I have a phpBB server running on one box. I want to expose it via our main server that is running IIS7. The inbound rewrites appear to be working perfectly. But I cannot seem to get the outbound to do anything all.
Here is my config:
<rewrite>
<rules>
<rule name="forums - inbound reverse proxy">
<match url="^gamer/forums/(.*)" />
<action type="Rewrite" url="http://phpbbsrv/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="forums - outbound HTTP rewrites">
<match pattern="(.*)://phpbbsrv/(.*)" />
<action type="Rewrite" value="{R:1}://{HTTP_HOST}/gamer/forums/{R:2}" />
</rule>
</outboundRules>
</rewrite>
When logging into phpBB3, the "You have been successfully logged in" page has a META refresh tag and a normal A HREF link that both contain http://phpbbsrv/. They aren't being rewritten. I've turned on Failed Request Tracing, but it apparently doesn't log much with outbound rules.
Thoughts on how to proceed?
I might need to get some sleep. Apparently I meant to use SERVER_NAME, not HTTP_HOST, in the outbound rule. It is doing exactly what I told it to do...as computers tend to do.
Sorry for the noise.
Related
I have an IIS server hosting a few external domains and also an internal web app, also I have a woocommerce site sitting on an apache server. The IIS server sits on a fixed public IP address and the Apache server also on another fixed public IP. All infrastructure is in house. We are shortly giving up out /29 network for a single fixed IP /32 network. I was planning to use ARR and URL rewrite to have both the IIS and Apache server utilize 1 fixed public IP.
I installed ARR on the IIS box and configured the following web.config, note that bost the IIS box and Apache box have valid certificates.
<configuration>
<system.webServer>
<rewrite>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A, Form, Img" pattern="^http(s)?://192.168.8.100/(.*)" />
<action type="Rewrite" value="http{R:1}://test.example.com/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
<rules>
<clear />
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<action type="Rewrite" url="{C:1}://192.168.8.100/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
192.168.8.100 being the internal server hosting woocommerce on Apache. So what works after this is that https://test.example.com works fine reverse proxied to appache from IIS, test.example.com also works fine. However http://test.example.com fails with ERR_TOO_MANY_REDIRECTS which I can see using fidler.
Things I have tried
Turning off 'Reverse rewrite host in response headers' in ARR, this stops the too many redirects but shows the host as the 192.168.8.100 address and obviously fails the cert, however woocommerce site comes up fine.
Adding a rewrite rule for HTTP to HTTPS to Apache at /etc/apache2/sites-available/wordpress.conf - This made no difference to the too many redirects error.
Adding a redirect rule for HTTP to HTTPS in the .HTACCESS file at /var/www/wordpress/.htaccess - This made no difference to the too many redirects error.
Remove Really Simple SSL plugin from Wordpress - This made no difference to the too many redirects error.
I am now at my wits end as to what to try now.
Answering my own question, and it was a schoolboy error, when I tried the IIS HTTP --> (HTTPS) rewrite, I forgot to move it up ahead of the reverse proxy rule, hence it was never, ever going to execute it. Move it up and all works fine. Doh!
I set up some days ago an ELK 7 stack to monitor some logs in one place. For now it perfectly operational and works well from inside the network. I now want to access Kibana from outside the network without the need of a VPN.
I already have a website running in IIS which is served through a global reverse proxy. The website itself is doing nothing but there are 2 WebApplications under it (there's just a little app at the webiste root doing a redirect to the right app depending of the source of the request).
So at the moment, i have the following URLs available (servername could be either my machine name when i'm on the intranet or the external domain when i'm remoting) :
http(s)://servername/app1
http(s)://servername/app2
Now i would like to be able to get the following URL working to access Kibana
http(s)://servername/elk
For now i didn't manage to make it work - even internally - (so without involving the first global reverse proxy).
