The project is using Asp.net mvc web application framework. Recently, We get alert that IIS worker processes behaviour is suspicious and website was get down. The website deployed on Windows Server 2012 R2. The few HTTP Get request of website are working and retriving the data but few are getting empty response with 200 Status.
Working Get Request screenshot https://i.stack.imgur.com/IXuBU.png
Non working Get Request screenshot https://i.stack.imgur.com/RUqJM.png
During my investigation i found that HTTP get request are logging into IIS logs but not logging in website log. It's mean that IIS is getting HTTP Get request but not sending the request to website to operate it and return empty body response.It's look like there is some blocking/filetration work using some criteria. I reset the IIS and restart the server as well. The w3p.exe for website is not having high CPU usage. Also, If i change the HTTP Get request to HTTP Post that request starts work.
Can someone guide me how can i reach to the root of the problem to fix it? Thanks!
The issue turned out to be a piece of malware which had installed itself as an IIS module named HTTPCacheLog. I removed the module (and deleted the DLL in the inetsrv folder) and everything is working again now. (https://serverfault.com/questions/1130899/iis-returning-empty-body-with-200-response-for-certain-urls). Remove the HTTPCacheLog module using PowerShell in IIS (https://techcommunity.microsoft.com/t5/iis-support-blog/how-to-remove-a-http-module-using-powershell-in-iis/ba-p/3253045)