I have a reverse proxy rule in IIS
I need requests to http://www.myapp.com/rp/functionName to proxy to
http://127.0.0.1/functionName
Ie drop the /rp
Here is what I have but it is passing the /rp
http://i59.tinypic.com/2vvj343.png
Pattern: (.*)rp/(.*)
Action: http://127.0.0.1:1337/{R:2}
Solved this.
Related
Problem:
Need to proxy pass requests that ONLY matches the pattern: mywebsite.com/two-letter-country-code e.g mywebsite.com/es/ to mywebsite.vendor.com/es this second url is a Third-party vendor that will return content translated.
Work In progress:
IIS doesn't natively support ProxyPass so I installed "Application Request Routing (ARR)" to configure a forward proxy following the instructions in this article https://www.iis.net/learn/extensions/configuring-application-request-routing-arr/creating-a-forward-proxy-using-application-request-routing, in the step 14 while configuring the rewrite rule it says to add:
Rewrite URL: http://{C:1}/{R:0}
If my understand is correct in my case I will want to do something like
Rewrite URL: http://mywebsite.sl.vendor.com/{C:#}
Where {C:#} will return "es" or whatever the language the URL is going to.
My questions
1. Is my rewrite understanding correct?
2. Do I have to configure the Server Farms?
I noticed that by installing ARR, "Server Farm" is now available for configuration, but not sure if there is anything I need to do there.
1. Is my rewrite understanding correct?
No, since I wanted to match the two letter country codes the Patter should be:
^([a-z]{2}/(.*)|/[a-z]{2}$)
And the Rewrite URL under Action Properties should be:
https://mywebsite.sl.vendor.com/{R:0}
{R:0} will be the back-reference of specified pattern so an incoming request for mywebsite.com/es/ will be proxy passed as mywebsite.vendor.com/es were {R:0}=es/ as expected
2. Do I have to configure the Server Farms?
Is not require to do any special configuration in the server Farms to get the forward proxy working.
The third party service I was forwarding the request to, require to have the host header to be the server forwarding the request in this case mywebsite.com but in their end they were receiving mywebsite.vendor.com, to accomplish this you have to set the property preserveHostHeader to true, this can be found in the Configuration Editor
I have set up a reverse proxy on a Dev box using IIS + ARR + URL Rewrite and everything works as expected with a mix of HTTP and HTTPS URLs.
I took web.config to another server with IIS + ARR + URL Rewrite and pasted web.config under Default Web Site; now I can access HTTP URLs via reverse proxy but HTTPS doesn't work. I made sure the target SSL certificate is trusted and I can access target service in a browser without any SSL issues but I'm not having any luck with the reverse proxy.
I have also matched ARR and URL Rewrite configs on both boxes (and they match) - any idea what I could be missing here - do I need to set up HTTPS binding as well? Also, are there any logs that can help me investigate this better?
I was missing the HTTPS binding on the new server, adding the binding did the trick.
Confluence IIS Reverse Proxy Setup
I have set up a reverse proxy on IIS 7.5 for Atlassian Confluence according to instructions found in the internet.
I wanted to redirect all traffic to "docs.unimaze.com" to "localhost:8090" on the same server.
This is how I did it:
Installed URL Rewrite 2.0
Installed Application Request Routing 3.0
Set up a reverse proxy rule:
Match URL: Matches the pattern (.*) using regular expressions (ignore case)
Conditions: (none)
Server variables: (none)
Action: Rewrite with http://localhost:8090/{R:1} (append to query string and stop processing of subsequent rules.
The only other thing I had to in order to make everything work (from https://serverfault.com/questions/76013/iis6-vs-iis7-and-iis7-5-handling-urls-with-plus-sign-in-base-not-querystr) was to run this command on the server so that URL's with "plus signs" in the URL's would be allowed.
