Accessing HTTP resource on HTTPS IIS Site with ARR Proxy Setting - iis

I have a https site on IIS requesting resources from a http-only API server(Tomcat). There is no SSL certificate in the backend server. I try to avoid the browser error.
I encountered failure for requesting https/http resources from a https site.
I would like to know if there is any reverse proxy setting with ARR that can resolve this problem?
Is it necessary for the API server has HTTPS?
For instance,
The client application url : https://www.example.com/login
The requesting resource: https://www.example.com:8080/api/login
The working api: http://www.example.com:8080/api/login
I have tried adding the following,but not working
<rule name="web" stopProcessing="true">
<match url="^(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^example.com$" />
</conditions>
<action type="Rewrite" url="http://example.com/{R:1}" />
</rule>
Thanks a lot.

ARR can solve this problem.
It is no necessary for api server has HTTPS.
Since I only have IIS and no tomcat server, I cannot completely restore your environment, but most of the settings are on the ARR server, so I can give you a reference.
I add two server into server farm and enable URL rewrite at server level. The URL rewrite rule can rewrite https://test2.com/b.html to http://server1IP/api/b.html or http://server2IP/api/b.html.
<rule name="ARR_farm_loadbalance" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<action type="Rewrite" url="http://farm/api/{R:0}" />
<conditions>
<add input="{HTTPS}" pattern="On" />
</conditions>
</rule>
It works very well.
If you want to use HTTPS in api server, change it in URL rewrite module.

Related

URL Rewrite giving 404

I have subdomain with an A record to my IIS Server:
sub.domain.com
The IIS server has a binding for sub.domain.com and a cert for *.domain.com
What we need is when someone goes to sub.domain.com it takes them to another site but masks the URL and keeps the SSL. The destination page has in its SAN cert sub.domain.com.
Tried a forward on Godaddy which works but it doesn't keep the SSL and we get cert issues. So thought was to point to our server to pass SSL and then redirect it. I tried a URL Rewrite but it's giving a 404.
URL Rewrite:
<rewrite>
<rules>
<clear />
<rule name="Pay Redirect" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^(www\.)?sub\.domain\.com$" />
</conditions>
<action type="Redirect" url="https://www.domain2.com/cgsdesktop/PaymentLanding/UniversalPortal" appendQueryString="false" />
</rule>
</rules>
</rewrite>
I just need to know how to get this done.
How about this:
<rules>
<rule name="Pay Redirect" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^sub.domain.com$" ignoreCase="true"/>
<add input="{HTTP_HOST}" pattern="^www.sub.domain.com$" ignoreCase="true"/>
</conditions>
<action type="Redirect" url="https://www.domain2.com/cgsdesktop/PaymentLanding/UniversalPortal" appendQueryString="false" />
</rule>
</rules>
use sub.domain.com instead of sub\.domain\.com.
This article contains some useful recipes on IIS redirect/rewrite rules.
In order to mask the URL and keep the SSL in the browser bar, we need to create URL Rewrite action rules of URL Rewrite extension.
However, URL Rewrite action only supports to redirect the request to the same domain by default. We have to install the Application Request Routing extension when redirecting the request to another website.
https://www.iis.net/downloads/microsoft/application-request-routing
or we will get an Http 404 error.
See my preceding post for more details.
ASP.net URL Rewrite subdirectory to external URL
Feel free to let me know if there is anything I can help with.

HTTP to HTTPS on domain hosted in VPS using IIS

I have a domain which has the DNS setting pointing to a VPS.
The VPS has an IIS 10 instance which hosts the simple website using html using bootstrap.
I installed an SSL certificate and added bindings for the https part.
I am able to browse the domain on http and https.
I added the following rule to the web.config:
<system.webServer>
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
However this does not seem to help. I am still able to browse on http.
I tried the following:
Tried installing URL Rewrite but it looks like Windows Server 2016 and IIS 10 does not allow the installation
Tried enabling Requires SSL option.
This shows the website in http without images but with text
The website is properly displayed in https
What am I missing here?
I was installing the wrong URL rewrite.
This article helped me fix the problem with the right links.
Automatic IIS redirect http to https on Windows Server 2016: https://gridscale.io/en/community/tutorials/iis-redirect-http-to-https-windows/

Reverse proxy for backend apps with IIS 8, ARR and URL rewrite on 1 server

Situation is that I have 2 backend apps and I need to set up HTTPS access for them. I install IIS 8 with ARR and URL rewrite module on the server. Than I install 2 https certificates and create an empty website with binding on 443 port
with second app https certificate. First app is set upped on 8081 ports and second app on port 80. The problem is that I can access via https only to first app and second app could be accessed via http only. So I am trying to set up reverse proxy, so I could access to the second app via https. I wrote 2 inbound rules in URL rewrite, but I got issue when I try to access to second app it is pointing not to localhost:80 but it pointing to localhost:8081. any suggestions why it happen?
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="App2" stopProcessing="true">
<match url="^app2/(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="http://localhost:80/{R:1}" />
</rule>
<rule name="Redirection" stopProcessing="true">
<match url="^app2/(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{SERVER_PORT}" pattern="443" />
</conditions>
<action type="Redirect" url="https://app2/{R:0}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

