Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Problem redirecting HTTPS site in iis8.5 / url rewrite 3

Posted on 2016-10-15
4
Medium Priority
?
168 Views
Last Modified: 2016-11-17
Hi all,

I really could use some help from the experts out there...

We use a reverse proxy to publish several http sites to the outside world, all are running fine.

Now I need to give access to an internal HTPPS site.

- internal HTTPS site (https://tobadata.internal.lan)  is accessible from the reverse proxyserver running urlrewrite 3.0, all certifcates are OK, no errors
- certificate for the external url (ess.outside.be) is installed on the rproxy server
- certificate is bound to the specific webserver running on the rproxy server.

I have copied the simple basic rule I normally use for my HTTP sites


        <rewrite>
            <rules>
                <rule name="ReverseProxyInboundRule1" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="*" />
                    <conditions>
                        <add input="{HTTPS}" pattern="On" />
                    </conditions>
                    <action type="Rewrite" url="https://tobadata.internal.lan/{R:0}" />
                </rule>
            </rules>
        </rewrite>

When using this setup, I'm getting an error "502 - Webserver received an invalid response while acting as a gateway or proxy server"

I have enabled failed request tracing, capturing 502 errors, but this isn't helping me, since it seems that the rewrite rule works as expected?

1. GENERAL_REQUEST_START SiteId="2", AppPoolId="ess", ConnId="1610612741", RawConnId="0", RequestURL="https://ess.outside.be:443/", RequestVerb="GET" 14:36:04.272
2. GENERAL_ENDPOINT_INFORMATION RemoteAddress="77.109.122.130", RemotePort="53751", LocalAddress="192.168.1.80", LocalPort="443" 14:36:04.288
3. GENERAL_REQUEST_HEADERS Headers="Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Encoding: gzip, deflate
Accept-Language: nl-BE
Host: ess.outside.be
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
" 14:36:04.288
4. GENERAL_GET_URL_METADATA PhysicalPath="", AccessPerms="513" 14:36:04.288
5. HANDLER_CHANGED OldHandlerName="", NewHandlerName="StaticFile", NewHandlerModules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule", NewHandlerScriptProcessor="", NewHandlerType="" 14:36:04.288
6. URL_REWRITE_START RequestURL="/", Scope="Distributed", Type="Inbound" 14:36:04.288
7. RULE_EVALUATION_START RuleName="ReverseProxyInboundRule1", RequestURL="", QueryString="", PatternSyntax="Wildcard", StopProcessing="true", RelativePath="/" 14:36:04.288
8. PATTERN_MATCH Pattern="*", Input="", Negate="false", Matched="true" 14:36:04.288
9. CONDITIONS_EVALUATION_START LogicalGrouping="MatchAll" 14:36:04.288
10. CONDITION_EVALUATION Input="{HTTPS}", ExpandedInput="on", MatchType="Pattern", Pattern="On", Negate="false", Succeeded="true" 14:36:04.288
11. CONDITIONS_EVALUATION_END Succeeded="true" 14:36:04.288
12. REWRITE_ACTION Substitution="https://tobadata.internal.lan/{R:0}", RewriteURL="https://tobadata.internal.lan/", AppendQueryString="true", LogRewrittenURL="false" 14:36:04.288
13. RULE_EVALUATION_END RuleName="ReverseProxyInboundRule1", RequestURL="https://tobadata.internal.lan/", QueryString="", StopProcessing="true", Succeeded="true" 14:36:04.288
14. GENERAL_SET_REQUEST_HEADER HeaderName="X-Original-URL", HeaderValue="/", Replace="true" 14:36:04.288
15. URL_CHANGED OldUrl="/", NewUrl="https://tobadata.internal.lan/" 14:36:04.288
16. URL_REWRITE_END RequestURL="https://tobadata.internal.lan/" 14:36:04.288
17. USER_SET AuthType="", UserName="", SupportsIsInRole="true" 14:36:04.288
18. HANDLER_CHANGED OldHandlerName="StaticFile", NewHandlerName="ApplicationRequestRoutingHandler", NewHandlerModules="ApplicationRequestRouting", NewHandlerScriptProcessor="", NewHandlerType="" 14:36:04.288
19. GENERAL_SET_REQUEST_HEADER HeaderName="Max-Forwards", HeaderValue="10", Replace="true" 14:36:04.288
20. GENERAL_SET_REQUEST_HEADER HeaderName="Host", HeaderValue="tobadata.internal.lan", Replace="true" 14:36:04.288
21. GENERAL_SET_REQUEST_HEADER HeaderName="X-Forwarded-For", HeaderValue="77.109.122.130:53751", Replace="true" 14:36:04.288
22. GENERAL_SET_REQUEST_HEADER HeaderName="X-ARR-SSL", HeaderValue="4096|256|C=IL, O=StartCom Ltd., OU=StartCom Certification Authority, CN=StartCom Class 2 IV Server CA|C=BE, S=OV, L=RN, SN=DM, G=T, CN=ess.outside.be", Replace="true" 14:36:04.288
23. GENERAL_SET_REQUEST_HEADER HeaderName="X-ARR-ClientCert", HeaderValue="", Replace="true" 14:36:04.288
24. GENERAL_SET_REQUEST_HEADER HeaderName="X-ARR-LOG-ID", HeaderValue="075dbaec-f845-4e32-985d-3761117ba9ad", Replace="true" 14:36:04.288
25. GENERAL_SET_REQUEST_HEADER HeaderName="Connection", HeaderValue="", Replace="true" 14:36:04.288
26. URL_CHANGED OldUrl="https://tobadata.internal.lan/", NewUrl="/" 14:36:04.303
27. GENERAL_SEND_CUSTOM_ERROR HttpStatus="502", HttpSubStatus="3", FileNameOrURL="502.htm" 14:36:05.366
28. GENERAL_SET_RESPONSE_HEADER HeaderName="Content-Type", HeaderValue="text/html", Replace="true" 14:36:05.381
29. GENERAL_FLUSH_RESPONSE_START  14:36:05.381
30. GENERAL_RESPONSE_HEADERS Headers="Content-Type: text/html
Server: Microsoft-IIS/8.5
" 14:36:05.381
31. GENERAL_RESPONSE_ENTITY_BUFFER Buffer="<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>502 - Web server received an invalid response while acting as a gateway or proxy server.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
  <h2>502 - Web server received an invalid response while acting as a gateway or proxy server.</h2>
  <h3>There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.</h3>
 </fieldset></div>
</div>
</body>
</html>
" 14:36:05.381
32. GENERAL_FLUSH_RESPONSE_END BytesSent="1616", ErrorCode="The operation completed successfully.
 (0x0)" 14:36:05.381
33. GENERAL_REQUEST_END BytesSent="1616", BytesReceived="266", HttpStatus="502", HttpSubStatus="3" 14:36:05.381
0
Comment
Question by:tdemeyer
  • 2
  • 2
4 Comments
 
LVL 29

Expert Comment

by:Dan McFadden
ID: 41863643
1. What are you using for a proxy?
2. Is there an SSL cert installed and configured on the destination server for the site?
3. Are there any corresponding Application Event Log entries for this error?

Dan
0
 
LVL 29

Expert Comment

by:Dan McFadden
ID: 41863719
I just noticed that you are using ARR, can you post the ARR logs from when the error occurs?

Dan
0
 

Accepted Solution

by:
tdemeyer earned 0 total points
ID: 41884576
After some extensive trial-and-error (and searching the deep end of Google)  I was able to write a new rule that more or less seemed to work...
0
 

Author Closing Comment

by:tdemeyer
ID: 41891143
Found it elsewhere
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question