After posting this question:
https://stackoverflow.com/questions/20891667/how-to-ignore-a-rule-if-the-rewrite-page-is-not-200-ok-status
I stumbled across this:
nginx as load balancer server out 404 page based on HTTP response from app server
Which, correct me if I'm wrong but, basically says Nginx can do what I need using
proxy_intercept_errors (From nginx.org)
Determines whether proxied responses with codes greater than or equal to 300 should be passed to a client or be redirected to nginx for processing with the error_page directive.
Yes!
This is exactly what I'm looking for.
Does IIS7.5 URL Rewrite 2.0 + ARR have this functionality? Or is this something that is exclusive for Nginx servers only?
Related
I'm trying to setup a reverse proxy in IIS 10 using some fake urls.
In my host file I set up :
127.0.0.1 somedomain.com
Then I created a website in IIS 10 binding to this domain and a fake page :
When typing somedomain.com on chrome, the fake page shows properly. I assume the fake domain website works.
I have then another website with a reverse proy rewrite rule. I expect requests to the new website to be rewritten and show the first somedomain.com
When running my reverse proxy website I'm getting the error :
HTTP Error 400.605 - Bad Request
The request cannot be routed because it has reached the Max-Forwards limit. The server may be self-referencing itself in request routing topology.
Does anyone know what I'm doing wrong please ?
I tried changing the rule action type to "Redirect" and I can see that the redirection works correctly.
Problem:
Need to proxy pass requests that ONLY matches the pattern: mywebsite.com/two-letter-country-code e.g mywebsite.com/es/ to mywebsite.vendor.com/es this second url is a Third-party vendor that will return content translated.
Work In progress:
IIS doesn't natively support ProxyPass so I installed "Application Request Routing (ARR)" to configure a forward proxy following the instructions in this article https://www.iis.net/learn/extensions/configuring-application-request-routing-arr/creating-a-forward-proxy-using-application-request-routing, in the step 14 while configuring the rewrite rule it says to add:
Rewrite URL: http://{C:1}/{R:0}
If my understand is correct in my case I will want to do something like
Rewrite URL: http://mywebsite.sl.vendor.com/{C:#}
Where {C:#} will return "es" or whatever the language the URL is going to.
My questions
1. Is my rewrite understanding correct?
2. Do I have to configure the Server Farms?
I noticed that by installing ARR, "Server Farm" is now available for configuration, but not sure if there is anything I need to do there.
1. Is my rewrite understanding correct?
No, since I wanted to match the two letter country codes the Patter should be:
^([a-z]{2}/(.*)|/[a-z]{2}$)
And the Rewrite URL under Action Properties should be:
https://mywebsite.sl.vendor.com/{R:0}
{R:0} will be the back-reference of specified pattern so an incoming request for mywebsite.com/es/ will be proxy passed as mywebsite.vendor.com/es were {R:0}=es/ as expected
2. Do I have to configure the Server Farms?
Is not require to do any special configuration in the server Farms to get the forward proxy working.
The third party service I was forwarding the request to, require to have the host header to be the server forwarding the request in this case mywebsite.com but in their end they were receiving mywebsite.vendor.com, to accomplish this you have to set the property preserveHostHeader to true, this can be found in the Configuration Editor
I essentially have the same issue as desribed here Redirect HTTP to HTTPS in Azure Application Gateway but am trying to solve it a different way.
My back end web application works fine when both http and https are open on the AAG, however when you click on a link generated by the webapp to another page the url sent back to the client is for http not https. Obcviously the proper solution is to make the web app aware it is behind a reverse proxy and generate links accordingly.
In the short term I have been attempting, and failing, to use the IIS url rewrite module to either:
a) Using an inbound rule, rewrite (not redirect) the incoming URLs as https which ought to force the responses to contain https urls (a redirect causes an infitite loop as AAG forwards everything to the back end web servers as http). I'm guessing this is impossible because its essentially creating a secure channel between itself.
b) Using an outbound rule, rewrite the responses so the urls are https instead of http. This is proving to be very difficult as I don't understand what parts of the responses I need to be modifying. I'm hoping this approach is possible though?
For the uninitiated, the answer is to use custom tags in an outbound rule, which match the html elements containing the values that need modifying.
The drawback is of course that it means the web server is having to do a patter match & replace on every single page it serves unless you can use conditions to limit the scope. Still very inefficient compared to fixing the code so it is proxy aware!
I have a reverse proxy server on which mod_security is configured to be used as web application firewall and varnish is for cache. I have blocked a country but as request hit Varnish and getting served. The setup is like below
Request > Varnish[80] > Mod_security/HTTPD[8080]
On opening page on 8080, the rule is working , but on 80 the request is getting served by the Varnish.
You will need to put your geolocation rules into varnish for it to get use of varnish (alternatives are really bad for cache hitrates). Theres a VMOD for geo-location called https://github.com/varnish/libvmod-geoip
I have 2 web sites installed on the same IIS server. I need them both to listen on port 443 with HTTPS. I want them to use different application pools and be able to stop and start one without affecting the other. The clients of these websites are not able to configure the host header that they use in their HTTP requests.
Is there a solution? I have been trying to use IIS Rewrite rules. I have one website deployed on port 443 and the other on some unusual port. I tried setting up a URL rewrite on the first one that did a rewrite (not a redirect) to an absolute URL referencing the 2nd site on the unusual port. This always seems to produce an HTTP 404 response.
I can't do a redirect because the client gets redirected to the unusual port and the client is not allowed to make internet requests to non-standard ports.
I believe I am using IIS 6.2, that's what is says in the Help about in IIS MAnager
What options do I have?
It is not possible to rewrite to different applications in IIS, especially if they are in different application pools. Your only option is redirect if you want to do it simply using URL Rewrite.
Another alternative is to use ARR (Application Request Routing) and then proxy the call to the actual site depending on rules, this has also the advantage that sites could be in different machines or in the same one, and give you more flexibility. Obviously it does come with more complexity.