We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

Edge, Chrome Version 90 - Cookie Reverse Proxy Not WorkingRSS

8 replies

Last post Apr 30, 2021 11:43 AM by Dawid_Szczecin

  • Edge, Chrome Version 90 - Cookie Reverse Proxy Not Working

    Apr 18, 2021 08:24 PM|Dawid_Szczecin|LINK

    My solution scheme: Client<-->HTTPS<-->Proxy Server<-->HTTP<-->Application Server

    Proxy Server is done by the IIS (version: 10.0.14393.0) on Windows Server. I have URL Rewrite module. The full setup works perflectly until version 90, on both Edge and Chorme browser. The problem manifests returning html code 502.3 - bad gateway on first POST request with cookie file (so just after creating a session and setup a cookie by server). The problem do not touch HTTP - application then works normally. The problem do not touch HTTPS when not using RevereseProxy but connecting directly to Application Server. The Problem do not touch HTTPS when cookie do not exist.

    The problem accours ONLY when using HTTPS on version 90 of Edge and Chrome and when cookie file exist on client side. So I believe the problem is related to SSL unloading, but I do not undestand how, and why. I'm missing probably some headers configuration, but I do not know what exactly, or maybe there is problem somewhere in URL Rewirte rule. Any help will be apriciate.

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
        <system.webServer>
            <rewrite>
                <rules>
                    <rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
                        <match url="(.*)" />
                        <action type="Rewrite" url="http://127.0.0.1:8080/ksuytr5/{R:1}" appendQueryString="true" />
                        <conditions>
                        </conditions>
                    </rule>
                </rules>
                <outboundRules>
                    <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1" enabled="true">
                        <match filterByTags="A, Base, Form, Frame, Head, Img, Input, Link, Script" pattern="^http(s)?://127.0.0.1:8080/ksuytr5/(.*)" />
                        <action type="Rewrite" value="http{R:1}://poland.company.net/{R:2}" />
                    </rule>
                    <preConditions>
                        <preCondition name="ResponseIsHtml1">
                            <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                        </preCondition>
                    </preConditions>
                </outboundRules>
            </rewrite>
        </system.webServer>
    </configuration>

    Here difference between version 89 and 90 in response, the same web app resource. In version 90, the request is not forworded, the IIS answer right away. Link to picture: https://drive.google.com/file/d/1zfJbER_Gxbj-pUExo6JaTCeTBfv7jTjG/view?usp=sharing

    Link to request tracing log: https://drive.google.com/file/d/1wnM91v1MS6bEooNmCOju2oNgZZId_SD_/view?usp=sharing

  • Re: Edge, Chrome Version 90 - Cookie Reverse Proxy Not Working

    Apr 19, 2021 09:42 AM|samwu|LINK

    Hi Dawid_Szczecin,

    Dawid_Szczecin

    The problem manifests returning html code 502.3 - bad gateway on first POST request with cookie file (so just after creating a session and setup a cookie by server).

    You can refer to this link about how to troubleshoot 502 Errors in ARR.

    https://docs.microsoft.com/en-us/iis/extensions/troubleshooting-application-request-routing/troubleshooting-502-errors-in-arr.

    Best regards,

    Sam

    IIS.NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today. Learn more >
  • Re: Edge, Chrome Version 90 - Cookie Reverse Proxy Not Working

    Apr 21, 2021 05:57 AM|Dawid_Szczecin|LINK

    Thanks for answer. It helps me to understand I have strange timeout but IIS repond imidiatly after request, so still means nothing:( Why the browser version change the behavior of IIS ? That's strange. It's connected maybe with request headers somehow. When In the request header is 'cookie' or 'from' then IIS respond imidiately 502.3 error. When for example those headers are not in the headers IIS forwards request to application server and all is ok. I will add that I'm using XMLHttpRequest.

  • Re: Edge, Chrome Version 90 - Cookie Reverse Proxy Not Working

    Apr 21, 2021 08:11 AM|samwu|LINK

    Hi Dawid_Szczecin,

    Dawid_Szczecin

    Why the browser version change the behavior of IIS ? That's strange. It's connected maybe with request headers somehow. When In the request header is 'cookie' or 'from' then IIS respond imidiately 502.3 error.

    This is impossible, the client does not have the right to modify the content of the server.

    Best regards,

    Sam

    IIS.NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today. Learn more >
  • Re: Edge, Chrome Version 90 - Cookie Reverse Proxy Not Working

    Apr 21, 2021 11:01 AM|Dawid_Szczecin|LINK

    I can fully agree "This is impossible" but anyway the bahavior of client could maybe influence how the IIS proxy treat the requests. The problem described here accours when no development has been done on server, only client browser version change. 

    I develop simple test page, and simple response on application serwer to debug the problem. 

