Reverse Proxy with ARR using Azure platform - azure

I have a domain like example.com, and I also have a website hosted in Azure called mysite1.azurewebsites.net for example.
Now all the traffic from live.example.com goes to mysite1.azurewebsites.net. We point custom domain name to our Windows Azure website. I want to use reverse proxy technology to redirect some requests (e.g requests from client A) to mysite2.azurewebsites.net, and other requests from other clients still go to mysite1.azurewebsites.net. All these should happen after they login. (live.example.com is a login page)
Client A live.example.com ======> mysite2.azurewebsites.net
Client B live.example.com ======> mysite3.azurewebsites.net
Client C live.example.com ======> mysite4.azurewebsites.net
Other Clients live.example.com ======> mysite1.azurewebsites.net
Is this possible to achieve using Reverse Proxy with ARR? If yes, how?
Thank you

This blog post explains how you can do that http://ruslany.net/2014/05/using-azure-web-site-as-a-reverse-proxy/
To summarize, on live.example.com you need to set an xdt transform that looks like this
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" />
</system.webServer>
</configuration>
Then you'll need to set a URL Rewrite rule that does the mapping you want. If you plan on using UserAgent for example as what tells you the client name then it'll be something like this
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ClientA">
<match url="^(.*)$" />
<conditions>
<add input="{HTTP_USER_AGENT}" pattern="Client A" />
</conditions>
<action type="Rewrite" url="https://mysite2.azurewebsites.net/{R:1}" />
</rule>
<rule name="ClientB">
<match url="^(.*)$" />
<conditions>
<add input="{HTTP_USER_AGENT}" pattern="Client B" />
</conditions>
<action type="Rewrite" url="https://mysite3.azurewebsites.net/{R:1}" />
</rule>
<rule name="ClientC">
<match url="^(.*)$" />
<conditions>
<add input="{HTTP_USER_AGENT}" pattern="Client C" />
</conditions>
<action type="Rewrite" url="https://mysite4.azurewebsites.net/{R:1}" />
</rule>
<rule name="Others" stopProcessing="true">
<match url="^(.*)$" />
<action type="Rewrite" url="https://mysite1.azurewebsites.net/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

Related

IIS redirect with url exception for stripe

I'm working on updating the stripe checkout from a website, I was doing it successfully on localhost but when I put it on live mode on a windows server it stopped working. The issue is that when I should be redirected to the checkout page from stripe, the url is altered and becomes something that doesn't make sense:
The correct url: www.checkout.stripe.com/pay/cs_...
The url that I get redirected to: www.mysite.com/pay/cs_..
I kept thinking what could be the causa of that and I think it's the URL rewrite rule that I have on the windows server. I would like to add an exception to the rule and allow the stripe checkout to initiate, but I have no idea how to do it.
Below is my web.config file:
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:8008/{R:1}" />
</rule>
<rule name="HTTPS" enabled="false" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
I figured it out. This is my final web.config
<configuration>
<system.webServer>
<urlCompression doDynamicCompression="false" />
<rewrite>
<rules>
<clear />
<rule name="ReverseProxyInboundRule">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="http://localhost:8008/{R:1}" />
</rule>
<rule name="stripe redirect in checkout" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{REQUEST_URI}" pattern="/pay/" />
</conditions>
<action type="Redirect" url="checkout.stripe.com{REQUEST_URI}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
</system.webServer>
My issue was not really understanding the meaning of the options in the URL Rewrite. I checked the course URL Rewrite for Developers and it was really helpful. I was able to solve the issue quickly.
The file you have shown contains the inbound rewrite rules only. But you have an issue with response from your server. Thus, you should fix the outbound rewrite rule in the right config file.

How to set IIS rewrite rule for CORS?

