Im using .net core 3.1 in an docker environment pointing an IIS Reverse Proxy with ARR installed to it.
Update
I managed to get the rewriting running. BNut since I dont know why it works this way Im unable to answer this question.
I changed the rewrite rules from localhost: to 127.0.0.1:
Now the handshake works. But it seems not work with websocket protocol only with ServerSentEvents.
Error: Failed to start the transport 'WebSockets': Error: WebSocket failed to connect. The connection could not be found on the server, either the endpoint may not be a SignalR endpoint, the connection ID is not present on the server, or there is a proxy blocking WebSockets. If you have multiple servers check that sticky sessions are enabled.
But Websockets are installed. Im using ARR3.
So the last 2 questions in this for me are:
Why did it work with the IP instead of localhost? (Full config below)
Why does it throw this error even WS is installed?
Full Rewrite config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<urlCompression doStaticCompression="false" doDynamicCompression="false" />
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="wss://(.*)" />
<action type="Rewrite" url="wss://127.0.0.1:3101/{R:1}" />
</rule>
<rule name="ReverseProxyInboundRule2" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="https://127.0.0.1:3101/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A, Form, Img" pattern="^http(s)?://127.0.0.1:3101/(.*)" />
<action type="Rewrite" value="http{R:1}://sub.example.com/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
EDIT
Thanks to Bruce Zhang I got to the source of the problem but still not Idea how to fix it.
Ive got an docker environment running via docker compose on a windows server.
There I use IIS10 with UrlRewrite and ARR3 together with an .net core 3.1 app and signalR core.
As Client I use the typescript version of #microsoft/signalr (latest)
For some reasons I dont know the Connection is ok but the handshake call ends in an timeout.
I looked at the net for some solutions and applied this so far:
Added URL Rewrite Inbound Rules for wss:// and ws://
Increased the timeouts for signalR
Configured the response buffer in ARR (see picture below)
Enabled failed request tracing
The docker env is running on the same server as the IIS with enabled ARR and Websockets Feature.
The Web-App container exposes port 6652 mapping it to port 443 in the docker container.
My rewrite rule are defined as below:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<urlCompression doStaticCompression="false" doDynamicCompression="false" />
<rewrite>
<rules>
<rule name="WS reverse proxy" stopProcessing="true">
<match url="ws://devlocal.example.com" />
<conditions>
<add input="{CACHE_URL}" pattern="^(.+)://" />
</conditions>
<action type="Rewrite" url="{C:1}://127.0.0.1:6652" />
</rule>
<rule name="WSS reverse proxy" stopProcessing="true">
<match url="wss://devlocal.example.com" />
<conditions>
<add input="{CACHE_URL}" pattern="^(.+)://" />
</conditions>
<action type="Rewrite" url="{C:1}://127.0.0.1:6652" />
</rule>
<rule name="_Inbound_devlocal.example.com.com" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="{C:1}://localhost:6652/{R:1}" logRewrittenUrl="true" />
<conditions logicalGrouping="MatchAny">
<add input="{CACHE_URL}" pattern="^(.+)://" />
<add input="{HTTP_HOST}" pattern="^devlocal\.example.com\.com$" />
</conditions>
</rule>
</rules>
<outboundRules>
<rule name="_Outboundund_devlocal.example.com.com" stopProcessing="true">
<match filterByTags="A, Form, Img, Link, Script" pattern="^http(s)?://localhost:6652/(.*)" />
<action type="Rewrite" value="http{R:1}://devlocal.example.com.com/{R:2}" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
SignalR configured as:
services.AddSignalR(hubOptions =>
{
hubOptions.ClientTimeoutInterval = TimeSpan.FromSeconds(240);
hubOptions.HandshakeTimeout = TimeSpan.FromSeconds(120);
hubOptions.KeepAliveInterval = TimeSpan.FromSeconds(60);
hubOptions.EnableDetailedErrors = true;
hubOptions.MaximumReceiveMessageSize = 200;
hubOptions.StreamBufferCapacity = 300;
});
// Mappig hub like:
app.UseEndpoints(api =>
{
api.MapControllers();
api.MapHub<CommentsHub>("/sockR/hub");
}
);
The ARR Config:
The trace log of the signalR client shows that its the handshake call thats ends in an timeout:
[2022-01-13T18:29:07.232Z] Information: Normalizing '/sockR/hub' to 'https://devlocal.example.com/sockR/hub'.
Utils.js:151 [2022-01-13T18:29:07.233Z] Debug: Starting HubConnection.
Utils.js:151 [2022-01-13T18:29:07.233Z] Debug: Starting connection with transfer format 'Text'.
Utils.js:147 [2022-01-13T18:29:07.342Z] Information: WebSocket connected to wss://devlocal.example.com/sockR/hub.
Utils.js:151 [2022-01-13T18:29:07.342Z] Debug: The HttpConnection connected successfully.
