two ssls partial proxy.

Topics: User Forum
Sep 15, 2011 at 9:34 PM

I've tried searching the forums but I haven't been able to find much so here goes. We are doing a partial deployment of our new site so we need to run a proxy for the new portion.

our main site www.mainsite.com will continue what it's doing now however www.mainsite.com/newPortion will redirect to XX.XX.XX.XX/newPortion the http proxies work beautifully, I can't say the same for the Https

we have two ssl's for www.mainsite.com so https://www.mainsite.com/oldcheckout will continue as is. The problem is https://www.mainsite.com/is-bin/newcheckout forwards back to http://www.mainsite.com when I try on a testurl ie www.testsite.com it redirects me to a completely different site that we have on our server. 

I've tried

RewriteCond %{HTTPS} on
RewriteRule ^/is-bin/(.*)$ https://www.mainsite.com/is-bin/$1 [P]

--

RewriteCond %{HTTPS} off
RewriteRule ^/is-bin/(.*)$ https://www.mainsite.com/is-bin/$1 [P]

I get nothing. Any ideas? The log has no errors in it. I've tried using ProxyPass too but I get the same result

the reverse proxy is ProxyPassReverse /newPortion http://www.mainsite.com/newPortion

I do not have a reverse proxy for any other directories.

the old ssl is on our IIS6 server the new ssl is managed by a sas. Thanks! S.C.

 

Coordinator
Sep 16, 2011 at 12:13 AM

Re: "the log has no errors"

What you want to do is turn up the loglevel, and then gather some diagnostic information in the log. I don't know what's happening but, when the log level is 4 or above, the IIRF log file will emit a bunch of diagnostics for each request it handles, and that will give you some insight into what's really happening.

one of the common things when proxying to SSL is a mismatch in the certs, or a cert that is not available. If that happens you will see it in the IIRF log file. (Actually if that happens it should be logged as an error anyway, regardless of the log level.  But still, when diagnosing, it's a good idea to turn up the log level).

 

 

Sep 16, 2011 at 8:46 PM
I narrowed down the issue to a postback error. All the GETs are fine but when a post is requested from the remote server I get a 404 error

Here's what I have and the portion of the log where the transition takes place. Any ideas on how to resolve this? Thanks Cheeso!

ProxyPass ^/is-bin/(.*)$ http://xx.xx.xx.xx/is-bin/$1 [PH]
ProxyPass ^/s/(.*)$ http://xx.xx.xx.xx/s/$1 [PH]
ProxyPass ^/p/(.*)$ http://xx.xx.xx.xx/p/$1 [PH]
ProxyPass ^/brandName/(.*)$ http://xx.xx.xx.xx/brandName/$1 [PH]
ProxyPassReverse /brandName http://xx.xx.xx.xx/brandName
ProxyPassReverse /is-bin/ http://xx.xx.xx.xx/is-bin/
ProxyPassReverse /s/ http://xx.xx.xx.xx/s/
ProxyPassReverse /p/ http://xx.xx.xx.xx/p/

RewriteCond %{SERVER_PORT} ^443$
ProxyPassReverse /brandName https://xx.xx.xx.xx/brandName
ProxyPassReverse /is-bin/ https://xx.xx.xx.xx/is-bin/
ProxyPassReverse /s/ https://xx.xx.xx.xx/s/
ProxyPassReverse /p/ https://xx.xx.xx.xx/p/

