Couldn't ProxyPass using iirf

Topics: Developer Forum, User Forum
Mar 6, 2011 at 5:50 PM


I have my two different tier based IIS 6.0 servers (Server1 in Tier-I and Server2 in Tier-II). I have my webservice or website deployed in my Server2 that is available in Tier-II, I installed IIRF in my server1 that is available in Tier-I in which I have to rewrite/Proxy the URLs to the URLs for mywebservice/website exist on my server2. I am successfully setup IIRF and able to see IIRFstatus webpage and IIRF logs. Still I couldn't proxy the URLs in server1 to server2. I am getting the error in my webpage when I try for the Server1 URLs as below:


Server Error in '/' Application.

The resource cannot be found.

Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly.

Requested URL: /UpdateService/ReleaseNotes.aspx

When I refer the log, I could see that the Expression is validated but returning (nulll). I am using the URLs as HTTPS. What ever I am trying to do is possible and correct? if so what could be the error? Can any one help me in this.

Mar 8, 2011 at 2:00 PM


You asked if what you are trying to do is possible, and correct.  I don't know, but I can say that proxypass works, and it works with HTTPS. 

I see you are getting an error, a 404. 

To help you further, I'll need to see your IIRF configuration, on the server that is acting as the proxy.  Also, I will need to see the IIRF log for that server, for exactly one HTTPS transaction that should be proxied.  You should use log level = 4.

The most common error that occurs when using ProxyPass with HTTPS, results from having no certificate for the target server, installed on the IIRF (proxying) server.  For some examples of prior problems like this, see  and .  Or just use your favorite search engine to scan site for PRoxyPass and IIRF. for example

Remember that the CA for the target host - the one you connect to via HTTPS - must be in the trusted CA list for the machine account (or more accurately the account under which IIS runs) of the proxying server.  Often people install the cert into the trusted CA list for a user account on the server, and test successfully, and conclude that everything in the HTTPS flow is working.  But in a ProxyPass situation, the server uses the IIS account to send out the HTTPS request, and so the IIS account is the one that needs the CA on its trusted CA list.

If a missing CA is indeed what is happening, you will be able to see it clearly in the IIRF log.  Youi'll get a log message indicating error 12175, ERROR_WINHTTP_SECURE_FAILURE.  It's probably a good idea to just verify the trusted CA list for the machine account anyway, independently of running the IIRF test to generate the log message.