I am setting up different web applications on a Win 2008 R2 server. I am trying to accomplish the following:
http://myserver/ should point to a local folder with static html pages
http://myserver/crm should "rewrite" to http://myserver:1234/ where I have installed a web based CRM application.
We have a change process to open firewall ports so instead of getting them to open the 1234 port, I would rather have people just go via http://myserver/crm and IIS should hide the port business behind scenes.
Do I need a reverse proxy in this case? Or a simple inbound rule?
At which website should I configure this rule?
Do I need to create a "CRM" virtual directory under default website?
Also, any rule example would help.
I hope this will accomplish the objective of not needing to open ports in firewall...?
Thanks
(Sorry if this is similar to another question, but I wasn't sure if I need a reverse proxy or a simple inbound rule.)
You need inbound and outbound rule. The method to achieve this goal is called reverse proxy.
On the level of Website handling http://myserver/ domain or Global level.
No.
Use the rules below as a starting point.
I would say it's possible to achieve your goal using reverse proxy.
IIS Rewrite Rules:
<rules>
<rule name="CrmInbound">
<match url="^crm(.*)" />
<action type="Rewrite" url="http://myserver:1234/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="CrmOutbound" preCondition="OnlyHtml">
<match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Img, Input, Link, Script" pattern="http://myserver:1234(.*)" />
<action type="Rewrite" value="http://myserver/crm(.*)" />
</rule>
<preConditions>
<preCondition name="OnlyHtml">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
Related
I have an IIS server hosting a few external domains and also an internal web app, also I have a woocommerce site sitting on an apache server. The IIS server sits on a fixed public IP address and the Apache server also on another fixed public IP. All infrastructure is in house. We are shortly giving up out /29 network for a single fixed IP /32 network. I was planning to use ARR and URL rewrite to have both the IIS and Apache server utilize 1 fixed public IP.
I installed ARR on the IIS box and configured the following web.config, note that bost the IIS box and Apache box have valid certificates.
<configuration>
<system.webServer>
<rewrite>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A, Form, Img" pattern="^http(s)?://192.168.8.100/(.*)" />
<action type="Rewrite" value="http{R:1}://test.example.com/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
<rules>
<clear />
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<action type="Rewrite" url="{C:1}://192.168.8.100/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
192.168.8.100 being the internal server hosting woocommerce on Apache. So what works after this is that https://test.example.com works fine reverse proxied to appache from IIS, test.example.com also works fine. However http://test.example.com fails with ERR_TOO_MANY_REDIRECTS which I can see using fidler.
Things I have tried
Turning off 'Reverse rewrite host in response headers' in ARR, this stops the too many redirects but shows the host as the 192.168.8.100 address and obviously fails the cert, however woocommerce site comes up fine.
Adding a rewrite rule for HTTP to HTTPS to Apache at /etc/apache2/sites-available/wordpress.conf - This made no difference to the too many redirects error.
Adding a redirect rule for HTTP to HTTPS in the .HTACCESS file at /var/www/wordpress/.htaccess - This made no difference to the too many redirects error.
Remove Really Simple SSL plugin from Wordpress - This made no difference to the too many redirects error.
I am now at my wits end as to what to try now.
Answering my own question, and it was a schoolboy error, when I tried the IIS HTTP --> (HTTPS) rewrite, I forgot to move it up ahead of the reverse proxy rule, hence it was never, ever going to execute it. Move it up and all works fine. Doh!
I set up some days ago an ELK 7 stack to monitor some logs in one place. For now it perfectly operational and works well from inside the network. I now want to access Kibana from outside the network without the need of a VPN.
I already have a website running in IIS which is served through a global reverse proxy. The website itself is doing nothing but there are 2 WebApplications under it (there's just a little app at the webiste root doing a redirect to the right app depending of the source of the request).
So at the moment, i have the following URLs available (servername could be either my machine name when i'm on the intranet or the external domain when i'm remoting) :
http(s)://servername/app1
http(s)://servername/app2
Now i would like to be able to get the following URL working to access Kibana
http(s)://servername/elk
For now i didn't manage to make it work - even internally - (so without involving the first global reverse proxy).
I set up a application under a website dedicated for testing purpose (so it won't mess with the real website). This is an extract of my web.config file for this application :
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="KibanaProxy">
<match url="(.*)" />
<action type="Rewrite" url="http://kibanahost:5601/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="KibanaRedirect" preCondition="Redirect">
<match serverVariable="RESPONSE_Location" pattern="^/(.*)" />
<action type="Rewrite" value="/elk/{R:1}" />
</rule>
<rule name="KibanaContent" preCondition="ResponseIsHtml1">
<match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Input, Link, Script" pattern="^/(.*)" />
<action type="Rewrite" value="/elk/{R:1}" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
I wrote a rule to handle the first redirect done when accessing the Kibana root and i tried to add a rewrite rule so external resources can be accessed also. It seems like i have still some other rewrites to do mainly because of URL inside bootstrap.js and such things like CSS... It seems like it's a pain to achieve and i wonder if anyone managed to accomplish such a proxying. If i can proxy Kibana correctly internally, i would be able to add an authentication layer thanks to IIS before trying to expose it over the internet through the global reverse proxy.
I recently got a SSL certificate for my website and want to redirect all traffic to HTTPS. I got everything to go to https://mydomain.com but if someone enters http://mydomain.com/anotherpage it drops the other page and just takes the user to the home page.
My rule in my web.config file looks like this:
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
I also tried https://{HTTP_HOST}{REQUEST_URI} without any success. Can anyone tell me what I need to do to make the website redirect to the proper HTTPS version of the page? I have a feeling it has something to do with the pattern, but I can't seem to figure out the syntax.
