I am trying to get one (public) server A to act as a reverse proxy for another (private) server B. Server B is visible to server A. i.e. if I'm on server A and I type in a browser:
https://serverb.us/folder/application
I see the application. I want it so that if the user types:
https://servera.us/folder/application
he sees the web application that is on server B. Is that possible?
I have tried adding a rewrite rule in IIS Manager by doing
URL Rewrite > Add Rule(s) > Reverse Proxy >
I changed inbound rule to exact match: https://servera.us/folder/application (ignore case)
Rewrite URL: https://serverb.us/folder/application (uncheck append query string)
but it doesn't do anything. Am I missing something?
According to your description, I suggest you could try to use below url rewrite rule:
<rewrite>
<rules>
<rule name="Reverse Proxy to b" stopProcessing="true">
<match url="^folder/application/(.*)" />
<action type="Rewrite" url="https://serverb.us/folder/application/{R:1}" />
</rule>
<rewrite>
The problem turned out to be Authentication. I had to make sure both applications had the same Authentication settings in IIS Manager (click on the web app or folder in IIS Manager then double-click Authentication)
Related
I've been trying to use the URL Rewrite module to create a rule that looks for any set of two or more forward-slashes in the URL (past the first set) that will redirect the browser to a URL with all sets of multiple forward slashes replaced with just one. Example:
http://myhost.com/abc//def//ghi//jkl//iisstart.png
should redirect to
http://myhost.com/abc/def/ghi/jkl/iisstart.png
I already understand that IIS sees these two URLs as functionally equivalent, but for this public-facing site we want to avoid any chance that crawlers will index URLs with the multiple forward slashes; hence the redirection. So here's the rule I put together:
<rule name="Redirect URLs with Multiple Forward Slashes" enabled="true" patternSyntax="ECMAScript" stopProcessing="true">
<match url=".*" />
<action type="Redirect" url="{URL}" appendQueryString="true" />
<conditions logicalGrouping="MatchAny">
<add input="{UNENCODED_URL}" pattern="//" />
</conditions>
</rule>
I tested this on my local box, and it produced the expected outcome (the redirection). I copied it into a web.config on a development server and tried it out, but it didn't work. I even took the path of making sure the URL Rewrite installation matched the version on the development server (it's 2.0, and upgrading would be a pain in our large production server farm so I'd like to avoid that). After that, I took into account that our development server, by design, only serves up HTTPS, while I'd been testing in HTTP on my local box. When I enabled HTTPS on my local box, the rewrite rule didn't work with an HTTPS URL but worked fine with an HTTP URL pointing to the same resource.
All the URL Rewrite documentation I've looked at makes reference to HTTP, and there are no references to HTTPS. What am I doing wrong here?
For the record - my local box is running Windows 10, and has IIS version 10. The dev server is running Server 2012, and has IIS version 7.5.
None of the answers I've found to questions like this (notably this one) work for me, so here I go.
We are running IIS 8 on Windows Server 2012 R2. We have a wildcard certificate (*.mydomain.com) installed on the server. On the Default Web Site we have a single binding to accept incoming https requests on port 443. I have a second Web Site set with a single binding to accept incoming http requests on port 80.
On the latter Web Site I've created a URL Rewrite rule to redirect all incoming non-HTTP traffic to https://myserver.mydomain.com{REQUEST_URI}, and this works perfectly. If I browse to either http://myserver.mydomain.com/homepage or http://myserver/homepage, I am sucessfully redirected to the HTTPS version of the site with the full domain name included and thus it loads just fine.
If I browse to https://myserver.mydomain.com/homepage, the site also loads perfectly.
However, I am trying to create another URL Rewrite rule on the Default Web Site so that requests to https://myserver/homepage (Note: HTTPS but the full domain name is omitted) are redirected to the https://myserver.mydomain.com/homepage. The reason for this is that the SSL certificate is only matched if the full domain is included. As it stands, if I enter https://myserver/homepage I get a security warning (NET::ERR_CERT_COMMON_NAME_INVALID).
I've created the rule which I think should work, based on the answer I linked to above, but it doesn't work and I don't know why. My rule look like this:
<rewrite>
<rules>
<rule name="Redirect to FQDN" enabled="true" patternSyntax="ECMAScript" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^myserver$" />
<add input="{HTTPS}" pattern="^ON$" />
</conditions>
<action type="Rewrite" url="https://myserver.mydomain.com/{R:1}" />
</rule>
</rules>
</rewrite>
Even with this rule in place and enabled, when I browse to https://myserver/homepage I get the security message. What am I doing wrong with this rule?
Problem is that you have SSL only for *.mydomain.com. And when you accessing https://myserver it will return certificate error because your cert is not valid for this domain.
For better understanding about steps during SSL connection:
In your case, the problem is between step 2 and 3
I'm struggling with IIS' URL Rewrite and ARR Modules.
Basically, here's the current state of affairs:
I have a main webserver, awnsering all of my requests. Let's name this MAINWEBSERVER.