I set up a application under a website dedicated for testing purpose (so it won't mess with the real website). This is an extract of my web.config file for this application :
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="KibanaProxy">
<match url="(.*)" />
<action type="Rewrite" url="http://kibanahost:5601/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="KibanaRedirect" preCondition="Redirect">
<match serverVariable="RESPONSE_Location" pattern="^/(.*)" />
<action type="Rewrite" value="/elk/{R:1}" />
</rule>
<rule name="KibanaContent" preCondition="ResponseIsHtml1">
<match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Input, Link, Script" pattern="^/(.*)" />
<action type="Rewrite" value="/elk/{R:1}" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
I wrote a rule to handle the first redirect done when accessing the Kibana root and i tried to add a rewrite rule so external resources can be accessed also. It seems like i have still some other rewrites to do mainly because of URL inside bootstrap.js and such things like CSS... It seems like it's a pain to achieve and i wonder if anyone managed to accomplish such a proxying. If i can proxy Kibana correctly internally, i would be able to add an authentication layer thanks to IIS before trying to expose it over the internet through the global reverse proxy.
I've got two websites.
XX.XX.XX.XXX:5917 which is a webforms website
And
XX.XX.XX.XXX:5916 which is an mvc website.
Both websites on the same IIS 7 server. I can navigate each website, login, etc.
However, when a user goes to XX.XX.XX.XXX:5917/Report I want the content from XX.XX.XX.XXX:5916/Report to be served up, but the url to remain XX.XX.XX.XXX:5917/Report.
To do this, I'm trying to set up a reverse proxy on the 5917 site to serve up content from 5916.
When I have a redirect rule in place, I can click a link in 5917 to Reports and it will take me to 5916/Reports. This works, but changes the address bar. When I use the Rewrite rule option, absolutely nothing discernible happens. If I screw up the end url in the action bracket then the page will break, so I know it's at least evaluating the rule.
Here is the 'working' redirect rule:
<rule name="Reverse Proxy to Reports" stopProcessing="true">
<match url="\bReport\b" />
<action type="Redirect" url="http://XX.XX.XX.XXX:5916/{R:0}" />
</rule>
Am I missing anything? Where do I go from here?
Try adding this on your XX.XX.XX.XXX:5917 WebForms web.config:
<system.webServer>
...
<rewrite>
...
<rules>
<rule name="ReverseProxyInboundRuleForReports" stopProcessing="true">
<match url="(Report/.*)" />
<action type="Rewrite" url="http://localhost:5916/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
You might need 'Application Request Routing' extension on IIS for it to work though. If so then you can get it from this link:
http://www.iis.net/downloads/microsoft/application-request-routing
You can also read more about the technique on this link:
http://weblogs.asp.net/owscott/creating-a-reverse-proxy-with-url-rewrite-for-iis
Good luck!
I recently got a SSL certificate for my website and want to redirect all traffic to HTTPS. I got everything to go to https://mydomain.com but if someone enters http://mydomain.com/anotherpage it drops the other page and just takes the user to the home page.
My rule in my web.config file looks like this:
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
I also tried https://{HTTP_HOST}{REQUEST_URI} without any success. Can anyone tell me what I need to do to make the website redirect to the proper HTTPS version of the page? I have a feeling it has something to do with the pattern, but I can't seem to figure out the syntax.
I found a way to do this, and you don't need the Rewrite module for it. The following worked for me on Windows 8 (IIS 8.5):
Remove the HTTP binding from your site (leave HTTPS in place)
Add another site
Make sure that the new site has HTTP binding
Configure HTTP Redirect as shown:
Now all HTTP request will redirect to your HTTPS site and will preserve the rest of the URL.
Change it to:
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
I had the same problem where the R:1 was dropping my folders.
I fixed it like this.
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"
appendQueryString="false" redirectType="SeeOther" />
</rule>
I can't comment yet or I'd leave this as a comment under AndyH's answer. The solution was correct, though I hit a single further snag (likely tied to the use of Adobe's Coldfusion server). I wanted to share some further research I had to do for any other unfortunate soul who may run into it.
