We have Reverse proxies looking like:
<rule name="ReverseProxy to service" stopProcessing="true">
<match url="^service" />
<action type="Rewrite" logRewrittenUrl="true" url="https://myco.com/{R:0}" />
</rule>
This Reverse Proxy points to a service that makes a SSO and redirects the visitor to an external site. We can fix the redirect with this solution: IIS reverse proxy interfering with redirect location header.
But when we disable "Reverse rewrite host in response headers" option, we face another error. Any internal redirection is set to public, though it should be proxy passed. It also affects session/cookie handling as it's impossible to log out as session/cookies are not cleared.
I have also tried this solution: IIS AAR - URL Rewrite for reverse proxy - how to send HTTP_HOST
But with preserveHostHeader enabled all Reverse proxies returns Bad Request.
How can I keep "Reverse rewrite host in response headers" option enabled and still keep the redirections to external sites work?
Related
Can't get serverside script to respond to client browser accessed via alias URL.
I have a web site with URL "abc.com" running on Windows Server.
I also have other URL's -- lets call them "pqr.com" and "xyz.com" which are redirected to "abc.com" via CName records.
There is a web page on abc.com that has a form with two entry fields.
Filling in the fields and submitting the form sends control to the server where a vbscript obtains the inputs from the form and echoes them back to the user via Response.write commands.
I have added rewrite instuctions to the web.config file:
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect" stopProcessing="true">
<match url="regex" />
<action type="Rewrite" url="/abc.com" />
</rule>
</rules>
</rewrite>
</system.webServer>
When accessing the site using abc.com as the URL, things work fine. However, when using one of the aliases, the page with the form appears but nothing happens after hitting the submit button. It's not clear if anything is being sent to the server or if the vbscript on the server is not getting the information sent back to the user's browser.
I have added rewrite instructions to the web.config file:
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect" stopProcessing="true">
<match url="regex" />
<action type="Rewrite" url="/abc.com" />
</rule>
</rules>
</rewrite>
</system.webServer>
I need the response to client browser accessing via alias URL to work just as when client accesses via non-alias URL.
Does HTTP Redirection need to be installed on the server?
Does the vbscript need to have some redirection code?
Are there any suggestions you can offer?
Thanks.
We want to display content of "https" site under my "http" site so, we are using IIS Rewrite module. (Same as CNAME)
We have created Inbound rules for same. However we are facing below error.
HTTP Error 502.3 - Bad Gateway
A connection with the server could not be established
If I use same rule in http site than it is working. Means We are able to display any http site content under my http site.
It is also working when we use "Redirect" action type but Here we want "Rewrite" action in rule because we do'not want to display another site Url
Inbound Rules and further details are here
I have a reverser proxy setup with ARR and URL Rewite on IIS 8.5
public site exposed is http:/publicsite
http:/publicsite act as a reverse proxy to the internal site http:/internalsite
Every thing was working fine till we implement SSO for the internal site.
Once sso is implemeted internal site is redirecting to http:/ssosite to get authenticated
Since in ARR we have enabled the option "Reverse rewrite host in response headers" the redirection to sso site was not proper.
To make it work "Reverse rewrite host in response headers" is disabled. and the sso redirection started working.
But now the issue happening is after succesful login the ADFS tries to redirect to http:/publicsite. and reverse proxy respond with a 302 and the location in the response is http:/internalsite and the client machine doesnt have access to.
In the same browser if i try to access the site http:/publicsite again everything is working as expected because it is already authenticated and no redirection required to sso site and back to application.
My understanding is the response header is not getting re written since we have disabled the "Reverse rewrite host in response headers" option.
Set preserveHostHeader="true" in applicationhost.config in the reverse proxy server. This solved the issue.
https://forums.iis.net/t/1176668.aspx
I successfully redirect from HTTP to HTTPS using this UrlRewriteFilter rule:
<rule>
<condition type="scheme" operator="notequal">https</condition>
<condition name="host" operator="equal">pokercopilot.com</condition>
<from>^/(.*)</from>
<to type="permanent-redirect" last="true">https://pokercopilot.com/$1</to>
</rule>
In the same Tomcat web app, we have fr.pokercopilot.com, es.pokercopilot.com, etc. I'd also like to redirect them from http to https.
The current rule is redirecting every URL from http://XX.pokercopilot.com/ to https://pokercopilot.com/ - we are losing the subdomain info.
How can I do the redirect while keeping the subdomain info intact?
I have an Amazon EC2 Web Server instance which serves gzipped content when the Accept-Encoding header is set to gzip. But when I make the same request with the exact same header to a CloudFront CDN with the origin server as my Amazon EC2 instance, it doesn't send back a gzipped response.
I also tried creating a new CloudFront distribution(because I thought that the old distribution might have uncompressed response cached) and then making the same request and I still get an uncompressed response.
Can someone please tell me what I may be missing?
This has been marked as a possible duplicate of a question relating to S3. The question is around EC2 - not S3, so I don't think this is a duplicate.
You’re likely seeing this issue due to Cloudfront adding a ‘Via’ header to the requests made to your origin server - it’s a know issue with IIS.
If you were to look at the incoming HTTP requests to your origin, you’d see something like this in your HTTP headers:
Via=1.1 9dc1db658f6cee1429b5ff20764c5b07.cloudfront.net (CloudFront)
X-Amz-Cf-Id=k7rFUA2mss4oJDdT7rA0HyjG_XV__XwBV14juZ8ZAQCrbfOrye438A==
X-Forwarded-For=121.125.239.19, 116.127.54.19
The addition of a ‘Via’ header is standard proxy server behaviour. When IIS sees this, it drops the gzip encryption (I’m guessing due to an assumption that older proxy servers couldn’t handle compressed content).
If you make the following changes to your applicationHost.config, you should rectify the issue:
<location path="Your Site">
<system.webServer>
<httpCompression noCompressionForHttp10="false" noCompressionForProxies="false" />
</system.webServer>
</location>
The other issue to watch out for is that IIS doesn’t always compress the first response it receives for a given resource, therefore, Cloudfront may make a request to the origin, receive, cache and then serve uncompressed version of the content to subsequent visitors. Again you can modify this behaviour using the serverRuntime settings in the applicationHost.config:
<location path="Your Site">
<system.webServer>
<httpCompression noCompressionForHttp10="false" noCompressionForProxies="false" />
<serverRuntime frequentHitThreshold="1" frequentHitTimePeriod="00:00:05" />
</system.webServer>
More details on these settings here:
http://www.iis.net/configreference/system.webserver/serverruntime
http://www.iis.net/configreference/system.webserver/httpcompression
Credit to this blog post for explaining the issue:
http://codepolice.net/2012/06/26/problems-with-gzip-when-using-iis-7-5-as-an-origin-server-for-a-cdn/