Solved

URL Rewriting

Posted on 2011-09-19
18
717 Views
Last Modified: 2012-05-12
I've installed URL Rewriting on my IIS server, to redirect HTTP requests to my secure OWA folder. This works if I go to localhost from IE on my IIS server, but if I try to connect to the localhost from another machine on the same network I just get the default IIS7 page up.

What am I'm doing wrong here? Any requests from outside doesnt work either, but if I go to the HTTPS page it show the OWA login page.

Thanks for any help!
0
Comment
Question by:Mr Woober
  • 10
  • 7
18 Comments
 
LVL 17

Expert Comment

by:Rovastar
ID: 36559829
How many websites do you have?

Often the Default IIS page is when traffic is directed to "DefaultWebSIte" as peopel leave that there even when not used.

Does traffic without the rewrite route ok ? (i.e. not going to the default page from outside the domain)

What rule are you using atm?
0
 
LVL 1

Author Comment

by:Mr Woober
ID: 36559922
I only have one webpage, and thats the Outlook Web App for Exchange 2010. As I want it to redirect HTTP traffic to the HTTPS.

I cant reach the HTTP page outside the the server, nor either a server thats on the same network. But it works with HTTPS.

I've used this link to setup URL Rewrite:
http://morgansimonsen.wordpress.com/2009/04/02/using-iis-7-url-rewrite-module-to-simplify-exchange-2007-outlook-web-access-urls-on-windows-server-2008/

And got those rules they show here.
0
 
LVL 6

Expert Comment

by:netjgrnaut
ID: 36559942
Connect to localhost?  Localhost always points to the computer you're sitting in front of.  Try connecting to the server's name (FQDN is best) instead.

If the redirection worked from the server, but still does not work from other workstations, check your redirect target.  Don't redirect to localhost - client computers will misinterpret that to point to *themselves*.  Write your redirect to use the server FQDN.

If you're using a different DNS domain name for access from Intranet v. Internet, then you've got another level of complexity to resolve...
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 1

Author Comment

by:Mr Woober
ID: 36559992
Hmm.. Doesnt work with the FQDN name, only with localhost.

I attached my site bindings in IIS, I tried to add the FQDN name but that didnt work either.
site-bindings.jpg
0
 
LVL 6

Expert Comment

by:netjgrnaut
ID: 36560005
type: https / port 443 should have IP address * (like the first line for http).  That will make https available on interfaces other than the loopback (127.0.0.1).  The loopback is what "localhost" resolves to.  The loopback is always local.

Try adding * as the IP address on the third entry from the bottom.
0
 
LVL 1

Author Comment

by:Mr Woober
ID: 36560072
After doing editing the HTTPS bindings, it doesnt work at all now, just get a page could not be found.
0
 
LVL 1

Author Comment

by:Mr Woober
ID: 36560197
Now its working, the website had stopped its service. But that didnt help either :(
0
 
LVL 6

Expert Comment

by:netjgrnaut
ID: 36560719
Okay, let's get detailed...

The default web site bindings should look like the attached images.  (Sorry about the "*" in HTTPS - I hadn't bothered to look.)

 IIS Default Web Site bindings
 The HTTPS binding (shown highlighted in the first image) should have the detailed settings shown in the second image.

 Details of HTTPS default binding
Restart the IIS Admin service, just to ensure everything is in sync.

Test from the server console:
http://localhost <- does that redirect to OWA?
https://localhost <- does that redirect to OWA?
http://<ServerFQDN>  <- note: replace <ServerFQDN> with your server's FQDN
https://<ServerFQDN> <- same note as above

Which of these work, which do not?  Turn off friendly messages in your browser.  What error is shown for those that do not work?
0
 
LVL 1

Author Comment

by:Mr Woober
ID: 36562663
I've now tested it with your setup, attached my SSL certificate to the SSL binding.

http://localhost <- does redirect to OWA
https://localhost <- does redirect to OWA
http://<ServerFQDN>  <- Dont work! I replaced <ServerFQDN> with my server's FQDN
https://<ServerFQDN> <- Does work :)

Error is show that page could not be displayed

Thanks!

Here is my current config, but when using webmail.rkk.no it doesnt work :(
site-bind.jpg
0
 
LVL 1

Author Comment

by:Mr Woober
ID: 36562695
I mean http://webmail.rkk.no doesnt redirect to HTTPS
0
 
LVL 6

Expert Comment

by:netjgrnaut
ID: 36562741
Are you using webmail.rkk.no from inside your network, or outside?

On an inside workstation, do this...

C:\> nslookup webmail.rkk.no

Open in new window


From here, https://webmail.rkk.no works, and redirects to /owa just fine.

 Your webmail from outside.
0
 
LVL 1

Author Comment

by:Mr Woober
ID: 36562766
Yeah, but I want http://webamail.rkk.no redirect to the HTTPS page, so you dont have to write HTTPS everytime you should logon :)
0
 
LVL 1

Author Comment

by:Mr Woober
ID: 36562837
nslookup webmail.rkk.no

Server: Uknown
Adress: x.x.0.10

Non-authorative answer:
Name: webmail.rkk.no
Address: x.x.108.76

Open in new window


But the webserver is at x.x.0.14
0
 
LVL 6

Expert Comment

by:netjgrnaut
ID: 36562856
...but http://webmail.rkk.no does not redirect.  Nor do I get the default IIS page.  Is port 80 configured to connect to this server in your firewall config?
0
 
LVL 6

Accepted Solution

by:
netjgrnaut earned 500 total points
ID: 36562896
So we have a couple of problems here.

First, I suspect that HTTP (TCP port 80) is not being forwarded through your firewall.  Obviously HTTPS (TCP port 443) is, or I wouldn't be able to get there from here.

Second, you have a DNS problem.  From outside (public DNS), I get this...

C:\>nslookup webmail.rkk.no
Server:  dc01.someplace.net
Address:  192.168.x.10

Non-authoritative answer:
Name:    webmail.rkk.no
Address:  79.160.108.76

That looks a lot like your reply.  (I didn't bother to mask this, since it's *public* DNS.)  So... when you say "the webserver is at x.x.0.14" - I'm guessing that "x.x" is a private (not public) IP address block.

I'm further guessing that "rkk.no" is not the name of your Active Directory domain.

If I'm right about some or all of this, then you'll need to configure split DNS - so that your public address space "rkk.no" resolves to private IP addresses when queried from inside your network.

Let me know if I'm getting warmer...
0
 
LVL 1

Author Comment

by:Mr Woober
ID: 36562921
Now its working, I forgot to setup an policy to accept traffic on port 80 :\

Thanks for the help!
0
 
LVL 1

Author Closing Comment

by:Mr Woober
ID: 36562930
Thanks for good help :)
0
 
LVL 6

Expert Comment

by:netjgrnaut
ID: 36562932
Tested from here.  Works OK from http://webmail.rkk.no.

Well done!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword In the years since this article was written, numerous hacking attacks have targeted password-protected web sites.  The storage of client passwords has become a subject of much discussion, some of it useful and some of it misguided.  Of cou…
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question