1,745 questions
Hi Yurong,
We are trying to access https://webapplication.xedge.com.sg/ url from the client machine, browser finally shows failed with multiple redirects.
IIS Reverse proxy rule looping, failing with multiple redirects
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 43%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
sayish kumar
1
Reputation point
Hi Team,
We have an application which runs on our proprietary webserver, we need to provide access to the application through IIS reverse proxy. Below is the normal scenario for accessing the application.
Step : Application can be accessed through the URL as below.
https://webapplication.xedge.com.sg/
For the IDP authentication request will be redirected to IDP application which is hosted in IIS.
the for authentication client browser URL will get auto changed as below.
We need be access the application through reverse proxy, for that we have configured the rules as below in the reverse proxy server.
<rule name="Reverse Proxy to IDP" enabled="true" stopProcessing="true">
<match url="^(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="webapplicationidp-r1.xedge.com.sg" />
<conditions>
<action type="Rewrite" url="https://webapplicationidp.xedge.com.sg/{R:1}" />
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
</rule>
<rule name="Reverse Proxy to Application" enabled="true" stopProcessing="true">
<match url="^(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="webapplication-r1.xedge.com.sg" />
<conditions>
<action type="Rewrite" url="https://webapplication.xedge.com.sg/{R:1}" />
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
</rule>
<rule name="Reverse Proxy to Application Authentication" enabled="true" stopProcessing="true">
<match url="^(.)" />
<conditions>
<add input="{REQUEST_URI}" matchtype="Pattern" pattern="https://webapplicationidp-r1.xedge.com.sg/authuser.aspx.aspx(.)$" negate="true" />
<conditions>
<action type="Rewrite" url="https://webapplicationidp-r1.xedge.com.sg/authuser.aspx?ref=https://webapplication-r1.xedge.com.sg/templates/idpconnect.w3p;fromUrl=http%253A%252F%252Fwebapplication-r1.xedge.com.sg%252Findex.w3p" />
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
</rule>
<outboundRules>
<rule name="EDS" preCondition="ResponseIsHtml1" enabled="true">
<match filterByTags="A, Form, Head, Img, Link, Script" pattern="^http(s)?://webapplicationidp-r1.xedge.com.sg/(.*)" />
<action type="Rewrite" value="http{R:1}://webapplicationidp.xedge.com.sg/{R:2}" />
</rule>
<rule name="EDS" preCondition="ResponseIsHtml1" enabled="true">
<match filterByTags="A, Form, Head, Img, Link, Script" pattern="^http(s)?://webapplication-r1.xedge.com.sg/(.*)" />
<action type="Rewrite" value="http{R:1}://webapplication.xedge.com.sg/{R:2}" />
</rule>
</outboundRules>
<rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
<match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
<action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
<preCondition name="NeedsRestoringAcceptEncoding">
<add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" />
</preCondition>
<preCondition name="ResponseIsTextAnything">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/(.+)" />
</preCondition>
</preConditions>
application keeps on redirecting when accessing, and fails with multiple redirects. and cookies which are created in the reverse proxy servers are also not getting passed to the back-end web sever. Could you please help to solve this issue ?
Please let me know if you need any more information.
regards,
sai
Windows development Internet Information Services
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 70%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYD%3C/text%3E%3C/svg%3E)
Yurong Dai-MSFT 2,846 Reputation points Microsoft External Staff2023-01-09T09:17:28.437+00:00 Hi @sayish kumar ,
What error message did you get? Please provide detailed error information. In addtion, what URL did you access that resulted in multiple failed redirects? -
Lex Li (Microsoft) 6,037 Reputation points Microsoft Employee2023-01-09T17:58:53.497+00:00 - You didn't reveal what are the expected behaviors.
- The rules you shared look incorrect and against the limited information provided. They can lead incoming requests to the wrong places and your web app and/or the authentication provider can issue their own 30x redirection responses to further mess up the situation (what you observed).
If possible, open a support case to involve Microsoft support team and let them learn much more about your server and web apps. An online forum like this won't be very helpful.
-
sayish kumar 1 Reputation point
2023-01-10T02:39:35.227+00:00 @Anonymous - Overview of the expectation as below.
We have a web server and apps server, web server with iis reverse proxy and apps server with our web applicaiton and identity provider application.
we need to access this application and IDP through reverse proxy. Problem here is when we are accessing the webapplication, this request will go to the web application first then it will route to IDP for authentication (as a new request from the client browser) and goes back to the web application and response is send back to the user. ie, with a single URL to the webapplication, request will redirect to IDP and comes back to the application.
I have split the issue into 2.
Attached a diagram for the reference for issue 1.
