Avatar of solplus
solplus
 asked on

Using IIS to forward requests to internal websites

I have some internal websites that I want to be accessible from the Internet. The servers themselves are not accessible and so I want to allow them to be accessed by providing access through a proxy server which sits in our DMZ. In orer to achieve this, I thought that I could use IIS 7 and URL rewrite but I am failing to get this to work and all attempts to access the sites via IIS results in HTTP Error 403.14 - Forbidden.

To take our helpdesk as an example, I have created this as an application within IIS on the proxy server (I tried this as a virtual directory as well, but that did not work either). I then have created a url rewrite rule which is set to match the pattern "/helpdesk/(.*)" and rewrite this to "http://server.ourdomain.co.uk/helpdesk/{R:1}". When I test this pattern within IIS, it passes. When I use this url "http://server.ourdomain.co.uk/helpdesk" in explorer on the proxy server itself, I can access the internal website.

However, when I try to access the website by browsing from within IIS, or by tring "http://localhost/helpdesk/" on the proxy server, I get HTTP Error 403.14 - Forbidden. When I look at more detail on this error, I see "This error occurs when a document is not specified in the URL, no default document is specified for the Web site or application", but I can access the internal site via Internet Explorer from the proxy server without specifying a document.

Any thoughts?
Thanks
Alan Mason
Microsoft IIS Web Server

Avatar of undefined
Last Comment
solplus

8/22/2022 - Mon
footech

First I would test your name resolution at the proxy server.  Since you can browse with IE to http://server.ourdomain.co.uk/ I would make sure of the IP that "server.ourdomain.co.uk" is resolving to at different places in your network (internal, DMZ, external).

What about just using a redirect in the properties of the virtual directory instead of a url rewrite?
solplus

ASKER
Since you can browse with IE to http://server.ourdomain.co.uk/ I would make sure of the IP that "server.ourdomain.co.uk" is resolving to at different places in your network (internal, DMZ, external).
==> Since I can browse to the helpdesk with http://server.ourdomain.co.uk/helpdesk, then it has to be resolving to the correct IP!

What about just using a redirect in the properties of the virtual directory instead of a url rewrite?
==> A redirect is client side. This means that the client is instructed to go to a different URL. As the internal servers are not visible i.e. have no external url/public IP address, the redirect would simply fail.

Regards
Alan
tanujchandna

Hi,

If you want to use IIS7 url rewrite for your website then your website application pool should be in Integrated mode. If website application pool is running in classic mode then url rewrite rules will not work for your website.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
solplus

ASKER
As I could not get proxying to work with simple rewrite rules, I  have now switched to using the Application Request Routing module and its url rewrite facility to create my reverse proxy. I have now got two rewrite rules:

1) Rewrite any url which conttains the pattern "^helpdesk(.*)" to "http://internalhost/helpdesk{R:1}".
2) Rewrite any url which contains the pattern "^owa(.*) to "https://internalhost/owa{R:1}".

When I browse to "http://localhost/helpdesk", it correctly take me to "http://internalhost/helpdeesk" and I can login and access the information on that site.

When I browse to "https://localhost/owa", it correctly tells me that the certificate is not trusted (because at present it is only self-certified), but when I select continue to the website, it appears to loop continully trying to load a page with the address:
===
https://localhost/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2finternalhost%2fowa%2f
===
It does this indefinitely until I select cancel.

Can anyone explain this behaviour, or tell me what I am doing wrong?

Thanks
Alan Mason

ASKER CERTIFIED SOLUTION
solplus

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
solplus

ASKER
Resolved by me.