I have a secondary server with a specific application that's working as intended if you access it internally but needs to be exposed to the outside via domain to work as a webservice. Let's name this server APPSERVER.
I wish to receive my requests on MAINWEBSERVER and rewrite the URL if it matches my wildcard.
In this case, my Wildcard is https://example.com/MYAPPLICATION* .
And my desired redirect is https://APPSERVER/MYAPPLICATION/WhateverIsLeftInTheUrl .
So here's my rule sitting on my MAINWEBSERVER:
<rewrite>
<rules>
<rule name="Rewrite to Application" patternSyntax="Wildcard" stopProcessing="true">
<match url="https://example.com/MYAPPLICATION*" />
<action type="Rewrite" url="https://APPSERVER/MYAPPLICATION{R:1}" logRewrittenUrl="true" />
</rule>
</rules>
</rewrite>
NOTE: I need the URL rewritten for certificate SAN purposes (it won't validate APPSERVER/MYAPPLICATION, so I want to use a mask that is validated by my certificate, such as https://example.com/MYAPPLICATION).
The steps I took were:
Installing ARR (activating proxy settings);
Installing URL ReWrite Module;
Configuring wildcard rule for https://example.com/MYAPPLICATION;
Configuring rewrite for https://APPSERVER/MYAPPLICATION{R:1} (in case it has querystrings I wish to keep them);
Generated personal certificates to validate HTTPS requests between MAINWEBSERVER and APPSERVER;
Whenever I make my request the rule is ignored (despite the same URL matching the wildcard perfectly) and the default website application awnsers, considering my wildcard a querystring parameter.
I've tried this both at server level and at default website level, even with Reverse Proxy Rules. I also have experimented with Fiddler and Failed Request Tracing but to no effect.
In the FRT all that is displayed is a 302 HTTP CODE and in the end a 200 Status Code when the default website loads.
Note that I believe this was working on a different server before, using this same rule although there was no default website.
I'm trying to get the original URL from within my application (MVC 5) after a reverse proxy rewrite has occurred.
I've tried everything I can find e.g.
Setting my own server variable to the value of {HTTP_HOST} (my server variable started with HTTP). This either contains the current URL or null.
Using HTTP_X_ORIGINAL_URL server variable which does not include the hostname.
Looking at all the built in server variables.
Setting the value preserveHostHeaders as detailed here: https://stackoverflow.com/a/7180527/4950, this caused the site to hang
Any ideas?
Tried on IIS7 and IIS7.5 with ARR 3.0 and Url Rewrite 2.0
This answer is inspired by Setting HTTP request headers and IIS server variables in the IIS documentation. They do something similar, but oddly it avoids detecting whether the original URL was accessed with HTTP or HTTPS.
First, you need to have administrative access to your IIS server in order to set up a new allowed server variable in the URL Rewrite module. This is described in the linked article, but here are the basic steps:
In IIS Manager, navigate to your web site or application folder.
Open the URL Rewrite feature.
In the Actions pane, click "View Server Variables...", then click "Add..."
Enter a name for your server variable.
If you want to access it as an HTTP header, prefix it with HTTP. For example, HTTP_X_MY_HEADER is accessible as the X-MY-HEADER header.
Then, in your rewrite rule, set the server variable value to {CACHE_URL}. You can do this through the UI, or directly in web.config, as shown below.
NOTE: be sure to set your match, conditions, and actions as needed.
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="original URL sample" stopProcessing="true">
...
<serverVariables>
<set name="HTTP_X_MY_HEADER" value="{CACHE_URL}" />
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
The resulting header will explicitly include the port number, e.g. http://foo.example:80/bar, so you may need to deal with that depending on your needs.
I have two applications. One of which is going to handle authentication across a range of products. Because of this, from each one I want to rewrite a URL from each individual website to our "authentication" project. It would look something like this.
http://www.mywebsite.com/api/profile/login -> http://www.myauthentication.com/api/profile/login.
So essentially pushing the request cross domain.
For this I have setup ARR and URL Rewriting in IIS. However I can't seem to get it to work, and I have a feeling URL Rewriting is not running on requests that would normally cause a 404. I think this because on a REDIRECT request (301 redirect), the config works perfectly. When I use a rewrite, I get a generic 404 page.
The rules configuration looks as per below :
<rules>
<rule name="Route the requests for the Profile API." enabled="true" stopProcessing="true">
<match url="^profiles/(.*)" />
<action type="Rewrite" url="http://authentication.local/api/profiles/{R:1}" logRewrittenUrl="true" />
</rule>
</rules>
It should be noted that I am using the WebAPI, not MVC, which I'm not sure if that is causing issues or not. Because the redirect works but not the rewrite, I'm sure I've got everything installed OK in IIS.
For ARR, I have simply ticked "Enable Proxy" but I am unsure if I need to do anything else.
I managed to solve this by adding an ignore route for ARR.
RouteTable.Routes.IgnoreRoute("api/profiles/{*pathInfo}");