Solved

Problem redirecting HTTPS site in iis8.5 / url rewrite 3

Posted on 2016-10-15
4
29 Views
Last Modified: 2016-11-17
Hi all,

I really could use some help from the experts out there...

We use a reverse proxy to publish several http sites to the outside world, all are running fine.

Now I need to give access to an internal HTPPS site.

- internal HTTPS site (https://tobadata.internal.lan)  is accessible from the reverse proxyserver running urlrewrite 3.0, all certifcates are OK, no errors
- certificate for the external url (ess.outside.be) is installed on the rproxy server
- certificate is bound to the specific webserver running on the rproxy server.

I have copied the simple basic rule I normally use for my HTTP sites


        <rewrite>
            <rules>
                <rule name="ReverseProxyInboundRule1" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="*" />
                    <conditions>
                        <add input="{HTTPS}" pattern="On" />
                    </conditions>
                    <action type="Rewrite" url="https://tobadata.internal.lan/{R:0}" />
                </rule>
            </rules>
        </rewrite>

When using this setup, I'm getting an error "502 - Webserver received an invalid response while acting as a gateway or proxy server"

I have enabled failed request tracing, capturing 502 errors, but this isn't helping me, since it seems that the rewrite rule works as expected?

1. GENERAL_REQUEST_START SiteId="2", AppPoolId="ess", ConnId="1610612741", RawConnId="0", RequestURL="https://ess.outside.be:443/", RequestVerb="GET" 14:36:04.272
2. GENERAL_ENDPOINT_INFORMATION RemoteAddress="77.109.122.130", RemotePort="53751", LocalAddress="192.168.1.80", LocalPort="443" 14:36:04.288
3. GENERAL_REQUEST_HEADERS Headers="Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Encoding: gzip, deflate
Accept-Language: nl-BE
Host: ess.outside.be
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
" 14:36:04.288
4. GENERAL_GET_URL_METADATA PhysicalPath="", AccessPerms="513" 14:36:04.288
5. HANDLER_CHANGED OldHandlerName="", NewHandlerName="StaticFile", NewHandlerModules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule", NewHandlerScriptProcessor="", NewHandlerType="" 14:36:04.288
6. URL_REWRITE_START RequestURL="/", Scope="Distributed", Type="Inbound" 14:36:04.288
7. RULE_EVALUATION_START RuleName="ReverseProxyInboundRule1", RequestURL="", QueryString="", PatternSyntax="Wildcard", StopProcessing="true", RelativePath="/" 14:36:04.288
8. PATTERN_MATCH Pattern="*", Input="", Negate="false", Matched="true" 14:36:04.288
9. CONDITIONS_EVALUATION_START LogicalGrouping="MatchAll" 14:36:04.288
10. CONDITION_EVALUATION Input="{HTTPS}", ExpandedInput="on", MatchType="Pattern", Pattern="On", Negate="false", Succeeded="true" 14:36:04.288
11. CONDITIONS_EVALUATION_END Succeeded="true" 14:36:04.288
12. REWRITE_ACTION Substitution="https://tobadata.internal.lan/{R:0}", RewriteURL="https://tobadata.internal.lan/", AppendQueryString="true", LogRewrittenURL="false" 14:36:04.288
13. RULE_EVALUATION_END RuleName="ReverseProxyInboundRule1", RequestURL="https://tobadata.internal.lan/", QueryString="", StopProcessing="true", Succeeded="true" 14:36:04.288
14. GENERAL_SET_REQUEST_HEADER HeaderName="X-Original-URL", HeaderValue="/", Replace="true" 14:36:04.288
15. URL_CHANGED OldUrl="/", NewUrl="https://tobadata.internal.lan/" 14:36:04.288
16. URL_REWRITE_END RequestURL="https://tobadata.internal.lan/" 14:36:04.288
17. USER_SET AuthType="", UserName="", SupportsIsInRole="true" 14:36:04.288
18. HANDLER_CHANGED OldHandlerName="StaticFile", NewHandlerName="ApplicationRequestRoutingHandler", NewHandlerModules="ApplicationRequestRouting", NewHandlerScriptProcessor="", NewHandlerType="" 14:36:04.288
19. GENERAL_SET_REQUEST_HEADER HeaderName="Max-Forwards", HeaderValue="10", Replace="true" 14:36:04.288
20. GENERAL_SET_REQUEST_HEADER HeaderName="Host", HeaderValue="tobadata.internal.lan", Replace="true" 14:36:04.288
21. GENERAL_SET_REQUEST_HEADER HeaderName="X-Forwarded-For", HeaderValue="77.109.122.130:53751", Replace="true" 14:36:04.288
22. GENERAL_SET_REQUEST_HEADER HeaderName="X-ARR-SSL", HeaderValue="4096|256|C=IL, O=StartCom Ltd., OU=StartCom Certification Authority, CN=StartCom Class 2 IV Server CA|C=BE, S=OV, L=RN, SN=DM, G=T, CN=ess.outside.be", Replace="true" 14:36:04.288
23. GENERAL_SET_REQUEST_HEADER HeaderName="X-ARR-ClientCert", HeaderValue="", Replace="true" 14:36:04.288
24. GENERAL_SET_REQUEST_HEADER HeaderName="X-ARR-LOG-ID", HeaderValue="075dbaec-f845-4e32-985d-3761117ba9ad", Replace="true" 14:36:04.288
25. GENERAL_SET_REQUEST_HEADER HeaderName="Connection", HeaderValue="", Replace="true" 14:36:04.288
26. URL_CHANGED OldUrl="https://tobadata.internal.lan/", NewUrl="/" 14:36:04.303
27. GENERAL_SEND_CUSTOM_ERROR HttpStatus="502", HttpSubStatus="3", FileNameOrURL="502.htm" 14:36:05.366
28. GENERAL_SET_RESPONSE_HEADER HeaderName="Content-Type", HeaderValue="text/html", Replace="true" 14:36:05.381
29. GENERAL_FLUSH_RESPONSE_START  14:36:05.381
30. GENERAL_RESPONSE_HEADERS Headers="Content-Type: text/html
Server: Microsoft-IIS/8.5
" 14:36:05.381
31. GENERAL_RESPONSE_ENTITY_BUFFER Buffer="<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>502 - Web server received an invalid response while acting as a gateway or proxy server.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
  <h2>502 - Web server received an invalid response while acting as a gateway or proxy server.</h2>
  <h3>There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.</h3>
 </fieldset></div>
</div>
</body>
</html>
" 14:36:05.381
32. GENERAL_FLUSH_RESPONSE_END BytesSent="1616", ErrorCode="The operation completed successfully.
 (0x0)" 14:36:05.381
33. GENERAL_REQUEST_END BytesSent="1616", BytesReceived="266", HttpStatus="502", HttpSubStatus="3" 14:36:05.381
0
Comment
Question by:tdemeyer
  • 2
  • 2
4 Comments
 
LVL 26

Expert Comment

by:Dan McFadden
ID: 41863643
1. What are you using for a proxy?
2. Is there an SSL cert installed and configured on the destination server for the site?
3. Are there any corresponding Application Event Log entries for this error?

Dan
0
 
LVL 26

Expert Comment

by:Dan McFadden
ID: 41863719
I just noticed that you are using ARR, can you post the ARR logs from when the error occurs?

Dan
0
 

Accepted Solution

by:
tdemeyer earned 0 total points
ID: 41884576
After some extensive trial-and-error (and searching the deep end of Google)  I was able to write a new rule that more or less seemed to work...
0
 

Author Closing Comment

by:tdemeyer
ID: 41891143
Found it elsewhere
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now