Geek Answers Handbook

How to create a redirection of responses to IIS when working behind the final SSL reverse proxy?

I have an ASP.NET website that usually runs on IIS via HTTPS. Now I want to put it as a reverse proxy that will do SSL termination for me. The problem is that the request coming from the reverse proxy is on HTTP: 80, and when I create the redirect response as usual, the Locationresponse header is set http://...insteadhttps://...

I know that the reverse proxy skips X-Forwarded-Protoin the header, and I can check this header when creating URL redirect and redirect responses in general. However, if possible, I would prefer to avoid the need to sprinkle checks for X-Forwarded-Whateverthe entire code and have one more thing to consider when coding, as well as double check if everything works when it is deployed over a proxy.

+4
source share
1 answer

, , - URL- IIS HTTPS SERVER_PORT, - , . Web.config:

<rewrite>
    <allowedServerVariables>
        <add name="HTTPS" />
        <add name="SERVER_PORT" />
    </allowedServerVariables>
    <rules>
        <rule name="backend" patternSyntax="Wildcard">
            <match url="*" />
            <conditions>
                <add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" />
            </conditions>
            <serverVariables>
                <set name="HTTPS" value="on" />
                <set name="SERVER_PORT" value="443" />
                </serverVariables>
            <action type="None" />
        </rule>
    </rules>
</rewrite>

, , X-Forwarded-Proto, https, HTTPS SERVER_PORT, , HTTPS. , X-Forwarded-Proto .

, URL Rewrite , , HTTP. - IIS, URL- - . IIS URL .

, <allowedServerVariables> Web.config . , , -. script URL- -:

Param(
    [string] $package = 'rewrite_2.0_rtw_x64.msi'
)

Start-Process -Wait msiexec -ArgumentList @('/i', $package, '/quiet', '/qn', '/norestart')

$applicationHost = "C:\Windows\System32\inetsrv\config\applicationHost.config"

$config = [xml](Get-Content $applicationHost)

$webServer = $config.configuration.configSections.sectionGroup | where {$_.name -eq "system.webServer"}
$rewrite = $webServer.sectionGroup | where {$_.name -eq "rewrite"}
$serverVariables = $rewrite.section | where {$_.name -eq "allowedServerVariables"}
$serverVariables.SetAttribute("overrideModeDefault", "Allow")

$config.Save($applicationHost)
+6

More articles:


All Articles