    <!DOCTYPE html> 
    <html>
      <head>
        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
        <title>XHR Test</title>
      </head>
      <body>
       <button>Send XHR main_msg</button>
       <button>Create a cookie</button>
       <button>delete cookie</button>
       <div id='log'></div>
      </body>
      <script>
    /*TIMESTAMP***********************************************************************************************************/
    function actual_timestamp()
    {
    var d = new Date();
    return d.getFullYear()+'-'+('0'+(d.getMonth()+1)).substring(('0'+(d.getMonth()+1)).length-2)+'-'+('0'+d.getDate()).substring(('0'+d.getDate()).length-2)+' '+('0'+d.getHours()).substring(('0'+d.getHours()).length-2)+':'+('0'+d.getMinutes()).substring(('0'+d.getMinutes()).length-2)+':'+('0'+d.getSeconds()).substring(('0'+d.getSeconds()).length-2);
    }
    /*POST FUNCTION*******************************************************************************************************/
    function communicate(url,requester_id,post_data) 
    {
    var request = new XMLHttpRequest();
    let key = sessionStorage.getItem('key');
    request.open('POST',url, true);
    request.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
    request.timeout = 45000;
    request.ontimeout = function(){console.log('timeout');alert('Server timeout');location.reload();}
    request.onerror = function(){console.log('Error');alert('Server error');location.reload();}
    request.onload = function()
    {
      if (request.status >= 200 && request.status < 400) 
      {
        document.getElementById('log').innerHTML+=actual_timestamp()+' '+request.responseText+'<br>';
      }
    }
    request.send(post_data);
    }
    /*BUTTONS***********************************************************************************************************/
      document.getElementsByTagName('button')[0].addEventListener('click',function(){
          document.getElementById('log').innerHTML+=actual_timestamp()+' Request Send<br>';
          setTimeout(function() {
            communicate('./main_msg','main','');
          }, 500);
      });
      document.getElementsByTagName('button')[1].addEventListener('click',function(){
          document.getElementById('log').innerHTML+=actual_timestamp()+' Cookie set client side<br>';
          document.cookie = "ID=123;path=/;";
      });
      document.getElementsByTagName('button')[2].addEventListener('click',function(){
          document.getElementById('log').innerHTML+=actual_timestamp()+' Clear cookie<br>';
          document.cookie.split(';').forEach(function(c) {
            document.cookie = c.trim().split('=')[0] + '=;' + 'expires=Thu, 01 Jan 1970 00:00:00 UTC;';
          });
      });
    /********************************************************************************************************************/
      </script>
    </html>

    The application server response is simple JSON text with empty 2D array. When cookie do not exist in the request, proxy forwards the request to application. When cookie exist on client side, the proxy do not forwards anything (no request logged on application server) IIS just reponse imidiately with 502.3.

  • Re: Edge, Chrome Version 90 - Cookie Reverse Proxy Not Working

    Apr 22, 2021 08:54 AM|samwu|LINK

    Hi Dawid_Szczecin,

    Dawid_Szczecin

    The application server response is simple JSON text with empty 2D array. When cookie do not exist in the request, proxy forwards the request to application. When cookie exist on client side, the proxy do not forwards anything (no request logged on application server) IIS just reponse imidiately with 502.3.

    Can you provide a detailed screenshot of the 502.3 error? Or you can refer to this link to troubleshoot 502.3.

    Troubleshooting 502 Errors in ARR.

    Best regards,

    Sam

    IIS.NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today. Learn more >
  • Re: Edge, Chrome Version 90 - Cookie Reverse Proxy Not Working

    Apr 26, 2021 08:09 AM|Dawid_Szczecin|LINK

    Sorry for long response (I shall be more focus to respond quickly), but I spent last days for finding "workaround" solution to keep application up and running for clients. The response is:

    502 - Web server received an invalid response while acting as a gateway or proxy server.
    There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.

    If anybody still read this, please remember that this error accurs only when COOKIE is in the request header, when it's not in the request header then the request is passed properly to application server. Finally application server shows that no request reach it when cookie is in the request header, so IIS respond to the client but do not ask application server. Error Tracking log is in the first post.

     <EventData>
      <Data Name="ContextId">{80000631-0001-EE00-B63F-84710C7967BB}</Data>
      <Data Name="ModuleName">ApplicationRequestRouting</Data>
      <Data Name="Notification">128</Data>
      <Data Name="HttpStatus">502</Data>
      <Data Name="HttpReason">Bad Gateway</Data>
      <Data Name="HttpSubStatus">3</Data>
      <Data Name="ErrorCode">2147954552</Data>
      <Data Name="ConfigExceptionInfo"></Data>
     </EventData>

  • Re: Edge, Chrome Version 90 - Cookie Reverse Proxy Not Working

    Apr 26, 2021 02:58 PM|craigbrown|LINK

    Very often cookies stop working because the user visits a large number of sites in a day. I had a similar situation when I needed to write an essay on the environment and I found a great website, but it only loaded the topics, but the essays themselves did not load. I cleaned the cookies and reloaded my browser and eventually everything worked. All the essays loaded.

  • Re: Edge, Chrome Version 90 - Cookie Reverse Proxy Not Working

    Apr 30, 2021 11:43 AM|Dawid_Szczecin|LINK

    craigbrown

    Very often cookies stop working because the user visits a large number of sites in a day. I had a similar situation when I needed to write an essay on the environment and I found a great website, but it only loaded the topics, but the essays themselves did not load. I cleaned the cookies and reloaded my browser and eventually everything worked. All the essays loaded.

    I can agree that this could be the case sometimes, but then eventually sometimes it will work for some users. In my case it's not working for all users (around 500 users). Anyway already tested, cookies in browsers cleaned, all security options tested, nothing helps. Thank you for answer.