We have a need to proxy Meteor through an IIS proxy. An IIS site accepts bindings for a particular Meteor website and proxies the requests through to an alternate port.
Web sockets are not working and Meteor is reverting to XHR.
Web.Config file as follows:
<rule name="Meteor reverse proxy" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{CACHE_URL}" pattern="^(.+)://" />
</conditions>
<action type="Rewrite" url="{C:1}://127.0.0.1:8008/{R:1}" />
</rule>
By accessing the website via 127.0.0.1:8008 on the server it works fine. Accessing the website through the IIS proxy fails.
I have noticed IIS ARR is changing the casing of the headers, removing a header (sec-websocket-extensions) and adding a handful of extras. This might not be related.
IIS Proxy:
Direct:
MS documentation recommends disabling WebSockets when in use alongside NodeJS. Updating this setting does not help.
http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-websocket-protocol-support#TOC301258519
Has anyone come across this issue?
Update
You'll notice the header above references ARR2.5, this version does not support web sockets. 3.0 is required to proxy sockets.
After testing the proxy via an alternative web socket hello world, ARR was proxying web sockets successfully. To solve the issue we disabled compression on web sockets within Meteor.
SERVER_WEBSOCKET_COMPRESSION environment variable to 0
https://forums.meteor.com/t/websocket-compression-introduced-in-meteor-1-2-doesnt-work-with-passenger-docker-nginx/12025
Related
I have been searching all day long, but I don't have a clue how to solve this problem. I know there are similar questions here, but none seems to word.
I have an IIS server running on https://hostname.xy I deliver html and JS content from there and I have already configured a reverseproxy for SPA.
Now I am running a tomcat-server on port 7000 on the same server. The tomcat server accepts ws://..../.. requests.
All I want to do is communicating with that server. Requests get blocked because of mixed content. So I tried adding ssl to my tomcat server which is blocked because of a self signed certificate.
Is it possible to configure a reverse proxy that redirects all wss traffic to ws on a specific port? Could you share the specific rule from the web configuration in the IIS?
I tried next too many other rules this one here:
<rule name="WS reverse proxy" stopProcessing="true">
<match url="wss://myhostname.de/*" />
<action type="Rewrite" url="ws://127.0.0.1:7000/chat" logRewrittenUrl="true" />
</rule>
I have a .Net application which uses spring.net remoting to expose remoting services, over IIS 7.5.for security reasons, I want to remove some information like "Server: IIS/7.5" from HTTP response header.
I removed other tags like X-Powered-By easily, but, for the Server tag, I tried all the offered solutions on the internet and none of them worked. I tried setting the DisableServerHeader registry key or installing URLrewrite tools and changing my web.config and adding outboundRule or any other coding solution like adding a custom HTTP module or handling preRequestHandling of http context in my global.asax file. but none of them worked for me.
basically ,is it possible to remove this value, Server , from the response header, given that I'm using .net 3.5 and .net remoting over IIS 7.5?
I should mention that, this tag's value will become empty if I browse any pages that I've put into the host directory , but for my .Net remoting requests it's not working and the value of the server tag in response http header is still IIS/7.5
Unfortunately, you can not really remove the Server header. But you can rewrite its content and empty it. On IIS 7+ (IIS 7, 8.5, 8.0, 8.5, IIS 10.0), use a rewrite outbound rule to remove the webserver version information from the Server: header response.
