Reverse Proxy with IIS ARR (Application Request Routing) and URL Rewrite features

 Dear folks,

Today I am going to explain how we can use the IIS as reverse proxy to secure, redirect the internal application servers.

IIS ARR 3.0 does provide load balancing, cache, forward and reverse proxy features.

This blog will cover the usage of reverse proxy.

Agenda

Secure/Hide the internal servers from public internet requests

Environment Setup

• DMZ server with IIS ARR and URL Rewrite
• Internal servers which are accessible to DMZ

Pre-requisites

1. Make sure the IIS is installed on the server
2. ARR (Application Request Routing)
3. URL Rewrite

Procedure

• Install the pre-requisites
• Create InBound and OutBound rules to configure as reverse-proxy
• Edit/Create the web.config based on your requirement
• Public facing IP - 123.10.1.12
• Internal IP - 10.1.1.192

Use case 1

• Redirect URLs with 80 port to internal application server on 8001

<?xml version="1.0" encoding="UTF-8"?>

<configuration>

  <system.webServer>

    <rewrite>

        <rules>

            <rule name="ReverseProxyInboundRule1" stopProcessing="true">

              <match url="(.*)" />

                        <conditions logicalGrouping="MatchAll">

                           <add input="{CACHE_URL}" pattern="^(https?)://" />

                        </conditions> 

      <action type="Redirect" url="{C:1}://10.1.1.192/{R:1}" />

            </rule>

     </rules>

              <outboundRules>

                <rule name="ReverseProxyOutboundRule" preCondition="IsHTML">

                    <match filterByTags="A, Form, Img" pattern="^http(s)?://10.1.1.192/(.*)" />

                   <action type="Rewrite" value="http{R:1}://123.10.1.12/{R:2}" />

                </rule>

               <preConditions>

                 <preCondition name="IsHTML">

                    <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />

               </preCondition>

              </preConditions>

            </outboundRules>

           </rewrite>

          </system.webServer>

        </configuration>

Use case 2

• Redirect URLs with 9001 port to internal application server on 8081 with JSON response

<?xml version="1.0" encoding="UTF-8"?>

<configuration>

  <system.webServer>

    <rewrite>

        <rules>

            <rule name="ReverseProxyInboundRule_Port_JSON" stopProcessing="true">

              <match url="(.*)" />

      <conditions logicalGrouping="MatchAll">

                <add input="{CACHE_URL}" pattern="^(https?)://" />

              <add input="{SERVER_PORT}" pattern="9001" />

              </conditions>

              <action type="Redirect" url="http://10.1.1.192:8081/{R:1}" />

            </rule>

    </rules>

              <outboundRules>

                <rule name="ReverseProxyOutboundRule_Port_JSON" preCondition="IsJSON">

                    <match filterByTags="A, Form, Img" pattern="^http(s)?://10.1.1.192:8081/(.*)" />

                   <action type="Rewrite" value="http{R:1}://123.10.1.12:9001/{R:2}" />

                </rule>

               <preConditions>

                 <preCondition name="IsJSON">

                    <add input="{RESPONSE_CONTENT_TYPE}" pattern="^(text|application/json|application/plaintext" />

               </preCondition>

              </preConditions>

            </outboundRules> 

             </rewrite>

          </system.webServer>

        </configuration>

One can make use of the conditions and redirect accordingly

url

use the regular expression to identify the part of the URL to process further

conditions

 Use conditions with attributes to distinguish the URL

action

redirect, rewrite, abort with specific URL with arguments

Hope this helps organization to configure and secure the servers

Request you to send your valuable feedback and comments to psrdotcom@gmail.com