I created an IIS rewrite role for a server url.
When I send request to [https://mysite/back/api/....][1], it will get data from https://remotesite/back/api/....
So my IIS rewrite config is like following.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="api">
<match url="^api/(.*)" />
<action type="Rewrite" url="`https://remotesite/back/api/{R:1}`" />
</rule>
</rules>
<outboundRules>
<clear />
<rule name="api">
<match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<add input="{HTTP_ORIGIN}" pattern="(.*)" />
</conditions>
<action type="Rewrite" value="{C:0}" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
But the [https://mydomain/back/api/][1] has a "Referrer Policy: strict-origin-when-cross-origin". So I can not send a javascript request to my domain.
How can I update the config?
You can use the IIS CORS module to solve this problem. For information about "IIS CORS module Configuration Reference", you can refer to this link.

How can I use IIS URL Rewrite to forward http to https node.js app?

I am using URL rewrite to redirect all incoming request to my node.js app.
It works fine.
However, I want to redirect
http://www.example.com
to
https://www.example.com
I have googled the related setting.
Although, it can display the node.js web app correctly, however, the browser report that is not a secure web site.
Here is my web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="forward rule" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="http://localhost:9000/{R:1}" />
</rule>
<rule name="http to https" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions trackAllCaptures="true">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://www.example.com" />
</rule>
</rules>
</rewrite>
<httpRedirect enabled="false" destination="https://www.example.com/" exactDestination="false" childOnly="true" httpResponseStatus="Permanent" />
</system.webServer>
</configuration>
I found that if I don't bind HTTP to the web site, it will prompt error.

rewrite rule for folder to different host

There are 2 applications running on local network:
host headers:
http://ui.local, http://api.local
On another server, a website is already setup for url rewriting. Host header of the site is http://externalui.mydomain.com
Here is web.config contents:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://ui.local/{R:1}" />
</rule>
</rules>
</rewrite>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
This url rewriting rule is running without a problem and rewrites all URLs made to http://externalui.mydomain.com to go to http://ui.local
However i want to write another rule so requests made to http://externalui.mydomain.com/api/.... will be forwarded to http://api.local/api/... instead.
How to write a rule for this condition?
You could use the below rule:
<rule name="redirect api" stopProcessing="true">
<match url="api/(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Redirect" url="http://api.local/api/{R:1}" />
</rule>
<rule name="all redirect" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
</conditions>
<action type="Redirect" url="http://ui.local/{R:1}" />
</rule>
Note: make sure the API rule should be the first rule.

Rewriting rule for & in url

How can I setup a rule to replace & with & in url?
This works: www.../home.asp?h=1&w=2
This fails: www.../home.asp?h=1&w=2
For starters, it should be noted that you can access the messed up w parameter as follows:
Request.QueryString("amp;w");
However, I expect you would like something a little more eloquent :)
Assuming that you have access to the IIS URL Rewrite module, (IIS 7 and above), you can add some rules to web.config as follows:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="One Bad Ampersand" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{QUERY_STRING}" pattern="^([^&]+)&amp;([^&]+)$" />
</conditions>
<action type="Rewrite" url="{R:1}?{C:1}&{C:2}" appendQueryString="false" />
</rule>
<rule name="Two Bad Ampersand" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{QUERY_STRING}" pattern="^([^&]+)&amp;([^&]+)&amp;([^&]+)$" />
</conditions>
<action type="Rewrite" url="{R:1}?{C:1}&{C:2}&{C:3}" appendQueryString="false" />
</rule>
<rule name="Three Bad Ampersand" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{QUERY_STRING}" pattern="^([^&]+)&amp;([^&]+)&amp;([^&]+)&amp;([^&]+)$" />
</conditions>
<action type="Rewrite" url="{R:1}?{C:1}&{C:2}&{C:3}&{C:4}" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
What these rules do is check for an incoming & in the query string and replace it with &. I do not think it is possible to come up with a generic rule to handle an arbitrary number of occurrences. But, I have established a pattern for up to 3 occurrences that you should be able to follow to add as many as needed.
It should be noted that if you wish to redirect the user's browser, you may do so by changing the type attribute in each action from Rewrite to Redirect.

Resources