You can use the following URL Rewrite Outbound rule:
<rewrite>
<outboundRules rewriteBeforeCache="true">
<rule name="Remove Server header">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
</outboundRules>
</rewrite>
I've been trying to use the URL Rewrite module to create a rule that looks for any set of two or more forward-slashes in the URL (past the first set) that will redirect the browser to a URL with all sets of multiple forward slashes replaced with just one. Example:
http://myhost.com/abc//def//ghi//jkl//iisstart.png
should redirect to
http://myhost.com/abc/def/ghi/jkl/iisstart.png
I already understand that IIS sees these two URLs as functionally equivalent, but for this public-facing site we want to avoid any chance that crawlers will index URLs with the multiple forward slashes; hence the redirection. So here's the rule I put together:
<rule name="Redirect URLs with Multiple Forward Slashes" enabled="true" patternSyntax="ECMAScript" stopProcessing="true">
<match url=".*" />
<action type="Redirect" url="{URL}" appendQueryString="true" />
<conditions logicalGrouping="MatchAny">
<add input="{UNENCODED_URL}" pattern="//" />
</conditions>
</rule>
I tested this on my local box, and it produced the expected outcome (the redirection). I copied it into a web.config on a development server and tried it out, but it didn't work. I even took the path of making sure the URL Rewrite installation matched the version on the development server (it's 2.0, and upgrading would be a pain in our large production server farm so I'd like to avoid that). After that, I took into account that our development server, by design, only serves up HTTPS, while I'd been testing in HTTP on my local box. When I enabled HTTPS on my local box, the rewrite rule didn't work with an HTTPS URL but worked fine with an HTTP URL pointing to the same resource.
All the URL Rewrite documentation I've looked at makes reference to HTTP, and there are no references to HTTPS. What am I doing wrong here?
For the record - my local box is running Windows 10, and has IIS version 10. The dev server is running Server 2012, and has IIS version 7.5.
We are hosting an ASP.NET Core 1.1 website on Windows 2008 R2 server with IIS7.5. We got some error reports that users of the website that were using a web proxy got 502's. So by setting up an out of the box installation of a Squid proxy I can successfully reproduce the issue that they are experiencing.
This works just fine all day, every day:
Client -> Web proxy -> IIS -> Kestrel
This fails every time with "502 - web server received an invalid response while acting as a gateway or proxy server":
Client -> Web proxy -> Load Balancer -> IIS -> Kestrel
Using Microsoft's Message Analyzer I got the request headers sent from both the load balancer and the web proxy.
The one that works only has one IP number in the X-Forwarded-For reqeust header, whereas the one that fails has two.
X-Forwarded-For: <Client_IP> vs. X-Forwarded-For: <Client_IP>, <Proxy_IP>
Is there something that I don't get? Am I supposed to do some magic configuration of the IIS or is this a bug in the IISIntegration? This works just fine if I have the same setup and run a plain old ASP.NET website.
I found a a workaround using the URL Rewrite Module, but it doesn't feel right:
<rule name="Clear">
<match url="(.*)" ignoreCase="true" />
<serverVariables>
<set name="HTTP_X_FORWARDED_FOR" value="0.0.0.0" replace="true"/>
</serverVariables>
<action type="Rewrite" url="{R:0}" appendQueryString="true" />
</rule>
I have to set up a couple of apps on a new intranet server (Win 2008 R2 Standard SP1). I have been having some difficulty with a URL Rewriter rule. I had a similar rule working great on my local IIS (Win 7). The rule is designed to create a reverse proxy for a web service that enables jQuery AJAX requests from the client to avoid XSS.
The rule is as below and if I use this as is, and type an example URL into the browser:
http://srv01.domain.com/serviceproxy/workflow/Users/GetUsers?q=smith&max=10
I get a 404 response from the server. If I change the type to "Redirect" I get the response from the server expected (but obviously this will void my attempt to avoid XSS).
<rewrite>
<rules>
<rule name="Reverse Proxy - WCF Service" stopProcessing="true">
<match url="serviceproxy/workflow/(.+)" />
<action type="Rewrite" url="http://srv01.domain.com/WorkflowService/{R:1}" />
</rule>
</rules>
</rewrite>
Any ideas what might be missing from the server configuration? Is it a security setting somewhere that needs to be configured to allow the rewrite to occur?
I found my issue. I didn't have Application Request Routing installed on this server. Either I forgot installing it on my other server or it was already on there for another reason.
Found this article that helped me resolve it.
http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing
Had a similar issue on Windows 2008, IIS 7.5
The problem was that the app pool was in integrated mode. that caused issues with the rewrite.
Redirect was always ok, but rewrite always failed.
changed the app pool to classic mode and problem solved (at least for now).
a better solution might be http://forums.iis.net/t/1200671.aspx?ARR+URl+Rewrite+is+not+working+for+external+servers
right at the end. but i havent tried it.