Sign in to comment
1 answer
Sort by: Most helpful
-
sayish kumar 1 Reputation point
2023-01-09T09:23:36.46+00:00 -
Yurong Dai-MSFT 2,846 Reputation points Microsoft External Staff
2023-01-09T09:30:11.903+00:00 Hi @sayish kumar ,
Try using FRT to view details about the error, which will generate a detailed log file to help you identify the problem.
https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/using-failed-request-tracing-to-trace-rewrite-rules -
sayish kumar 1 Reputation point
2023-01-09T10:27:35.71+00:00 Hi Yurong,
FRT didn't create any logs. i think rule which i have created itself is wrong. Can you please help me with the rule for rewriting the attached scenario ?
regards,
sai277451-rewrite-url.txt -
Yurong Dai-MSFT 2,846 Reputation points Microsoft External Staff
2023-01-11T05:44:40.56+00:00 Hi @sayishkumar-5607,
According to your description, my understanding is as follows: Web server acts as your IIS reverse proxy server, and the website corresponding to the default port 443 acts as a reverse proxy site. When you access
https://webapplication.xedge.com.sg/urlin the client browser, the request will first be sent to the IIS site on web server, and then due to the setting of the rewrite rule, the request will be forwarded to the Apps server, and the authentication page will be sent to the web server first, then sent back to the client. The port of the site in the Apps server is 444, so when you enterhttps://webapplication.xedge.com.sg/urlin the client browser, it will display the content of the site in the Apps server (port is 444). If I understand correctly, I think your first rewrite rule need to be created like this: (Please note that this rule needs to be created on the reverse proxy site in the web server.)<rule name="Reverse Proxy to IDP" enabled="true" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTP_HOST}" pattern="webapplicationidp-r1.xedge.com.sg" /> <conditions> <action type="Rewrite" url="https://webapplicationidp.xedge.com.sg:444/{R:1}" /> <serverVariables> <set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" /> <set name="HTTP_ACCEPT_ENCODING" value="" /> </serverVariables> </rule> -
sayish kumar 1 Reputation point
2023-01-11T13:28:09.2733333+00:00 @Yurong Dai-MSFT
Yes we have 2 rewrite rules in web server iis reverse proxy.- webapplicationidp.xedge.com.sg:443 to webapplicationidp-r1.xedge.com.sg:443
- webapplication.xedge.com.sg:444 to webapplication-r1.xedge.com.sg:444
When we try to access to access the URL 1 its properly returning the backend server expected results.
but when we try to access URL 2, its returning as below (this is the behaviour from the applicaiton hosted in the apps sever on port 444)
is there a way where we can change the URL returned by the 2nd rule can be changed something like
https://webapplicationidp.xedge.com.sg:443/authuser.aspx?ref=https://webapplication-r1.xedge.com.sg:444/templates/idpconnect.w3p;fromUrl=http%253A%252F%252Fwebapplication-r1.xedge.com.sg%253A444%252Findex.w3p
Reason is we need to get this URL working for getting the authentication done by the IDP application by passing the query string value "ref"
regards,
sai
-
Yurong Dai-MSFT 2,846 Reputation points Microsoft External Staff
2023-01-12T07:55:57.61+00:00 Hi @sayish kumar,
Do you mean to rewrite webapplication.xedge.com.sg:444 to webapplicationidp.xedge.com.sg:443? Since I don't know the specifics of your web application, I don't understand why you would do this, but it's bound to causes a rule loop.
-
sayish kumar 1 Reputation point
2023-01-16T04:18:06.6566667+00:00 I have attached a sample webconfig which works with HTTP. This webconfig satisfy's our requirement. But when i change the connection to SSL for both source and destination, these rules fails with too many redirect.
chrome error message is "ERR _ TOO _Many _Redirects"
Attached FRT logs for https W3SVC1.zip.txt (pls remove .txt from the filename)
Could you please help to check what went wrong here ?
regards,
sai
-
Yurong Dai-MSFT 2,846 Reputation points Microsoft External Staff
2023-01-16T08:43:24.97+00:00 Hi @sayish kumar,
I can't view your FRT log because it is not in the correct format, it should be in xml format. But according to your description, when you use HTTP, your rules can work normally, and when you change to HTTPS, the redirection error "ERR_TOO_Many_Redirects" appears.
You need to check your certificate configuration, if your website's SSL certificate is misconfigured or missing it may cause "ERR_TOO_MANY_REDIRECTS" error. Also did you modify the rules when you changed the connection to SSL? The rewrite url in the web.config file you provided are all HTTP.
-
sayish kumar 1 Reputation point
2023-01-16T09:46:38.4033333+00:00 There are 43 log file inside the zip. once you remove .txt from the downloaded file it. File will be in a zip format. Could you please try extracting the zip ?
regards,
sai
-
sayish kumar 1 Reputation point
2023-01-16T09:46:43.8266667+00:00 There are 43 log file inside the zip. once you remove .txt from the downloaded file it. File will be in a zip format. Could you please try extracting the zip ?
regards,
sai
-
sayish kumar 1 Reputation point
2023-01-16T09:49:45.27+00:00 Also did you modify the rules when you changed the connection to SSL?
[Sai] Yes i have modified the rules with https.
-
Yurong Dai-MSFT 2,846 Reputation points Microsoft External Staff
2023-01-17T09:00:07.0333333+00:00 Hi @sayish kumar,
Unfortunately I can't unzip the file, have you checked the certificate configuration? Is your website's SSL certificate properly configured?
Sign in to comment -