Proxy HTTP -- >HTTPS

Topics: User Forum
Dec 3, 2010 at 1:51 PM

Hi There,

I spent 2 days trying to get it work, but no way, please could help me :-)

The scenario is that:

1- https_server (NO DNS, just IP ADDRESS)

2-IIS6 web server (NO DNS, just IP ADDRESS)

 

What i try to do is, when a client contact the IIS6 on the http the client will be proxed (not redirect) to the https_server. I don't want that the HTTPS_SERVER will be directly contacted from the client.

I try to manage the connection, with Rewriterule, ProxyPass, ProxyPassReverse, but nothing happens, please could you suggest  some rules to try out

 

Thanks in advance.

daniele

Coordinator
Dec 3, 2010 at 3:42 PM

Hello Daniele,

please show the rules you are using, and the IIRF logfile of a session that didn't work.

After that I will be able to make some suggestions.

Dec 3, 2010 at 9:19 PM

I was wondering that i have to install a certificate on the IIS. Please could you confirm? Concerning the rules, i have used  something like:

RewriteLog c:\logs\iirf
RewriteLogLevel 1
IterationLimit 10
MaxMatchCount 10
RewriteEngine ON
StatusInquiry ON


# act as a proxy the www.php.net site
ProxyPass          ^/(.*)$   https://192.168.98.4/$1   ## IP of the  HTTPS_SERVER
ProxyPassReverse   /         https://192.168.98.4/

Sorry, for the banality but it's the first time i deal with it.

thanks in advance
daniele

 

Coordinator
Dec 4, 2010 at 10:40 AM

I don't know if you need to install a certificate on the IIS Server. I'm not an expert in SSL configuration on IIS Servers.

Your rules look fine.

Where is the IIRF log file?

Dec 7, 2010 at 7:25 AM

I'll send the log very soon, in the meanwhile i find out something concerning the reverse proxy with https, is possible to do a configuration like that with IIRF?

 

To enable reverse proxy (for http and https) you need these modules enabled in Apache:

  • mod_proxy
  • mod_proxy_http
  • mod_proxy_connect

When you reverse proxy requests to http, add following lines to Apache configuration file:

1 ProxyPass /abc http://test.com/xyz
2 ProxyPassReverse http://test.com/xyz /abc

This is proxy all the content on /abc to http://test.com/xyz. So when you access /abc you will see the contents of http://test.com/xyz.

But to reverse proxy https content you need a CA certificate. The CA certificate is the same certificate that the server uses to serve https content.
You need to add these lines in Apache configuration file:

1 SSLProxyEngine On
2 SSLProxyCACertificateFile ssl/certificate.pem
3 ProxyPass /abc https://test.com/xyz
4 ProxyPassReverse https://test.com/xyz /abc

 

 

 

Thanks in advance

daniele

Dec 9, 2010 at 8:12 AM

Hi here the rule:

RewriteLogLevel 3
RewriteLog c:\logs\


IterationLimit 10
MaxMatchCount 10
RewriteEngine ON
StatusInquiry ON

ProxyPass          ^/(.*)$   https://192.168.98.4/$1  
ProxyPassReverse   /         https://192.168.98.4

And here the logs, it seems that the rule 1 was not considered ?

 

