Solved

Problem redirecting HTTPS site in iis8.5 / url rewrite 3

Posted on 2016-10-15
4
22 Views
Last Modified: 2016-11-17
Hi all,

I really could use some help from the experts out there...

We use a reverse proxy to publish several http sites to the outside world, all are running fine.

Now I need to give access to an internal HTPPS site.

- internal HTTPS site (https://tobadata.internal.lan)  is accessible from the reverse proxyserver running urlrewrite 3.0, all certifcates are OK, no errors
- certificate for the external url (ess.outside.be) is installed on the rproxy server
- certificate is bound to the specific webserver running on the rproxy server.

I have copied the simple basic rule I normally use for my HTTP sites


        <rewrite>
            <rules>
                <rule name="ReverseProxyInboundRule1" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="*" />
                    <conditions>
                        <add input="{HTTPS}" pattern="On" />
                    </conditions>
                    <action type="Rewrite" url="https://tobadata.internal.lan/{R:0}" />
                </rule>
            </rules>
        </rewrite>

When using this setup, I'm getting an error "502 - Webserver received an invalid response while acting as a gateway or proxy server"

I have enabled failed request tracing, capturing 502 errors, but this isn't helping me, since it seems that the rewrite rule works as expected?

1. GENERAL_REQUEST_START SiteId="2", AppPoolId="ess", ConnId="1610612741", RawConnId="0", RequestURL="https://ess.outside.be:443/", RequestVerb="GET" 14:36:04.272
2. GENERAL_ENDPOINT_INFORMATION RemoteAddress="77.109.122.130", RemotePort="53751", LocalAddress="192.168.1.80", LocalPort="443" 14:36:04.288
3. GENERAL_REQUEST_HEADERS Headers="Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Encoding: gzip, deflate
Accept-Language: nl-BE
Host: ess.outside.be
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
" 14:36:04.288
4. GENERAL_GET_URL_METADATA PhysicalPath="", AccessPerms="513" 14:36:04.288
5. HANDLER_CHANGED OldHandlerName="", NewHandlerName="StaticFile", NewHandlerModules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule", NewHandlerScriptProcessor="", NewHandlerType="" 14:36:04.288
6. URL_REWRITE_START RequestURL="/", Scope="Distributed", Type="Inbound" 14:36:04.288
7. RULE_EVALUATION_START RuleName="ReverseProxyInboundRule1", RequestURL="", QueryString="", PatternSyntax="Wildcard", StopProcessing="true", RelativePath="/" 14:36:04.288
8. PATTERN_MATCH Pattern="*", Input="", Negate="false", Matched="true" 14:36:04.288
9. CONDITIONS_EVALUATION_START LogicalGrouping="MatchAll" 14:36:04.288
10. CONDITION_EVALUATION Input="{HTTPS}", ExpandedInput="on", MatchType="Pattern", Pattern="On", Negate="false", Succeeded="true" 14:36:04.288
11. CONDITIONS_EVALUATION_END Succeeded="true" 14:36:04.288
12. REWRITE_ACTION Substitution="https://tobadata.internal.lan/{R:0}", RewriteURL="https://tobadata.internal.lan/", AppendQueryString="true", LogRewrittenURL="false" 14:36:04.288
13. RULE_EVALUATION_END RuleName="ReverseProxyInboundRule1", RequestURL="https://tobadata.internal.lan/", QueryString="", StopProcessing="true", Succeeded="true" 14:36:04.288
14. GENERAL_SET_REQUEST_HEADER HeaderName="X-Original-URL", HeaderValue="/", Replace="true" 14:36:04.288
15. URL_CHANGED OldUrl="/", NewUrl="https://tobadata.internal.lan/" 14:36:04.288
16. URL_REWRITE_END RequestURL="https://tobadata.internal.lan/" 14:36:04.288
17. USER_SET AuthType="", UserName="", SupportsIsInRole="true" 14:36:04.288
18. HANDLER_CHANGED OldHandlerName="StaticFile", NewHandlerName="ApplicationRequestRoutingHandler", NewHandlerModules="ApplicationRequestRouting", NewHandlerScriptProcessor="", NewHandlerType="" 14:36:04.288
19. GENERAL_SET_REQUEST_HEADER HeaderName="Max-Forwards", HeaderValue="10", Replace="true" 14:36:04.288
20. GENERAL_SET_REQUEST_HEADER HeaderName="Host", HeaderValue="tobadata.internal.lan", Replace="true" 14:36:04.288
21. GENERAL_SET_REQUEST_HEADER HeaderName="X-Forwarded-For", HeaderValue="77.109.122.130:53751", Replace="true" 14:36:04.288
22. GENERAL_SET_REQUEST_HEADER HeaderName="X-ARR-SSL", HeaderValue="4096|256|C=IL, O=StartCom Ltd., OU=StartCom Certification Authority, CN=StartCom Class 2 IV Server CA|C=BE, S=OV, L=RN, SN=DM, G=T, CN=ess.outside.be", Replace="true" 14:36:04.288
23. GENERAL_SET_REQUEST_HEADER HeaderName="X-ARR-ClientCert", HeaderValue="", Replace="true" 14:36:04.288
24. GENERAL_SET_REQUEST_HEADER HeaderName="X-ARR-LOG-ID", HeaderValue="075dbaec-f845-4e32-985d-3761117ba9ad", Replace="true" 14:36:04.288
25. GENERAL_SET_REQUEST_HEADER HeaderName="Connection", HeaderValue="", Replace="true" 14:36:04.288
26. URL_CHANGED OldUrl="https://tobadata.internal.lan/", NewUrl="/" 14:36:04.303
27. GENERAL_SEND_CUSTOM_ERROR HttpStatus="502", HttpSubStatus="3", FileNameOrURL="502.htm" 14:36:05.366
28. GENERAL_SET_RESPONSE_HEADER HeaderName="Content-Type", HeaderValue="text/html", Replace="true" 14:36:05.381
29. GENERAL_FLUSH_RESPONSE_START  14:36:05.381
30. GENERAL_RESPONSE_HEADERS Headers="Content-Type: text/html
Server: Microsoft-IIS/8.5
" 14:36:05.381
31. GENERAL_RESPONSE_ENTITY_BUFFER Buffer="<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>502 - Web server received an invalid response while acting as a gateway or proxy server.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
  <h2>502 - Web server received an invalid response while acting as a gateway or proxy server.</h2>
  <h3>There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.</h3>
 </fieldset></div>
</div>
</body>
</html>
" 14:36:05.381
32. GENERAL_FLUSH_RESPONSE_END BytesSent="1616", ErrorCode="The operation completed successfully.
 (0x0)" 14:36:05.381
33. GENERAL_REQUEST_END BytesSent="1616", BytesReceived="266", HttpStatus="502", HttpSubStatus="3" 14:36:05.381
0
Comment
Question by:tdemeyer
  • 2
  • 2
4 Comments
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
1. What are you using for a proxy?
2. Is there an SSL cert installed and configured on the destination server for the site?
3. Are there any corresponding Application Event Log entries for this error?

Dan
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
I just noticed that you are using ARR, can you post the ARR logs from when the error occurs?

Dan
0
 

Accepted Solution

by:
tdemeyer earned 0 total points
Comment Utility
After some extensive trial-and-error (and searching the deep end of Google)  I was able to write a new rule that more or less seemed to work...
0
 

Author Closing Comment

by:tdemeyer
Comment Utility
Found it elsewhere
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now