Re-encrypting SSL data after reverse proxy [Answered]RSS

7 replies

Last post Sep 21, 2020 07:19 PM by cobrar

  • Re-encrypting SSL data after reverse proxy

    Sep 04, 2020 06:09 PM|cobrar|LINK

    Hi All,

    Hopefully an easy one.

    I have a Web Server using URL Rewrite to work as a reverse proxy.

    I also have an inbound rule set to convert http to https.

    The Application server wants to force all traffic to https. This server has no public IP.

    What happens is I get the 'ERR_TOO_MANY_REDIRECTS" error when accessing it over the the internet.

    Working in the past with load balancers, I have encountered settings to re-encrypt the data and send it through port 443. Is there a way to do this in IIS? I am open to any ideas other than publicly exposing the application server.

    Thanks.

  • Re: Re-encrypting SSL data after reverse proxy

    Sep 05, 2020 04:51 PM|lextm|LINK

    cobrar

    I have a Web Server using URL Rewrite to work as a reverse proxy.

    I also have an inbound rule set to convert http to https.

    Reveal those rules. Probably your rules forward traffic to the application server via HTTP, not HTTPS, which in turn leads to infinite redirection to HTTPS.

    Lex Li
    Affordable IIS Consulting Services at https://support.lextudio.com/services/consulting.html
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Rovastar Rovastar

    5482 Posts

    MVP

    Moderator

    Re: Re-encrypting SSL data after reverse proxy

    Sep 05, 2020 10:14 PM|Rovastar|LINK

    Yeah I agree. It is probably some confusing logic were you app wasn't https and you are sending http.

    Also I would have a seperate redirect to make the client browser use https. So if any traffic hits the reverse proxy /ARR to be processed properly or will be https. Don't forward http with a rewrite to https use a redirect so the client bruiser then sends https.

    Hope that make sense

    Troubleshoot IIS in style
    https://www.leansentry.com/
  • Re: Re-encrypting SSL data after reverse proxy

    Sep 08, 2020 07:20 PM|cobrar|LINK

    Here is what the generated web.config looks like:

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
    <system.webServer>
    <rewrite>
    <rules>
    <clear />
    <rule name="Force SSL" stopProcessing="true">
    <match url="(.*)" />
    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
    <add input="{HTTPS}" pattern="^OFF$" />
    </conditions>
    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
    </rule>
    <rule name="ReverseProxyInboundRule1" stopProcessing="true">
    <match url="(.*)" />
    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
    <add input="{CACHE_URL}" pattern="^(https?)://" />
    </conditions>
    <action type="Rewrite" url="http://192.168.13.236/{R:1}" />

    <!--

    using the line below throws a 502 bad gateway error.

    <action type="Rewrite" url="{C:1}://192.168.13.236/{R:1}" />

    -->
    </rule>
    </rules>
    <outboundRules>
    <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
    <match filterByTags="A, Form, Img" pattern="^http(s)?://192.168.13.236/(.*)" />
    <action type="Rewrite" value="http{R:1}://test.example.com/{R:2}" />
    </rule>
    <preConditions>
    <preCondition name="ResponseIsHtml1">
    <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
    </preCondition>
    </preConditions>
    </outboundRules>
    </rewrite>
    </system.webServer>
    </configuration>

  • Re: Re-encrypting SSL data after reverse proxy

    Sep 08, 2020 10:04 PM|lextm|LINK

    cobrar

    <action type="Rewrite" url="http://192.168.13.236/{R:1}" />

    That's clearly the cause of infinite HTTP to HTTPS redirection, as your reverse proxy actively reverts the requests back to HTTP. Fix that and test again.

    Lex Li
    Affordable IIS Consulting Services at https://support.lextudio.com/services/consulting.html
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: Re-encrypting SSL data after reverse proxy

    Sep 10, 2020 01:02 PM|cobrar|LINK

    I adjusted that to HTTPS. Now I am getting a 502.3 Bad Gateway Error. Do I need to create a domain Certificate?

  • Re: Re-encrypting SSL data after reverse proxy

    Sep 10, 2020 09:40 PM|lextm|LINK

    cobrar

    Now I am getting a 502.3 Bad Gateway Error.

    That's one step closer. Try to see if more logs can reveal the cause of 502.3, https://docs.microsoft.com/en-us/iis/extensions/troubleshooting-application-request-routing/troubleshooting-502-errors-in-arr

    Lex Li
    Affordable IIS Consulting Services at https://support.lextudio.com/services/consulting.html
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: Re-encrypting SSL data after reverse proxy

    Sep 21, 2020 07:19 PM|cobrar|LINK

    I ended up standing up a linux box and running Nginx.