%windir%\system32\inetsrv\appcmd set config "WebSiteName"
-section:system.webServer/security/requestFiltering -allowDoubleEscaping:true
Problem with external redirects
Confluence itself, seems to work perfectly BUT when attempting to edit a module from an external application (LucidChart Diagrams it fails), because a redirection to the external application also is rewritten, e.g. an attempt is made to redirect to this URL:
http://docs.unimaze.com/documents/edit/4b157fd9-8e28-4d70-8587-0fdd0839fbca?callback=...
when the redirect should actually be to the external application, so it should remain untouched by the rewriting rule:
https://www.lucidchart.com/documents/edit/4b157fd9-8e28-4d70-8587-0fdd0839fbca?callback=...
Is there an easy way to solve this?
This here helped: appcmd.exe set config -section:system.webServer/proxy /reverseRewriteHostInResponseHeaders:"False" -commit:apphost
In UI, the setting corresponding to this action on the Application Request Routing in IIS on the server node (select „Server Proxy Settings“) should be unchecked.
However, this had the effect that the page can not be loaded in Internet Explorer 11 L
The page is shown, but with empty space where the diagram is and it tries loading something forever.
In Firefox and Chrome it works fine.
I have no idea why it "freezes" in IE 11. Will check from other machines to see if this is always happening or not.
The easiest way to handle this is to take advantage of IIS host headers and make the proxied site believe it is responding as www.example.com:80 rather than localhost:8080. It turns out the AAR reverse proxy has an equivalent of Apache's ProxyPerserveHost setting it just isn't very well documented nor exposed in the UI.
To enable this setting you will need to open an elevated shell and run:
%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/proxy -preserveHostHeader:true
Then configure the target site to listen at 127.0.0.1:80 with the appropriate host header and then configure the proxy to proxy back to localhost with the request and it should line up.
I would like to rewrite a subdomain so it is passed as a querystring to a site. Take the following scenario.
IIS Config:
Site A (bindings: *, site-a.com)
Site B (bindings: site-b.com)
Rewrite rules:
"sub1.site-a.com" -- rewrite to -> "site-a.com"
"sub2.site-a.com" -- rewrite to -> "site-a.com"
"sub1.site-b.com" -- rewrite to -> "site-b.com?subdomain=sub1"
"sub2.site-b.com" -- rewrite to -> "site-b.com?subdomain=sub2"
If I make the rewrite rules in the IIS server settings, site-a.com will capture all the rewrites because the original url match the default binding on site-a.com instead of matching the bindings against the rewritten urls. Is there any way around this behavior?
If you were to place a reverse proxy in front, say Apache, this would be possible with mod_rewrite.
I do not think that there is any clear way to do this in IIS as it stands.
You need two IP address or move a part of your redirection logic in the websites.
Second solution may not be acceptable, so get a second IP address. It's justified so you won't have any problem to get it.
The solution was to use the proxy in ARR (Application Request Routing). When you write a rewrite rule with "http://" it will be routed through ARR. Problem solved.
I'm looking into to having IIS doing authentication in an application being executed on a J2EE server (JBoss). Is there any ways to have IIS work as reverse proxy and propagating the username and/or roles of the user the proxied application (JBoss). And also what IIS version would I need, if it's possible?
I have license for IIS, so I'd like to do it in IIS, but otherwise I'd prefer open source.
Thanks!
Tomas
It's not open source, but ApplicationRequestRouting for IIS 7.0 can act as a reverse proxy.
More Info:
http://blogs.iis.net/wonyoo/archive/2008/07/09/application-request-routing-arr-as-a-reverse-proxy.aspx
Download:
http://www.iis.net/extensions/ApplicationRequestRouting
Microsoft ISA server does that - you may want to look at that first.
IIRF does reverse proxy and URL rewriting for IIS5/6/7.
It's open source, and uses a syntax evry similar to mod_proxy / .htaccess for its rules.
You need v2.0 to get the reverse proxy capability.
You might like to look at http://www.managedfusion.com/products/url-rewriter/