Join Log in
Score:0
DR Bot avatar Server

IIS Rewrite URL not working after configuring SSL cert for reverse proxy and application server

lu flag
DR Bot

We have a webserver with IIS reverse proxy and apps server with application, configured reverse proxy with http and the reverse proxy rules works fine.

The same application and reverse proxy after configuring with SSL certs, browser fails to load the application. Chrome browser throws "ERR_TOO_MANY_REDIRECTS"

Below is the working rewrite rule for HTTP.

    <rewrite>
<rules>
    <rule name="Reverse Proxy to EDS IDP Authenticate" enabled="true" stopProcessing="true">
        <match url="^(.*)" /> <!-- rule back-reference is captured here -->
        <conditions>
        <add input="{REQUEST_URI}" matchType="Pattern" pattern="(.*?)authuser.aspx" />
        </conditions>
        <action type="Rewrite" url="http://10.6.48.133:80/{R:1}" />
        <serverVariables>
                    <set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
                    <set name="HTTP_ACCEPT_ENCODING" value="" />
        </serverVariables>
    </rule>
    <rule name="Reverse Proxy to EDS return" enabled="true" stopProcessing="true">
        <match url="^(.*)" />
        <conditions>
        <add input="{REQUEST_URI}" matchType="Pattern" pattern="(.*?)/admin/settings/index.w3p" />
        </conditions>
        <action type="Rewrite" url="http://10.6.48.133:81/admin/settings/index.w3p" />
        <serverVariables>
                    <set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
                    <set name="HTTP_ACCEPT_ENCODING" value="" />
        </serverVariables>
    </rule>
    <rule name="Reverse Proxy to EDS View Settings" enabled="true" stopProcessing="true">
        <match url="^(.*)" />
        <conditions>
        <add input="{REQUEST_URI}" matchType="Pattern" pattern="(.*?)index.w3p" />
        </conditions>
        <action type="Rewrite" url="http://10.6.48.133:81/index.w3p" />
        <serverVariables>
                    <set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
                    <set name="HTTP_ACCEPT_ENCODING" value="" />
        </serverVariables>
    </rule>
    <rule name="Reverse Proxy to EDS" enabled="true" stopProcessing="true">
        <match url="^(.*)" />
        <action type="Rewrite" url="http://10.6.48.133:81/{R:1}" />
        <serverVariables>
                    <set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
                    <set name="HTTP_ACCEPT_ENCODING" value="" />
        </serverVariables>
    </rule> 
</rules>
<outboundRules>
            <rule name="EDS" preCondition="ResponseIsHtml1" enabled="true">
                <match filterByTags="A, Form, Head, Img, Link, Script" pattern="^http(s)?://10.6.48.133:81/(.*)" />
                <action type="Rewrite" value="http{R:1}://10.6.48.134:81/{R:2}" />
            </rule> 
            <rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
                <match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
                <action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
            </rule>
            <preConditions>
                <preCondition name="ResponseIsHtml1">
                    <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                </preCondition>
                <preCondition name="NeedsRestoringAcceptEncoding">
                    <add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" />
                </preCondition>
                <preCondition name="ResponseIsTextAnything">
                    <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/(.+)" />
                </preCondition>
            </preConditions>    
            <customTags>
                <tags name="LEAP - Redirect">
                    <tag name="meta" attribute="content" />
                </tags>
            </customTags>
</outboundRules>
Above rules, except the server variables we have updated all rewrite urls from HTTP to HTTPS and reverse proxy failed with "Multiple redirects".

Thanks

192
0 + 1
iis
ssl
Lex Li avatar
vn flag
Lex Li
1. Use privacy tab of your browser for testing. 2. Enable FRT on IIS side to trace 30x responses, https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/using-failed-request-tracing-to-trace-rewrite-rules 3. Enable the web apps you hosted on IIS do not generate 30x response themselves to complicate the situation.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.