I'm looking into to having IIS doing authentication in an application being executed on a J2EE server (JBoss). Is there any ways to have IIS work as reverse proxy and propagating the username and/or roles of the user the proxied application (JBoss). And also what IIS version would I need, if it's possible?
I have license for IIS, so I'd like to do it in IIS, but otherwise I'd prefer open source.
Thanks!
Tomas
It's not open source, but ApplicationRequestRouting for IIS 7.0 can act as a reverse proxy.
More Info:
http://blogs.iis.net/wonyoo/archive/2008/07/09/application-request-routing-arr-as-a-reverse-proxy.aspx
Download:
http://www.iis.net/extensions/ApplicationRequestRouting
Microsoft ISA server does that - you may want to look at that first.
IIRF does reverse proxy and URL rewriting for IIS5/6/7.
It's open source, and uses a syntax evry similar to mod_proxy / .htaccess for its rules.
You need v2.0 to get the reverse proxy capability.
You might like to look at http://www.managedfusion.com/products/url-rewriter/
Related
I have two sites in my IIS 8 server. Site MyProjectA and MyProjectB, for each project I have a domain name, lets say myprojecta.com and myprojectb.com. I have set in my DNS provider that both domains points to the server IP. I have configured so MyProjectA runs on 443 and MyprojectB runs on 8181, both SSL.
So if I browse to:
https://myprojecta.com I see MyProjectA and its working fine
If I browse to:
https://myprojectb.com:8181 I see MyProjectB and that is working
fine.
But now I wonder, how can I configure so I can omit the :8181 part, and in turn reach MyProjectB site by browsing to https://myprojectb.com only (and with correct certificate). As far as I understood this should be possible with a reverse proxy configuration in IIS but I cannot get it to work. Anyone can help how to achieve that?
Since you are using IIS 8, the simplest approach is to set up multiple HTTPS sites at port 443 using SNI support. Then there is no need of reverse proxy.
Reference
I want to use a reverse proxy to point one of my endpoints to a resource that's hosted elsewhere. My primary server (where everything else is hosted) is in an Azure Web App and is otherwise working perfectly.
I've been using this seemingly failproof article along with the other links mentioned at the bottom of it: https://blogs.msdn.microsoft.com/zhiliang_xus_blog/2016/01/19/build-a-google-reverse-proxy-site-on-azure-web-app-in-less-than-3-minutes/
As a baseline, I used a Web App with no additional code and confirmed that the reverse proxy works. This was done by manually creating/editing the web.config file and applicationHost.xdt file then restarting the server.
I've tried 3 separate approaches (all on clean, new web apps) all of which are failing for me:
Push my code, confirm it works, then follow the reverse proxy steps manually
Follow the steps manually, confirm reverse proxy works, then push my code
Put the reverse proxy files into my codebase and push everything at the same time
None of these 3 approaches are working. Is this a bug in Azure? How can I try to figure this out?
Post XML Transformation (XDT), have you restarted the site?
I would suggest you to take a look at this blog from Ruslan:
http://ruslany.net/2014/05/using-azure-web-site-as-a-reverse-proxy/
It talks about using a Site extension. It implements the reverse proxy and it does the XDT transformation for you.
If the above is setup correctly, then there is something wrong with the URL Rewrite rules. I would recommend you to enable Failed Request Tracing and debug this further.
The link/way you posted used URL Rewrite to implement a reverse proxy. I tested it and it worked fine with my empty web application. After published a web application to the Azure Web App(For example, an ASP.NET MVC web application), the URL Rewrite stopped working. The reason is that all the requests to your web application are routed by ASP.NET route module.
To enable URL Rewrite for some URLs, we need to disable ASP.NET route for these URLs. For example, if you want to rewrite all the requests with "product/xxx" format to another site. You could add following code to RouteConfig.cs file.
routes.Ignore("product/{action}");
The problem in this specific case was the location of my web.config file.
It needs to be in the root directory of the application which, in my case, was not site\wwwroot. My code was being generated and copied into site\wwwroot\dist. Putting the config file in that directory fixed the problem.
Additionally, there are logs that can be enabled to get some insight as to what's going on: https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-enable-diagnostic-log
Confluence IIS Reverse Proxy Setup
I have set up a reverse proxy on IIS 7.5 for Atlassian Confluence according to instructions found in the internet.