HTTP to HTTPS redirect issue with iis8.5 and Websphere7

We have applications hosted on WebSphere 7.0 and Jboss EAP7 which is behind IIS 8.5 Web server, we enabled ssl for iis.
our requirement is whenever users access with http it has to be redirected to https, to achieve this we configured rewrite2 module in iis below inbound rule
<rules>
<rule name="http to https" enabled="false" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="SeeOther" />
</rule>
issue :- when i access http://www.example.com/login it redirects to https://www.example.com/sePlugins/iisWASPlugin_http.dll and gives 404 Status code. (only applications hosted websphere)
The problem is that we have a ISAPI Websphere plugin to handle the requests and for some reason URL is getting changed by IIS.
redirect rule works fine for Applications hosted on J BOSS.
Not sure what happened to my registration process but I posted the original answer so reposting again after registering.
I found that specifying {CACHE_URL} in the Redirect Url instead of https://{HTTP_HOST}{REQUEST_URI} worked. so url="{CACHE_URL}"
This is how my rule is defined and it seems to work well.
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" />
</conditions>
<action type="Redirect" url="{CACHE_URL}" />
</rule>
I found that specifying {CACHE_URL} in the Redirect Url instead of https://{HTTP_HOST}{REQUEST_URI} worked. so url="{CACHE_URL}"

Do I need anything besides code written in web.config to redirect website hosted on azure to https

I have a website that I host on azure. I recently bought an SSL and configured it. Now users can visit my site by typing in either http://example.com or https://example.com.
What I want is for users who type in the former to be automatically redirected to the latter while also keeping anything after the .com
So if a user types in http://example.com/about they will be redirected instead to https://example.com/about.
After some reading, I've come across this code that seems to do what I want
<system.webServer>
<rewrite>
<rules>
<rule name=”Redirect to https”>
<match url=”(.*)”/>
<conditions>
<add input=”{HTTPS}” pattern=”Off”/>
<add input=”{REQUEST_METHOD}” pattern=”^get$|^head$” />
</conditions>
<action type=”Redirect” url=”https://{HTTP_HOST}/{R:1}”/>
</rule>
</rules>
</rewrite>
</system.webServer>
But before I add this to my web.config file I have a few questions.
What is the IIS url rewrite module? IIS Rewrite and is it required to be installed on my azure hosted websites before I upload my new web.config file.
How can I also include removing www from my URL when a user enters it. For example if a user types in www.example.com they should be redirected to https://example.com instead. The reason that I want this is because in my google search console I've told google to display URLs as example.com rather then www.example.com
and finally, will this code do what I'm looking for? Is there a more professional way to achieve this? What are the benefits. I should note that my sites are asp .net web forms. I know MVC has routing options but that is not an option for me.
Edit : I don't think How to force HTTPS using a web.config file solves my issue because I don't even know if I can install the URL Rewrite module since I am not hosting IIS myself. Does azure give you access to the IIS settings? I am unfamiliar with azure details.
The Microsoft URL Rewrite Module for IIS enables IIS administrators to create powerful customized rules to map request URLs to friendly URLs that are easier for users to remember and easier for search engines to find.
This module is pre-installed for Azure Web App, as shown when inspect the applicationHost.config of the Azure Web App in Kudu.
Hence, you do not need to worry about the availability of the module for Azure Web App.
The URL Rewrite configuration to enforce HTTPS redirection for Azure web app is the simplest way to achieve what you intend. Your above configuration will apply
only if the request method is either HTTP GET or HTTP HEAD. The below configuration will not have such limitation.
<system.webServer>
<rewrite>
<rules>
<rule name="Force HTTPS Redirection" enabled="true" stopProcessing="true">
<match url="^$" ignoreCase="false"/>
<conditions>
<add input="{HTTPS}" pattern="^OFF$"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/" redirectType="Permanent"/>
</rule>
</rules>
</rewrite>
</system.webServer>
I would add one last thing. Assuming you are running on Azure Web Apps, they have various probes to your site for warm up and initialization. You probably don't want these probes to also be redirected, otherwise, you may have some issues when you restart or use Azure's swaps feature for stuff like blue/green deployments. These probes would then be return with a 301/302 rather than actually hitting your site (and Azure doesn't actually follow the redirect)
More examples https://github.com/projectkudu/kudu/wiki/Xdt-transform-samples
<rule name="Redirect to non-WWW" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="www.example.com$" />
<add input="{HTTP_USER_AGENT}" pattern="Initialization" negate="true" /> <!-- IIS Application Initialization Warmup -->
<add input="{HTTP_USER_AGENT}" pattern="SiteWarmup" negate="true" /> <!-- Azure WebApps Warmup Request -->
<add input="{HTTP_USER_AGENT}" pattern="AlwaysOn" negate="true" /> <!-- Azure WebApps AlwaysOn Probes -->
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://example.com/{R:1}" />
</rule>
<!-- Redirect to HTTPS Version -->
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_USER_AGENT}" pattern="Initialization" negate="true" />
<add input="{HTTP_USER_AGENT}" pattern="SiteWarmup" negate="true" />
<add input="{HTTP_USER_AGENT}" pattern="AlwaysOn" negate="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
</rule>

Resources