Once set up, the redirect would always end at this url:
https://xxx.xxx.com/jakarta/isapi_redirect.dll
The fix for this was found in an Adobe thread (https://forums.adobe.com/thread/1034854): I had to change an application pool's settings as follows:
Real site (HTTPS binding only, actually contains code and virtual directories)
Application pool's Advanced Settings: Enable 32-Bit Applications : False
Http_Redirect site (HTTP binding only, is a blank shell of a folder with no directories)
Application pool's Advanced Settings: Enable 32-Bit Applications : True
EDIT: Another detail, tied to query string preservation:
Per suggestion in this post (http://www.developerfusion.com/code/4678/permanent-301-redirect-with-querystring-in-iis/)
Add $S$Q at the end of the domain and make sure the box for Redirect all requests to exact destination is checked. Then it will save the query string as well.
I believe AndyH's answer to be the easiest and best way. I have found using the URL rewrite can also conflict with code that may redirect the user to another page. IT commonly broke in our environment. But Andy's solution worked flawlessly. I also think Andy's solution will put less overhead on the server as it doesn't need to examine every url hitting it for possible re-write conditions.
I found a workaround:
Consider what in IIS is consired a website: simply a set of rules, the path in which get files and its bindings.
Furthermore, there's available a function called "HTTP Redirect" (included standardly in IIS), that redirect an host to another, keeping all subdirectory (it makes a relative path). The workaround is to leave just the binding for HTTPS (port 443) in your website, and create another with the binding on HTTP (port 80) and set for this an HTTP redirect to your URL with https://.
For example, consider a website called mytest and its urls http://www.mytest.com/ and https://www.mytest.com/.
Set for it instead only binding on https://www.mytest.com/, and delete the http binding. Then create a new website with the same local path, called mytest http with just a binding over port 80 (http://www.mytest.com/) and set for this one an HTTP Redirect to https://www.mytest.com/.
Simple and clean, and that should be as fast as directly the https url for the user, because it's just an internal redirect. I hope that can work for you!
You can add the URL Rewrite module to IIS (IIS 7 or higher) which allows you to add create the redirect in a visual way. The module can be downloaded here.
This step-by-step tutorial worked wonders for me and explains that when using this module, all it actually does is add some code to your web.config file as such:
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
I have found that the
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
syntax will only work for the website's ROOT web.config file.
If the rewrite rule is applied to a virtual web.config file, then use..
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{URL}" />
The {URL} syntax will include the initial forward slash, the virtual path, and any URL parameters.
I am setting up different web applications on a Win 2008 R2 server. I am trying to accomplish the following:
http://myserver/ should point to a local folder with static html pages
http://myserver/crm should "rewrite" to http://myserver:1234/ where I have installed a web based CRM application.
We have a change process to open firewall ports so instead of getting them to open the 1234 port, I would rather have people just go via http://myserver/crm and IIS should hide the port business behind scenes.
Do I need a reverse proxy in this case? Or a simple inbound rule?
At which website should I configure this rule?
Do I need to create a "CRM" virtual directory under default website?
Also, any rule example would help.
I hope this will accomplish the objective of not needing to open ports in firewall...?
Thanks
(Sorry if this is similar to another question, but I wasn't sure if I need a reverse proxy or a simple inbound rule.)
You need inbound and outbound rule. The method to achieve this goal is called reverse proxy.
On the level of Website handling http://myserver/ domain or Global level.
No.
Use the rules below as a starting point.
I would say it's possible to achieve your goal using reverse proxy.
IIS Rewrite Rules:
<rules>
<rule name="CrmInbound">
<match url="^crm(.*)" />
<action type="Rewrite" url="http://myserver:1234/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="CrmOutbound" preCondition="OnlyHtml">
<match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Img, Input, Link, Script" pattern="http://myserver:1234(.*)" />
<action type="Rewrite" value="http://myserver/crm(.*)" />
</rule>
<preConditions>
<preCondition name="OnlyHtml">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>