I wanted to redirect all traffic to "docs.unimaze.com" to "localhost:8090" on the same server.
This is how I did it:
Installed URL Rewrite 2.0
Installed Application Request Routing 3.0
Set up a reverse proxy rule:
Match URL: Matches the pattern (.*) using regular expressions (ignore case)
Conditions: (none)
Server variables: (none)
Action: Rewrite with http://localhost:8090/{R:1} (append to query string and stop processing of subsequent rules.
The only other thing I had to in order to make everything work (from https://serverfault.com/questions/76013/iis6-vs-iis7-and-iis7-5-handling-urls-with-plus-sign-in-base-not-querystr) was to run this command on the server so that URL's with "plus signs" in the URL's would be allowed.
%windir%\system32\inetsrv\appcmd set config "WebSiteName"
-section:system.webServer/security/requestFiltering -allowDoubleEscaping:true
Problem with external redirects
Confluence itself, seems to work perfectly BUT when attempting to edit a module from an external application (LucidChart Diagrams it fails), because a redirection to the external application also is rewritten, e.g. an attempt is made to redirect to this URL:
http://docs.unimaze.com/documents/edit/4b157fd9-8e28-4d70-8587-0fdd0839fbca?callback=...
when the redirect should actually be to the external application, so it should remain untouched by the rewriting rule:
https://www.lucidchart.com/documents/edit/4b157fd9-8e28-4d70-8587-0fdd0839fbca?callback=...
Is there an easy way to solve this?
This here helped: appcmd.exe set config -section:system.webServer/proxy /reverseRewriteHostInResponseHeaders:"False" -commit:apphost
In UI, the setting corresponding to this action on the Application Request Routing in IIS on the server node (select „Server Proxy Settings“) should be unchecked.
However, this had the effect that the page can not be loaded in Internet Explorer 11 L
The page is shown, but with empty space where the diagram is and it tries loading something forever.
In Firefox and Chrome it works fine.
I have no idea why it "freezes" in IE 11. Will check from other machines to see if this is always happening or not.
The easiest way to handle this is to take advantage of IIS host headers and make the proxied site believe it is responding as www.example.com:80 rather than localhost:8080. It turns out the AAR reverse proxy has an equivalent of Apache's ProxyPerserveHost setting it just isn't very well documented nor exposed in the UI.
To enable this setting you will need to open an elevated shell and run:
%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/proxy -preserveHostHeader:true
Then configure the target site to listen at 127.0.0.1:80 with the appropriate host header and then configure the proxy to proxy back to localhost with the request and it should line up.
I have a web app that is composed from 2 apps:
- a simple PHP presentation site that handle account creation
- an API ran by a Tomcat server
I have the apache setup to server at mydomain.com the PHP, but I want to server at mydomain.com/api the Java app that runs on 127.0.0.1:8080.
I know how to do this using api.mydomain.com, but I have single site SSL certificate that does not cover subdomains, this is why I need to do this by path.
Is this possible?
I guess you are looking for a reverse proxy.
See: http://www.linuxjournal.com/content/protect-your-ports-reverse-proxy?page=0,0
Edit: I think below two links are closer to your use case
https://stackoverflow.com/a/1252993/115896
http://blog.lundscape.com/2009/05/configure-a-reverse-proxy-with-apache/
I have a CppCMS based application and I cant use IIS's FastCGI connector as
it is broken for my use thus I want to try to
use the internal HTTP server designed for debug purposes behind IIS.
I it is quite simple web server for an application that handles basic HTTP/1.0 requests
and does not care too much about security like DoS, file serving and more.
So I'd like to know if it is possible to use IIS in front of such application such that
it would:
Sanitize all requests - ensure that they are proper HTTP
Handle all DoS issues like timeouts
Serve the static files.
Is this something that can be configured and done at all?
I would suggest this is the wrong way of doing this. I would use a web server like Nginx to proxy the requests through to backend server. It is very configurable and you will find a lot of articles with doing it to Apache.
We just did something like this. You want the URL Rewriter module. You can use it to sanitize the URLs, however, it isn't going to sanitize the payload. Which is to say, you can make sure that the URLs that hit your box are very specific ones, e.g. not attempts to hits CGI, but you can't use it to make sure that the contents of an upload are safe.
ModSecurity is out for IIS now, it can handle lots of the security related issues.