Utils.js:151 [2022-01-13T18:29:07.342Z] Debug: Sending handshake request.
Utils.js:147 [2022-01-13T18:29:07.342Z] Information: Using HubProtocol 'json'.
... After 3 minutes:
ERROR Error: Uncaught (in promise): Error: Server timeout elapsed without receiving a message from the server. Error: Server timeout elapsed without receiving a message from the server.
Is there any way to debug why the request is ending in an timeout? The strange thing is Ive got also an jira instance on the server.Also bound via revers proxy with same settings and the WSS/WS calls there dont fail.
Apperently it works now by removing:
Startup.cs
app.UseWebSockets();
And after changing my rewrite config to:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<urlCompression doStaticCompression="false" doDynamicCompression="false" />
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="wss://(.*)" />
<action type="Rewrite" url="wss://127.0.0.1:3101/{R:1}" />
</rule>
<rule name="ReverseProxyInboundRule2" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="https://127.0.0.1:3101/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A, Form, Img" pattern="^http(s)?://127.0.0.1:3101/(.*)" />
<action type="Rewrite" value="http{R:1}://sub.example.com/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
Related
web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyApi" stopProcessing="true">
<match url="api/(.*)" />
<action type="Rewrite" url="http://localhost:3000/{R:1}" />
</rule>
<rule name="ReverseProxyClient" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{CACHE_URL}" pattern="^(.+)://" />
</conditions>
<action type="Rewrite" url="{C:1}://localhost:3001/{R:1}" />
<serverVariables>
<set name="HTTP_SEC_WEBSOCKET_EXTENSIONS" value="" />
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
I have successfully created a reverse proxy from http://localhost:9999 to my http://localhost:3000 (NestJS api server) and http://localhost:3001 (NextJS client server) using the above config in rewrite url.
My problem is that I am geting an error when I tried to bind https://localhost:8888 to the same site. I made sure that the https url is in the site bindings. I also have a self signed ssl certificate with it.
This is the error I am getting:
As you can see here https://localhost:8888 is in the site bindings
This is self signed certificate that I am using
I have no idea what is wrong in my setup. I have tried to restart both the website and the whole IIS server but I am getting the same error.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyApi" stopProcessing="true">
<match url="api/(.*)" />
<action type="Rewrite" url="http://localhost:3000/{R:1}" />
</rule>
<rule name="ReverseProxyClient" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{CACHE_URL}" pattern="^(.+)://" />
</conditions>
<action type="Rewrite" url="{MapProtocol:{C:1}}://localhost:3001/{R:1}" />
<serverVariables>
<set name="HTTP_SEC_WEBSOCKET_EXTENSIONS" value="" />
</serverVariables>
</rule>
</rules>
<rewriteMaps>
<rewriteMap name="MapProtocol">
<add key="https" value="http" />
<add key="wss" value="ws" />
</rewriteMap>
</rewriteMaps>
</rewrite>
</system.webServer>
</configuration>
This web config works. I think what was wrong in my previous config is that https://localhost:8888 is redirected to https://localhost:3001 which does not exist (because of the {C:1}).
With this new config:
ws:// or wss:// -> ws://
http:// or https:// -> http://
I'am getting error "404 Not found" when i refresh any page in my Vue JS application hosted in Azure Web APP (IIS Server) except the default web page index.html
I'am already adding this rewrite configuration in my web.config according to VueJs offical docs :
<rule name="Handle History Mode and custom 404/500" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="/" />
</rule>
This is my web.conf file:
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Handle History Mode and custom 404/500" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="/" />
</rule>
<rule name="redirect all requests" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" pattern="" ignoreCase="false" />
</conditions>
<action type="Rewrite" url="index.html" appendQueryString="true" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
the `router.js` file have this conf :
const router = new VueRouter({
mode: 'history',
routes: [...]
})
Any idea to resolve that ?
Regards
EDIT :
Just ADD pm2 serve /home/site/wwwroot --no-daemon --spa , in
Azure Portal > App Service > Configuration > Application Setting
Azure APP Service based on Linux , don't need to use web.config
BR.
Since I came here from top google results, and kind of kicked of my journey to get results I want to post this here in hopes it will help someone in future.
I was trying to host my Vue#3 app on local IIS to test if things work before I exchange it in production.
I am actually rewriting Vue#2 app in Vue#3, and for Vue#2 following any of these 3 links would yield success:
https://gist.github.com/AngeloAnolin/6b19d22220b27a545e10f5fa672072fa
https://www.linkedin.com/pulse/hosting-vue-js-spa-build-microsoft-iis-zainul-zain
https://dnilvincent.com/blog/posts/host-vuejs-app-on-iis
However, in Vue#3 this is a bit of overkill and will throw http error 500.19 - internal server error. Changing content of web.config with following content would yield success:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Handle History Mode and custom 404/500" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="/" />
</rule>
</rules>
</rewrite>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
That's it basically. Good luck with everything :D
I have react application hosted on the Azure Webapp website on Linux. It Uses the kestrel as the web server. I want to add Security Headers to the webapp. But the Web.config file i added for this is not showing changes.
