Problem redirecting HTTPS site in iis8.5 / url rewrite 3

Posted on 2016-10-15
Last Modified: 2016-11-17
Hi all,

I really could use some help from the experts out there...

We use a reverse proxy to publish several http sites to the outside world, all are running fine.

Now I need to give access to an internal HTPPS site.

- internal HTTPS site (https://tobadata.internal.lan)  is accessible from the reverse proxyserver running urlrewrite 3.0, all certifcates are OK, no errors
- certificate for the external url ( is installed on the rproxy server
- certificate is bound to the specific webserver running on the rproxy server.

I have copied the simple basic rule I normally use for my HTTP sites

                <rule name="ReverseProxyInboundRule1" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="*" />
                        <add input="{HTTPS}" pattern="On" />
                    <action type="Rewrite" url="https://tobadata.internal.lan/{R:0}" />

When using this setup, I'm getting an error "502 - Webserver received an invalid response while acting as a gateway or proxy server"

I have enabled failed request tracing, capturing 502 errors, but this isn't helping me, since it seems that the rewrite rule works as expected?

1. GENERAL_REQUEST_START SiteId="2", AppPoolId="ess", ConnId="1610612741", RawConnId="0", RequestURL="", RequestVerb="GET" 14:36:04.272
2. GENERAL_ENDPOINT_INFORMATION RemoteAddress="", RemotePort="53751", LocalAddress="", LocalPort="443" 14:36:04.288
3. GENERAL_REQUEST_HEADERS Headers="Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Encoding: gzip, deflate
Accept-Language: nl-BE
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
" 14:36:04.288
4. GENERAL_GET_URL_METADATA PhysicalPath="", AccessPerms="513" 14:36:04.288
5. HANDLER_CHANGED OldHandlerName="", NewHandlerName="StaticFile", NewHandlerModules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule", NewHandlerScriptProcessor="", NewHandlerType="" 14:36:04.288
6. URL_REWRITE_START RequestURL="/", Scope="Distributed", Type="Inbound" 14:36:04.288
7. RULE_EVALUATION_START RuleName="ReverseProxyInboundRule1", RequestURL="", QueryString="", PatternSyntax="Wildcard", StopProcessing="true", RelativePath="/" 14:36:04.288
8. PATTERN_MATCH Pattern="*", Input="", Negate="false", Matched="true" 14:36:04.288
9. CONDITIONS_EVALUATION_START LogicalGrouping="MatchAll" 14:36:04.288
10. CONDITION_EVALUATION Input="{HTTPS}", ExpandedInput="on", MatchType="Pattern", Pattern="On", Negate="false", Succeeded="true" 14:36:04.288
11. CONDITIONS_EVALUATION_END Succeeded="true" 14:36:04.288
12. REWRITE_ACTION Substitution="https://tobadata.internal.lan/{R:0}", RewriteURL="https://tobadata.internal.lan/", AppendQueryString="true", LogRewrittenURL="false" 14:36:04.288
13. RULE_EVALUATION_END RuleName="ReverseProxyInboundRule1", RequestURL="https://tobadata.internal.lan/", QueryString="", StopProcessing="true", Succeeded="true" 14:36:04.288
14. GENERAL_SET_REQUEST_HEADER HeaderName="X-Original-URL", HeaderValue="/", Replace="true" 14:36:04.288
15. URL_CHANGED OldUrl="/", NewUrl="https://tobadata.internal.lan/" 14:36:04.288
16. URL_REWRITE_END RequestURL="https://tobadata.internal.lan/" 14:36:04.288
17. USER_SET AuthType="", UserName="", SupportsIsInRole="true" 14:36:04.288
18. HANDLER_CHANGED OldHandlerName="StaticFile", NewHandlerName="ApplicationRequestRoutingHandler", NewHandlerModules="ApplicationRequestRouting", NewHandlerScriptProcessor="", NewHandlerType="" 14:36:04.288
19. GENERAL_SET_REQUEST_HEADER HeaderName="Max-Forwards", HeaderValue="10", Replace="true" 14:36:04.288
20. GENERAL_SET_REQUEST_HEADER HeaderName="Host", HeaderValue="tobadata.internal.lan", Replace="true" 14:36:04.288
21. GENERAL_SET_REQUEST_HEADER HeaderName="X-Forwarded-For", HeaderValue="", Replace="true" 14:36:04.288
22. GENERAL_SET_REQUEST_HEADER HeaderName="X-ARR-SSL", HeaderValue="4096|256|C=IL, O=StartCom Ltd., OU=StartCom Certification Authority, CN=StartCom Class 2 IV Server CA|C=BE, S=OV, L=RN, SN=DM, G=T,", Replace="true" 14:36:04.288
23. GENERAL_SET_REQUEST_HEADER HeaderName="X-ARR-ClientCert", HeaderValue="", Replace="true" 14:36:04.288
24. GENERAL_SET_REQUEST_HEADER HeaderName="X-ARR-LOG-ID", HeaderValue="075dbaec-f845-4e32-985d-3761117ba9ad", Replace="true" 14:36:04.288
25. GENERAL_SET_REQUEST_HEADER HeaderName="Connection", HeaderValue="", Replace="true" 14:36:04.288
26. URL_CHANGED OldUrl="https://tobadata.internal.lan/", NewUrl="/" 14:36:04.303
27. GENERAL_SEND_CUSTOM_ERROR HttpStatus="502", HttpSubStatus="3", FileNameOrURL="502.htm" 14:36:05.366
28. GENERAL_SET_RESPONSE_HEADER HeaderName="Content-Type", HeaderValue="text/html", Replace="true" 14:36:05.381
30. GENERAL_RESPONSE_HEADERS Headers="Content-Type: text/html
Server: Microsoft-IIS/8.5
" 14:36:05.381
<html xmlns="">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>502 - Web server received an invalid response while acting as a gateway or proxy server.</title>
<style type="text/css">
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
#content{margin:0 0 0 2%;position:relative;}
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
  <h2>502 - Web server received an invalid response while acting as a gateway or proxy server.</h2>
  <h3>There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.</h3>
" 14:36:05.381
32. GENERAL_FLUSH_RESPONSE_END BytesSent="1616", ErrorCode="The operation completed successfully.
 (0x0)" 14:36:05.381
33. GENERAL_REQUEST_END BytesSent="1616", BytesReceived="266", HttpStatus="502", HttpSubStatus="3" 14:36:05.381
Question by:tdemeyer
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 28

Expert Comment

by:Dan McFadden
ID: 41863643
1. What are you using for a proxy?
2. Is there an SSL cert installed and configured on the destination server for the site?
3. Are there any corresponding Application Event Log entries for this error?

LVL 28

Expert Comment

by:Dan McFadden
ID: 41863719
I just noticed that you are using ARR, can you post the ARR logs from when the error occurs?


Accepted Solution

tdemeyer earned 0 total points
ID: 41884576
After some extensive trial-and-error (and searching the deep end of Google)  I was able to write a new rule that more or less seemed to work...

Author Closing Comment

ID: 41891143
Found it elsewhere

Featured Post

Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question