb. It comes up fine. Seems like it's only when requesting https

@Chocobo1 should I open a new ticket?

[Rouzax]

@Chocobo1, would you be able to spin out an custom qBittorrent build like you did before with more web gui logging?

There is an issue with the qBittorent controller since qBittorrent 4.2 to authenticate to the API through the Reverse Proxy. I think it would help if we could see some more logging. The Reverse Proxy is just giving a HTTP 403 error
lgallard/qBittorrent-Controller#178