http > https redirect bypasses my farm [Answered]RSS

6 replies

Last post Feb 22, 2021 03:50 PM by NovaDev

‹ Previous Thread|Next Thread ›
  • http > https redirect bypasses my farm

    Feb 18, 2021 09:24 PM|NovaDev|LINK

    Hello all - 

    I've got a blue/green server farm setup according to this article, but my twist is this: I also want http > https redirection. The problem is that if I enable the top two rules, the redirect bypasses the server farm entirely, and I don't get the blue or green, I always get blue (or the one that has port 443). The bottom two rules work fine without the http > https redirection. 

    The question is: how do I get the redirect from http > https and then direct traffic to the farm where it can determine blue or green? Or put another way, how do I make sure that the top two rules don't bypass the bottom two rules? 

    Here's what I've got currently: 

              <rewrite>
                <globalRules>
                    <clear />
                    <rule name="No Redirect if https" enabled="true" stopProcessing="true">
                        <match url=".*" />
                        <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                            <add input="{HTTPS}" pattern="^ON$" />
                        </conditions>
                        <action type="None" />
                    </rule>
                    <rule name="Redirect to https" enabled="true" stopProcessing="true">
                        <match url="(.*)" />
                        <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                            <add input="{HTTP_HOST}" pattern="^test\.mydomain\.org$" />
                            <add input="{HTTPS}" pattern="^OFF$" />
                        </conditions>
                        <action type="Redirect" url="https://{HTTP_HOST}{R:0}" />
                    </rule>
                    <rule name="HTTP TO FARM" stopProcessing="true">
                        <match url=".*" />
                        <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                            <add input="URL Path" pattern=".*" />
                            <add input="{HTTP_HOST}" pattern="^test.mydomain.org$" />
                            <add input="{SERVER_PORT}" pattern="^80$" />
                        </conditions>
                        <action type="Rewrite" url="http://alwaysup/{R:0}" />
                    </rule>
                    <rule name="HTTPS TO FARM" stopProcessing="true">
                        <match url=".*" />
                        <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                            <add input="URL Path" pattern=".*" />
                            <add input="{HTTP_HOST}" pattern="^test.mydomain.org$" />
                            <add input="{SERVER_PORT}" pattern="^443$|^4433$" />
                        </conditions>
                        <action type="Rewrite" url="http://alwaysup/{R:0}" />
                    </rule>
                </globalRules>
            </rewrite>

    Thanks!

  • Re: http > https redirect bypasses my farm

    Feb 18, 2021 10:34 PM|lextm|LINK

    Using Failed Request Tracing to Trace Rewrite Rules | Microsoft Docs

    Then learn from FRT what happens under the hood.

    Lex Li
    Affordable IIS Consulting Services at https://support.lextudio.com/services/consulting.html
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: http > https redirect bypasses my farm

    Feb 19, 2021 07:45 AM|samwu|LINK

    Hi NovaDev,

    NovaDev

    The question is: how do I get the redirect from http > https and then direct traffic to the farm where it can determine blue or green? Or put another way, how do I make sure that the top two rules don't bypass the bottom two rules? 

    Do you get any errors? If not, you can use failed request tracking to view detailed information.

    Best regards,

    Sam

    .NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today.
  • Re: http > https redirect bypasses my farm

    Feb 19, 2021 05:41 PM|NovaDev|LINK

    ok - I don't get errors, I'm realizing that the way the rules work, if I come through on port 80, then I redirect to port 443 - and then don't go through the rules again, because I have https at that point, so it's never going to hit the other two rules. So I guess I'm back to my original problem of "too many redirects", which is what the "No redirect if https" rule was created to prevent. 

    So how do I make sure traffic gets to the farm, is HTTPS only, and doesn't get "too many redirects"?

  • Re: http > https redirect bypasses my farm

    Feb 22, 2021 07:56 AM|samwu|LINK

    Hi NovaDev,

    NovaDev

    ok - I don't get errors, I'm realizing that the way the rules work, if I come through on port 80, then I redirect to port 443 - and then don't go through the rules again, because I have https at that point, so it's never going to hit the other two rules. So I guess I'm back to my original problem of "too many redirects", which is what the "No redirect if https" rule was created to prevent. 

    So how do I make sure traffic gets to the farm, is HTTPS only, and doesn't get "too many redirects"?

    You need to use failed request tracking to see the detailed cause of the error.

    Best regards,

    Sam

    .NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today.
  • Re: http > https redirect bypasses my farm

    Feb 22, 2021 01:28 PM|NovaDev|LINK

    Sorry - I didn't say (and totally should have said) that I did go through the failed request tracing and got no errors. That's what made me realize that the pattern of what I'm doing was failing. 

  • Re: http > https redirect bypasses my farm

    Feb 22, 2021 03:50 PM|NovaDev|LINK

    I stumbled upon the rule below, and that seems to do the trick. I don't know why this works, but I'm glad it does. 

    <rule name="redirect" enabled="true" stopProcessing="true">
        <match url=".*" />
        <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
             <add input="{HTTP_HOST}" pattern="test.mydomain.org" />
             <add input="{SERVER_PORT}" pattern="^80$" />
             <add input="{HTTP_X_ARR_SSL}" matchType="Pattern" pattern=".*" ignoreCase="true" negate="false" />
         </conditions>
         <action type="Redirect" url="https://{HTTP_HOST}/{R:0}" redirectType="Found" />
    </rule>

‹ Previous Thread|Next Thread ›