Fri Sep 16 11:40:00 - 1252 - ParseAllRaw: found 8 headers
Fri Sep 16 11:40:00 - 1252 - ProxyRequest: host(xx.xx.xx.xx)
path+query(/is-bin/platform/WFS/mainsite-US-Site/en_US/-/USD/ViewSignification-DisplaySignIn?sitebranding=brandName)
Fri Sep 16 11:40:00 - 1252 - GenProxyRequestHeadersString: rh(0x2806D998) nh(www.mainsite.com) sn(www.mainsite.com) la(xx.xx.xx.xx) ra(xx.xx.xx.xx) ts(0)
Fri Sep 16 11:40:00 - 1252 - ProxyRequest: WinHttpConnect xx.xx.xx.xx 80
Fri Sep 16 11:40:00 - 1252 - ProxyRequest: WinHttpOpenRequest: GET /is-bin/platform/WFS/mainsite-US-Site/en_US/-/USD/ViewSignification-DisplaySignIn?sitebranding=brandName
Fri Sep 16 11:40:00 - 1252 - ProxyRequest: WinHttpAddRequestHeaders
Fri Sep 16 11:40:00 - 1252 - ProxyRequest: WinHttpSendRequest
Fri Sep 16 11:40:00 - 1252 - ProxyRequest: WinHttpReceiveResponse
Fri Sep 16 11:40:00 - 820 - IsIniChainUpdated: D:\mainsite\Inetpub\wwwroot\mainsiteUSA\Iirf.ini NO
Fri Sep 16 11:40:00 - 820 - IsIniChainUpdated: return FALSE
Fri Sep 16 11:40:00 - 820 - IsIniChainUpdated: return FALSE
Fri Sep 16 11:40:00 - 2904 - IsIniChainUpdated: D:\mainsite\Inetpub\wwwroot\mainsiteUSA\Iirf.ini NO
Fri Sep 16 11:40:00 - 2904 - IsIniChainUpdated: return FALSE
Fri Sep 16 11:40:00 - 2904 - IsIniChainUpdated: return FALSE
Fri Sep 16 11:40:00 - 2904 - GetVdirConfig: Obtain vdir '/LM/W3SVC/1031706760/Root' (era=21) (rc=3) (Expired=0) (ptr=0x280572C8)...
Fri Sep 16 11:40:00 - 2904 - HttpFilterProc: SF_NOTIFY_URL_MAP
Fri Sep 16 11:40:00 - 2904 - HttpFilterProc: cfg= 0x280572C8
Fri Sep 16 11:40:00 - 2904 - HttpFilterProc: SF_NOTIFY_AUTH_COMPLETE
Fri Sep 16 11:40:00 - 2904 - DoRewrites
Fri Sep 16 11:40:00 - 2904 - GetHeader_AutoFree: 'url' = '/SiteGraphics/Nav/TopNav/button_PowerCard.gif'
Fri Sep 16 11:40:00 - 2904 - GetHeader_AutoFree: 'method' = 'GET'
Fri Sep 16 11:40:00 - 2904 - DoRewrites: New Url, before decoding: '/SiteGraphics/Nav/TopNav/button_PowerCard.gif'
Fri Sep 16 11:40:00 - 2904 - DoRewrites: Url (decoded): '/SiteGraphics/Nav/TopNav/button_PowerCard.gif'
Fri Sep 16 11:40:00 - 2904 - EvaluateRules: depth=0
Fri Sep 16 11:40:00 - 2904 - EvaluateRules: RewriteBase is empty (root vdir)
Sep 16, 2011 at 9:14 PM
Hi Cheeso
the Postback request is
POST /is-bin/platform/WFS/mains-US-Site/en_US/-/USD/ViewSignification-Dispatch?sitebranding=brandName HTTP/1.1

both the ssl on the main server and the proxy server are for www.mainsite.com

Hopefully that's enough info so you can point me in a better direction.

Thanks!
Sep 16, 2011 at 9:15 PM
and the host file is set to

xx.xx.xx.xx www.mainsite.com
Sep 17, 2011 at 2:19 AM
Sorry, I keep adding info as I get more, or remember to. It's actually all POSTs that fail regardless of http/s. The remote server that I'm proxying to is running apache and I have no access to their forms. Is it something in my settings? Thanks!
Coordinator
Sep 17, 2011 at 3:31 PM

I don't know if the problem is caused by something in your settings. 

In the snip of IIRF log you posted, I saw no POST and no 404.  I guess you have done that analysis yourself.

In addition to looking at the IIRf log, I suggest you to use Fiddler2 to examine the POST requests.  Normally what I would do in this situation is compare a successful POST to the one that fails, and see if I can figure out the difference.  If there is any logging on the Apache side to indicate why it is giving you a 404, that might also shed some light on your situation.

 

Sep 22, 2011 at 9:57 PM
Thanks for your help Cheeso. I ended up uninstalling all versions of iirf. The first 64 bt version didn't install very cleanly and I used msizap to get rid of it. I installed the 32bit manually so that was easy to clean out. We have 32 bit apps enabled on our 64bit server. After cleaning it all up and re-installing it works very well now. I'm getting a security warning now but i'm going to use fiddler and httpfox to see if i can get it resolved.
Coordinator
Sep 26, 2011 at 6:15 AM

ah, good, it seems you are heading in the right direction.