I have a WFP app which is connecting to a back end system through a WCF 4.0 interface using wsHttpBinding. The WCF service is behind an F5 load balancer.
My app works in development (no F5 load balancer), but when i deploy to production, it doesn't work. My F5 load balancer currently only has 1 real web server behind it.
This is a question which is commonly asked, but my specific detail question is the following:
In my scenario, the connection between client and load balancer uses wsHttpBinding, but the connection between the load balancer and the web server uses basic binding. Could this be a cause of the load balancer problem?
I'm not sure what you mean by "basic binding". The F5 should simply redirect the request to the web service without changing the content. The only case where F5 might be a change the message is if you're using HTTPS offloading, where the client and LB talk over SSL, but the connection between the LB and the web service is HTTP or kerberos.
I suspect you've got a F5 setup problem. The way to test this would be to create a simple HTML page and publish with IIS on your web server. Then try to access that page from a browser on the client side of the load balancer. If you see the page, you know F5 redirecting the request properly. If not, you have LB setup issue.
After that, try typing the URL of the web service into a browser and see if you get the WSDL page. If you see the web page over the browser, but don't see the WSDL page, then you know you have a setup problem with your web service.
You can also set up Fiddler on your web server and check the messages coming in to see if there's a difference in the content when you connect to the web service locally versus connecting over F5.
Related
I have a WCF services hosted on IIS on one of our windows 2019 server and it is working properly. Now as per our new architecture we should not expose this service to outside directly. Like if any user tries to hit my WCF service from outside (via internet) it should not directly hit my server to get the response rather the request should first come to DMZ zone windows server and from this DMZ server I need to route to our actual windows server where my wcf service is hosted.
To achieve this I tried with IIS URL Rewrite on my DMZ server. If request comes from outside it will first hit the DMZ server IIS and from there I am using URL rewrite to route the service to my actual server where the services are hosted. But this approach is not working I am getting 404 and 502 errors. Below is the Inbound rule screenshot.
How can I achieve this WCF service routing from one windows server to another windows server?
1)Install Application Request Routing feature.
2)Open iis-> Application Request Routing -> server proxy setting-> enable proxy
3)Add below code in the web.config file:
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
4)Open iis, select site(which has public binding)
5)Double click URL Rewrite.
6)Using the “Add Rule(s)…” template that is opened from the right-hand actions pane, create a new Reverse Proxy rule.
7)In reverse proxy template add an internal server or site IP or server name.
You can choose whether to perform SSL Offloading or not. If you leave this checked then all requests to the internal server will be over HTTP regardless of the original web request. This can help with performance and SSL bindings if all requests are within a trusted network. If the network path between the two web servers is not completely trusted and safe then uncheck this.
Next, enable Outbound rules. You can enter your friendly public URL for the outbound rule.
Click ok to save the rule.
You could refer to the below link for more detail:
https://weblogs.asp.net/owscott/creating-a-reverse-proxy-with-url-rewrite-for-iis
WCF using Reverse proxy
I have an existing web application hosted in Tomcat which is listening for a HTTP POST.
However for security reasons requests to the web application have to be transported across the network as HTTPS.
I cannot change the web application.
So I want to receive a HTTPS POST, decrypt it and pass it on to the web application as a HTTP POST.
I also need to pass back to the sender response codes etc.
I have been told that I can do this using Apache configured as a "reverse proxy".
But I am not an expert at Apache or Tomcat and before I investigate this option I wanted to be sure I was going down the right path.
i.e.
Schematic
So to the Remote Server application everything looks like it happens over HTTPS.
And to my local Tomcat web application everything looks like it happens over HTTP.
Is this doable and correct ?
Do I need to use Apache or could I do it all in Tomcat ?
Is this what is called "url rewriting" ?
This is more than just "redirection" ?
Thanks,
Brett
I have an application that sends a request to a web service. Unfortunately the application is compiled and the link to the web service is embedded in the application as http. (Yes I know how dumb that is, I didn't write it)
Recently, the 3rd party company is no longer allowing http requests, everything must be https.
The application runs as a webapp on Tomcat. The server is a windows server.
Is there a way to intercept the call to this web service and force it to use https?
As you can't change the application's source code (as it is compiled), and you can't change the web service (as it is 3rd party) either, the only way to solve this problem is making a proxy between the application and web service. To do that, you need to (assume the proxy is running in localhost):
As the web service URL is embedded into the compiled application, in order to let application send HTTP request to our proxy, hosts mapping need to change (e.g. /etc/hosts) to override DNS. For example, if the HTTP request in application is GET http://example.com/api/sample, in /etc/hosts, example.com need to be mapped to 127.0.0.1.
Make a proxy web server in localhost and open the same port as the web service. This proxy is a very simple web server (any backend programming tech can do it), it is only responsible for request-forwarding. In this way, when application send HTTP request to example.com, it sends the request to the proxy server.
After receiving HTTP request from application, the proxy server extract the request URL/header/body and send HTTPS request to example.com's real IP address. Please note: in this HTTPS request, a header host whose value is example.com should be added. 3rd party web service may check this header.
After the real response is returned from example.com, proxy will return it to the application.
Of course, you can also use reverse engineering (Java Decompiler) to get the application's "source code", change the web service URL and then compile again to a webapp. However, as the application may need to update/upgrade and it is may not under your control, this reverse engineering method is not recommended.
You could use a proxy script. Write it in any server-side language you want, for example PHP, set the API URL to this script, the script does the https request for you and pass the results back to your app.
You could also use Apache itself as the proxy and use something like: Apache config: how to proxypass http requests to https
Assume I’m running a website ( on IIS7 ) listening for requests on port 8000. Now this website contains only static content ( ie html files ). So when I browse to URL http://localhost:8000, browser displays website’s default html page. But if I’m also running a self-hosting WCF service listening for requests on URL http://localhost: 8000 ( this WCF service isn’t hosted by IIS ), then browser instead displays data about WCF service:
a) Don’t know much about TCP/IP, but as far as I know only one application at a time can listen on particular IP and port, but here both the website and WCF service are able to listen on the same IP address and port number. How is that possible?
b) When I enter a local url ( say http://localhost:8000 ) into browser, doesn’t browser request a page via IIS? If so, then why does it display details of a WCF service and not a website’s default page? Afterall, this WCF service isn’t even hosted by IIS.
Thank you
It is true that normally, only a single process can listen on a specific socket. However, work was done in Windows to support this specifically for HTTP listeners, specifically with the introduction of HTTP.SYS in IIS 6.0.
Basically, with this it is the kernel that actually listens for the HTTP requests and then the connection is routed to one of multiple listener processes in user-land.
The WCF HTTP listeners for self-hosting rely on HTTP.sys as well, so they can share ports with IIS if needed (or across multiple self-hosted WCF services).
I'm developing a windows sidebar gadget that calls out to a wcf service via a javascript xmlhttprequest. If you stop the iis site hosting the service, shouldn't all calls to that service from the client return a 404 or something similar? The gadget and wcf service are running on separate machines. When I stop the iis site hosting the service and then drag the gadget from the gallery on to the sidebar, It is still populating correctly with data returned from the web service. However pasting the url for the service method into the browser correctly returns a 404. I must be missing something here.
I'm trying to reproduce a scenario where the gadget cannot reach the service so that I can test my xmlhttprequest error listener code.
Any suggestions are appreciated.
Is it using cached results from a previous request?