Thu Dec 09 10:08:10 -  2428 - -------------------------------------------------------
Thu Dec 09 10:08:10 -  2428 - Ionic ISAPI Rewriting Filter (IIRF) 2.1.1.23 x86 RELEASE
Thu Dec 09 10:08:10 -  2428 - IIRF was built on: May 30 2010 13:26:57
Thu Dec 09 10:08:10 -  2428 - Cached: DLL_PROCESS_ATTACH
Thu Dec 09 10:08:10 -  2428 - Cached: Process ID: 4012
Thu Dec 09 10:08:10 -  2428 - Cached: ReadServerConfig: C:\Program Files\Ionic Shade\IIRF 2.1\IirfGlobal.ini(23): Filter Priority is now: HIGH (0x80000)
Thu Dec 09 10:08:10 -  2428 - Cached: ReadServerConfig: C:\Program Files\Ionic Shade\IIRF 2.1\IirfGlobal.ini(46): NotifyLog setting is now: OFF
Thu Dec 09 10:08:10 -  2428 - Cached: ReadServerConfig: C:\Program Files\Ionic Shade\IIRF 2.1\IirfGlobal.ini(63): RewriteEngine setting is now: ON
Thu Dec 09 10:08:10 -  2428 - Cached: DLL_PROCESS_ATTACH - complete
Thu Dec 09 10:08:10 -  2428 - Cached: GetFilterVersion
Thu Dec 09 10:08:10 -  2428 - GetLogFile: app:'/LM/W3SVC/794241/Root'  new log:'c:\logs\.4012.log'
Thu Dec 09 10:08:10 -  2428 - ReadVdirConfig: actual log file 'c:\logs\.4012.log'
Thu Dec 09 10:08:10 -  2428 - ReadVdirConfig: ini file: 'C:\wmpub\mvm\Iirf.ini'
Thu Dec 09 10:08:10 -  2428 - ReadVdirConfig: ini file timestamp: 2010/12/09 10:08:07 W. Europe Standard Time
Thu Dec 09 10:08:10 -  2428 - ReadVdirConfig: cfg(0x023B4090)
Thu Dec 09 10:08:10 -  2428 - ReadVdirConfig: LogLevel = 3
Thu Dec 09 10:08:10 -  2428 - ReadVdirConfig: C:\wmpub\mvm\Iirf.ini(5): IterationLimit 10
Thu Dec 09 10:08:10 -  2428 - ReadVdirConfig: C:\wmpub\mvm\Iirf.ini(6): MaxMatchCount 10
Thu Dec 09 10:08:10 -  2428 - ReadVdirConfig: C:\wmpub\mvm\Iirf.ini(7): RewriteEngine will be enabled.
Thu Dec 09 10:08:10 -  2428 - ReadVdirConfig: C:\wmpub\mvm\Iirf.ini(8): StatusInquiry ON (--) (--)
Thu Dec 09 10:08:10 -  2428 - ReadVdirConfig: C:\wmpub\mvm\Iirf.ini(8): IIRF Status Inquiry is enabled at path '/iirfStatus' for local requests only.
Thu Dec 09 10:08:10 -  2428 - ReadVdirConfig: C:\wmpub\mvm\Iirf.ini(11): ProxyPass (rule 1)  '^/(.*)$'  'https://192.168.98.4/$1'   (null)
Thu Dec 09 10:08:10 -  2428 - ReadVdirConfig: C:\wmpub\mvm\Iirf.ini(12): ProxyPassReverse   /  https://192.168.98.4/
Thu Dec 09 10:08:10 -  2428 - ReadVdirConfig: Done reading INI for the root vdir, found 1 rules (0 errors, 0 warnings) on 13 lines
Thu Dec 09 10:08:10 -  2428 - HttpFilterProc: SF_NOTIFY_URL_MAP
Thu Dec 09 10:08:10 -  2428 - HttpFilterProc: cfg= 0x023B4090
Thu Dec 09 10:08:16 -  2428 - HttpFilterProc: SF_NOTIFY_URL_MAP
Thu Dec 09 10:08:16 -  2428 - HttpFilterProc: cfg= 0x023B4090
Thu Dec 09 10:08:39 -  3608 - HttpFilterProc: SF_NOTIFY_URL_MAP
Thu Dec 09 10:08:39 -  3608 - HttpFilterProc: cfg= 0x023B4090
Thu Dec 09 10:08:44 -  2428 - HttpFilterProc: SF_NOTIFY_URL_MAP
Thu Dec 09 10:08:44 -  2428 - HttpFilterProc: cfg= 0x023B4090
Thu Dec 09 10:08:45 -  3608 - HttpFilterProc: SF_NOTIFY_URL_MAP
Thu Dec 09 10:08:45 -  3608 - HttpFilterProc: cfg= 0x023B4090
Thu Dec 09 10:08:45 -  2428 - HttpFilterProc: SF_NOTIFY_URL_MAP
Thu Dec 09 10:08:45 -  2428 - HttpFilterProc: cfg= 0x023B4090

 

 

 

Coordinator
Dec 14, 2010 at 12:37 PM

Daniele, I'll have to look into this a little more closely. I understand what you're asking, and I don't know the answer.

I will also look into the side question you asked - why is the rule count 1, when clearly you have 2 rules?

I'll get back to you.

Coordinator
Dec 14, 2010 at 12:39 PM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.