Set up IIS as forward proxy for HTTPS requests

iis ssl proxy https
10,560

This is actually quite easy and a case for SSL offloading.

  1. Install Application Request Routing (ARR) and URL Rewrite with the Web Plattform Installer, restart your IIS Manager.

  2. Now you should see a Server Farms entry in the IIS manager tree. If you have Server 1 with the IP 192.168.1.1 as HTTP and Server 2 with the IP 192.168.1.2 as exposed HTTPS Endpoint , you just setup a Server Farm, add Server 1 to it (by IP or local DNS name, Server 2 must be able to resolve the name of Server 1). Do not add Server 2 to the webfarm. It will ask you to allow automatic creation of a Rewrite Rule to properly forward the requests.*

  3. Create a standard website which has the SSL Binding to Server 2 (potentially with an SNI hostname, if you have more than one site hosting on the IIS).

  4. Then, click on the Server itself (in IIS Manager) and go into the "URL Rewrite" Module. There you will find the new Rewrite Module called something like ARR_[ServerFarm]_Loadbalance. Double click on the rule, and under Conditions, add {HTTPS} (Input) which matches the pattern on (Pattern).

Under Action, you select Action Type Route to Server Farm and set your Action Properties to Scheme: http://, Server farm: [YourServerFarmName] and leave the path untouched. You can then also tick Stop processing of subsequent rules if that is not ticked already.

*NOTE: If you have already other websites running on this server (possibly with SNI), you should also add another condition in the rewrite rule to only forward to the server farm, if the corresponding URL is queried. The condition is {HTTP_HOST} matches the pattern yoururl.com.

Hope that helps.

Share:
10,560

Related videos on Youtube

w3worker
Author by

w3worker

Updated on September 18, 2022

Comments

  • w3worker
    w3worker over 1 year

    Is it possible to set up IIS as a forward proxy for HTTPS requests?

    My use case is this: I have some process running locally on the IIS machine which is able to make HTTP calls, but not HTTPS calls. I would like to set up IIS so that I can send a HTTP request to it (on localhost) and IIS would then forward the request as a HTTPS request to the real URL (using some sort of mapping based on the original URL).

    Like this:

    myprogram on server1 <-> http <-> IIS on server1 <-> https <-> server2

    Is this possible? This link (http://www.iis.net/learn/extensions/configuring-application-request-routing-(arr)/creating-a-forward-proxy-using-application-request-routing) says "Note that ARR processes only HTTP traffic, not other protocols. ARR does not support the HTTP CONNECT verb, and as a result, does not support forwarding HTTPS traffic." but maybe there are other ways of achieving this on IIS?

    • Abhinav Galodha
      Abhinav Galodha almost 7 years
      I have the same question..

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

IIS HTTP to HTTPS relative redirect
Nginx config to proxy pass to external ip and port (https -> http)
configure secure SSL Apache reverse proxy
How to block specific HTTPS traffic?
nginx http to https proxy with self-signed certificate
https not working with www and DNS redirect isn't helping
cannot access ssl-secured website on the server side
How do I limit SSL/TLS connections to at least 128-bit encryption?
IIS randomly returns 413 Request Entity Too Large when uploading large files and using TLS
Forcing a particular SSL protocol for an nginx proxying server