I found a way to do this, and you don't need the Rewrite module for it. The following worked for me on Windows 8 (IIS 8.5):
Remove the HTTP binding from your site (leave HTTPS in place)
Add another site
Make sure that the new site has HTTP binding
Configure HTTP Redirect as shown:
Now all HTTP request will redirect to your HTTPS site and will preserve the rest of the URL.
Change it to:
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
I had the same problem where the R:1 was dropping my folders.
I fixed it like this.
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"
appendQueryString="false" redirectType="SeeOther" />
</rule>
I can't comment yet or I'd leave this as a comment under AndyH's answer. The solution was correct, though I hit a single further snag (likely tied to the use of Adobe's Coldfusion server). I wanted to share some further research I had to do for any other unfortunate soul who may run into it.
Once set up, the redirect would always end at this url:
https://xxx.xxx.com/jakarta/isapi_redirect.dll
The fix for this was found in an Adobe thread (https://forums.adobe.com/thread/1034854): I had to change an application pool's settings as follows:
Real site (HTTPS binding only, actually contains code and virtual directories)
Application pool's Advanced Settings: Enable 32-Bit Applications : False
Http_Redirect site (HTTP binding only, is a blank shell of a folder with no directories)
Application pool's Advanced Settings: Enable 32-Bit Applications : True
EDIT: Another detail, tied to query string preservation:
Per suggestion in this post (http://www.developerfusion.com/code/4678/permanent-301-redirect-with-querystring-in-iis/)
Add $S$Q at the end of the domain and make sure the box for Redirect all requests to exact destination is checked. Then it will save the query string as well.
I believe AndyH's answer to be the easiest and best way. I have found using the URL rewrite can also conflict with code that may redirect the user to another page. IT commonly broke in our environment. But Andy's solution worked flawlessly. I also think Andy's solution will put less overhead on the server as it doesn't need to examine every url hitting it for possible re-write conditions.
I found a workaround:
Consider what in IIS is consired a website: simply a set of rules, the path in which get files and its bindings.
Furthermore, there's available a function called "HTTP Redirect" (included standardly in IIS), that redirect an host to another, keeping all subdirectory (it makes a relative path). The workaround is to leave just the binding for HTTPS (port 443) in your website, and create another with the binding on HTTP (port 80) and set for this an HTTP redirect to your URL with https://.
For example, consider a website called mytest and its urls http://www.mytest.com/ and https://www.mytest.com/.
Set for it instead only binding on https://www.mytest.com/, and delete the http binding. Then create a new website with the same local path, called mytest http with just a binding over port 80 (http://www.mytest.com/) and set for this one an HTTP Redirect to https://www.mytest.com/.
Simple and clean, and that should be as fast as directly the https url for the user, because it's just an internal redirect. I hope that can work for you!
You can add the URL Rewrite module to IIS (IIS 7 or higher) which allows you to add create the redirect in a visual way. The module can be downloaded here.
This step-by-step tutorial worked wonders for me and explains that when using this module, all it actually does is add some code to your web.config file as such:
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
I have found that the
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
syntax will only work for the website's ROOT web.config file.
If the rewrite rule is applied to a virtual web.config file, then use..
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{URL}" />
The {URL} syntax will include the initial forward slash, the virtual path, and any URL parameters.
I have a phpBB server running on one box. I want to expose it via our main server that is running IIS7. The inbound rewrites appear to be working perfectly. But I cannot seem to get the outbound to do anything all.
Here is my config:
<rewrite>
<rules>
<rule name="forums - inbound reverse proxy">
<match url="^gamer/forums/(.*)" />
<action type="Rewrite" url="http://phpbbsrv/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="forums - outbound HTTP rewrites">
<match pattern="(.*)://phpbbsrv/(.*)" />
<action type="Rewrite" value="{R:1}://{HTTP_HOST}/gamer/forums/{R:2}" />
</rule>
</outboundRules>
</rewrite>
When logging into phpBB3, the "You have been successfully logged in" page has a META refresh tag and a normal A HREF link that both contain http://phpbbsrv/. They aren't being rewritten. I've turned on Failed Request Tracing, but it apparently doesn't log much with outbound rules.
Thoughts on how to proceed?
I might need to get some sleep. Apparently I meant to use SERVER_NAME, not HTTP_HOST, in the outbound rule. It is doing exactly what I told it to do...as computers tend to do.
Sorry for the noise.
I'm currently planning to deploy a site with a third party hosting provider. I will only have access to the server via ftp and a tool similar to cpanel called WebsitePanel.
No access to IIS set up or configs.
Is there anyway to redirect http://www.example.com to http://example.com?
Place this in your web.config using your values for domain.com. This leverages the URL rewrite rules of the web.config and IIS 7.
<system.webServer> / <rewrite> / <rules>
<rule name="Remove WWW prefix" >
<match url="(.*)" ignoreCase="true" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\.domain\.com" />
</conditions>
<action type="Redirect" url="http://domain.com/{R:1}"
redirectType="Permanent" />
</rule>
Typically, the "tool similar to cpanel" should give you this option.
Failing that, you should be able to:
a) set a custom 404 page pointing, to, say, myredirector.asp [or whatever server-side script you wish to use]
b) in myredirector.asp [or whatever] , do a server-side redirect as appropriate.
Not as clean as a straight IIS redirect, but it works pretty good.
I'd suggest you do this through the domain's DNS configuration, rather than through your application. It's much simpler and doesn't rely on application code to work (so if you deploy a whole new application, you don't have to remember to add any config entries or similar).
Same thing can be done to add the prefix www also. A blog post for the same at following URL:
http://karmic-development.blogspot.in/2013/10/add-prefix-www-automatically-in-url-in.html