I tried the same by created the another web-app on the Azure Windows Webapp and updated the Web.config file as following as security headers gets added.
But in case of Azure Linux Webapp this file is not working.
Web.config file i am using.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<httpRuntime enableVersionHeader="false" />
</system.web>
<system.webServer>
<!-- START x-xss protection -->
<httpProtocol>
<customHeaders>
<!-- Protects against Clickjacking attacks. ref.: http://stackoverflow.com/a/22105445/1233379 -->
<add name="X-Frame-Options" value="SAMEORIGIN" />
<!-- Protects against Clickjacking attacks. ref.: https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet -->
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains"/>
<!-- Protects against XSS injections. ref.: https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers/ -->
<add name="X-XSS-Protection" value="1; mode=block" />
<!-- Protects against MIME-type confusion attack. ref.: https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers/ -->
<add name="X-Content-Type-Options" value="nosniff" />
<!-- CSP modern XSS directive-based defence, used since 2014. ref.: http://content-security-policy.com/ -->
<add name="Content-Security-Policy" value="default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;" />
<!-- Prevents from leaking referrer data over insecure connections. ref.: https://scotthelme.co.uk/a-new-security-header-referrer-policy/ -->
<add name="Referrer-Policy" value="strict-origin" />
<add name="Feature-Policy" value="accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'" />
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
<!-- END x-xss protection -->
<rewrite>
<rules>
<!-- BEGIN rule TAG FOR HTTPS REDIRECT -->
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
<!-- END rule TAG FOR HTTPS REDIRECT -->
</rules>
<outboundRules>
<rule name="Add Strict-Transport-Security only when using HTTPS" enabled="true">
<match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
<conditions>
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
</conditions>
<action type="Rewrite" value="max-age=31536000; includeSubdomains; preload" />
</rule>
<rule name="CSP">
<match serverVariable="RESPONSE_Content-Security-Policy" pattern=".*" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
On Linux WebApp you have to use .htaccess config, which is bit different than Web.config, but allows you to setup similar settings.
Web.config is used only in IIS/Windows based environments.
Hi I would like to find out how to url rewrite.
so when the user type http://test-qa or http://test-qa.domain.com then it will redirect https url: https://test.qa.domain.com
my IISBinding
http://test-qa
http://test-qa.domain.com
Here that i have so far.
<rewrite>
<rules>
<rule name="test" stopProcessing="true">
<match url="http://test-qa" />
<action type="Redirect" url="https://test.qa.domain.com" appendQueryString="false" />
</rule>
</rules>
</rewrite>
If you prefer wildcard and assuming you only have these two bindings
<rules>
<rule name="HTTP to HTTPS" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://test.qa.domain.com/{R:1}" redirectType="Temporary" />
</rule>
</rules>
I am attempting to configure a new Shibboleth based SP that will authenticate via my SAML iDP (Duo Access Gateway).
My Shibboleth SP is running behind an IIS-based reverse proxy that rewrites the URL's to the SP. The SP and Shibboleth itself are running on Apache on a Windows Server.
The issue with this configuration is that my SP (Shibboleth) believes it's running on, let's call it "sp.mycompany.com". However my iDP is delivering the assertion to the reverse proxy address "proxy.mycompany.com" which then rewrites the request to "sp.mycompany.com". This results in Sibboleth throwing the error "SAML message delivered with POST to incorrect server URL" to the user, and logging an error of "POST targeted at (https://proxy.mycompany.com/Shibboleth.sso/SAML2/POST), but delivered to (http://sp.mycompany.com/Shibboleth.sso/SAML2/POST)" in the Shibd log.
I've been searching but have only found fixes for this that apply to different situations than mine.
EDIT: Reverse Proxy Config Added Below
`<configuration>
<system.webS<rewrite>
<outboundRules>
<clear />
<rule name="Duo" enabled="true" stopProcessing="true">
<match filterByTags="None" pattern="^Shibboleth.sso/(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="https://proxy.mycompany.com/{R:0}" />
</rule>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1" enabled="true">
<match filterByTags="A, Form, Img" pattern="^http(s)?://sp.mycompany.com/(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
<action type="Rewrite" value="http{R:1}://proxy.mycompany.com/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
<rules>
<clear />
<rule name="Duo" enabled="true" stopProcessing="true">
<match url="^dag/(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="https://duo.mycompany.com/{R:0}" appendQueryString="true" logRewrittenUrl="true" />
</rule>
<rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="http://sp.mycompany.com/{R:1}" logRewrittenUrl="true" />
</rule>
</rules>
<rewriteMaps>
<rewriteMap name="test" />
</rewriteMaps>
</rewrite>
<httpRedirect enabled="false" destination="https://proxy.mycompany.com/dag" />
</system.webServer>
</configuration>`