Dear folks,
Today I am going to explain how we can use the IIS as reverse proxy to secure, redirect the internal application servers.
IIS ARR 3.0 does provide load balancing, cache, forward and reverse proxy features.
This blog will cover the usage of reverse proxy.
Agenda
Secure/Hide the internal servers from public internet requests
Environment Setup
- DMZ server with IIS ARR and URL Rewrite
- Internal servers which are accessible to DMZ
Pre-requisites
- Make sure the IIS is installed on the server
- ARR (Application Request Routing)
- URL Rewrite
Procedure
- Install the pre-requisites
- Create InBound and OutBound rules to configure as reverse-proxy
- Edit/Create the web.config based on your requirement
- Public facing IP - 123.10.1.12
- Internal IP - 10.1.1.192
Use case 1
- Redirect URLs with 80 port to internal application server on 8001
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<action type="Redirect" url="{C:1}://10.1.1.192/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="ReverseProxyOutboundRule" preCondition="IsHTML">
<match filterByTags="A, Form, Img" pattern="^http(s)?://10.1.1.192/(.*)" />
<action type="Rewrite" value="http{R:1}://123.10.1.12/{R:2}" />
</rule>
<preConditions>
<preCondition name="IsHTML">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
Use case 2
- Redirect URLs with 9001 port to internal application server on 8081 with JSON response
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule_Port_JSON" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{CACHE_URL}" pattern="^(https?)://" />
<add input="{SERVER_PORT}" pattern="9001" />
</conditions>
<action type="Redirect" url="http://10.1.1.192:8081/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="ReverseProxyOutboundRule_Port_JSON" preCondition="IsJSON">
<match filterByTags="A, Form, Img" pattern="^http(s)?://10.1.1.192:8081/(.*)" />
<action type="Rewrite" value="http{R:1}://123.10.1.12:9001/{R:2}" />
</rule>
<preConditions>
<preCondition name="IsJSON">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^(text|application/json|application/plaintext" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
One can make use of the conditions and redirect accordingly
url
use the regular expression to identify the part of the URL to process further
conditions
Use conditions with attributes to distinguish the URL
action
redirect, rewrite, abort with specific URL with arguments
Hope this helps organization to configure and secure the servers
Request you to send your valuable feedback and comments to psrdotcom@gmail.com