We recently installed a web application under Tomcat 6 which is connected over the isapi redirector interface (see http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html) to an IIS 7 server. The connector works properly in every case, except for some pages in the web application that return a status 302, with a new location to redirect for.
The browser gets the 302 back and requests the new location, but the IIS web server does not forward the request to the Tomcat server and returns a 404 error instead, even though the uri worker map looks correct for me.
The corresponding uri worker rule is:
/WebClientServlet/*=worker1
and the location url of the new location looks like the following:
http://localhost/WebClientServlet/SBS/cmd:editContent2/workflow:false/articleSearch:false/confirmed:false/objectID:131294/---/fpse/db:test/objectID:131294/Copy+of+0001-Intranet+Home-main-ip+%28DE%29
I could solve the problem. The HTTP status code was actually a 404.11, which means (under IIS 7) that double escaped sequences are not allowed. There is a new feature introduced in IIS 7 called double escaped URL filtering. It is a default security filter, which denies to load any URL that contain double escaped sequences. In order to solve the problem, switch the feature off for the web site which is used to access the tomcat application over isapi-redirector. See more under http://www.iis.net/ConfigReference/system.webServer/security/requestFiltering.
Ditch the ISAPI redirector. Up until today it is what I have been using. Check out the Application Request Routing for IIS7. Here is a walk through on how to set it up. If you want to use host headers look here.
Related
I've recently tried moving an ASP.NET core 3.0 application from a windows server to a Linux server.
The application shares cookie authentication with another website so the cookie domain needs to be a wildcard to share across the sub-domains i.e. .example.com
This works fine on the Windows server the cookie domain for https://sub.example.com gets set as .example.com
However, when I login on the Linux server the cookie domain for some reason gets set with the sub-domain. For example for https://sub-test.example.com the cookie domain is .sub-test.example.com, which then won't be shared with https://sub.example.com, hence the problem.
I've checked the network tab in the browser and the set-cookie header has "domain=.sub-test.example.com", so I'm convinced it's a server side problem.
In Startup.cs, I have hard coded the domain wildcard I want, it just doesn't get honoured on Linux.
services.ConfigureApplicationCookie(opt =>
{
opt.Cookie.Domain = ".example.com";
}
Not sure what else I can try.
Sounds like an issue with a Reverse Proxy, which is probably overriding the settings you set there. Take a look at the this post: URL Rewrite keeps original host Location when reverse proxy 301 redirects
We have a Java/Jetty server. The servlets on this server are called by some of our internal applications over http.
I have been asked to create a webapp /website which will use many of these servlets / api.
However this is an external customer facing website and needs to be served over https / ssl. The servelet urls look like
http://internalServer:9999?parameters.
Now my webapp is ready and has been deployed on Apache on Debian. Everything works fine but as soon as I enable
https/ssl the backend calls do not go through. On chrome I get "Mixed content. Page was loaded on https but is requestig resource over http...". On Safari I get -could not load resource due to access control checks.
I understand the reasons for these errors but I would like to know ways to solve this.
I have full control over apache server and website code.
I have very limited control over internal jetty server and no control over servelt code.(don't want to mess with existing apps).
Is there something I can do just with apache configuration? can I use it as a reverse proxy for the Jetty(http) server?
Thanks for your help.
"Mixed content. Page was loaded on https but is requestig resource over http..."
That error message means your HTML has resources that are being requested over http://... specifically.
You'll need to fix your HTML (and any references in javascript and css) that request resources (or references resources) to also use https://....
If you try to call an http service from an https site you will have Mixed content error.
You can avoid that error using apache2 proxy settings inside your example.org.conf
You can find it inside the folder /apache2/sites-enabled
Add some code:
<VirtualHost *:443>
...
ProxyPass /service1 http://internalServer:9999
ProxyPassReverse /service1 http://internalServer:9999
</VirtuaHost>
From your https site you have to fetch the url
https://example.org/service1`
to reach the service.
In that way you can call your services http from a https site.
i have IHS 7 installed on an AIX system and its pointing to Application Server . now my requirement is if Application is not accessible or if we are working on the Application it self then whoever access the URL, it redirects to a custom page on the webserver that Application is under construction .
for example url is https://my.Application.com:8089/application if anyone hits this URL then this URL is redirected to custom URL on same webserver https://my.webserver
i have configured a proxy on IHS httpd.conf but it is not working
The good practice in such case is to create two config files and one maintenance page. When your app server do not work you should restart http server with config file which point to the maintenance page.
I have Integrated OneDrive with my web application, on my local machine
for testing I had used http://localhost:123/Web/xyz in redirect URL on Application Registration Portal and it worked fine, but now I have deployed ny application on local server for further testing before going live and wanted to update Redirect URL to http://abc-xyz:81/Web/example and it gives error "Your URL can't contain a query string or invalid special characters."
how can I fix this issue
That error message is unfortunate. The error here is likely that redirect URLs for non-localhost servers need to be HTTPS and it looks like you are using an HTTP URL.
They have restriction about setting new redirect urls, it must be either
match the DNS name of the existing
sub domain of exiting
see https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-limitations#restrictions-on-redirect-uris for more details
I am hoping you can help. I have 5 websites that run off the same .net code base and have different themes based on the url.
For example, http://site1.mydomain.co.uk is set up so that it does a http redirect to https://site1.mydomain.co.uk and I have the main SSL IIS entry as mydomain.co.uk with a wildcard SSL certificate and bindings for https://site1.mydomain.co.uk.
The issue I have though is when I put the http redirect on one of the other urls, all of them change to the last one entered. If that makes sense?
So, let's say I have just finished the site1.mydomain.co.uk entry and now move onto site2.mydomain.co.uk. I create the https://site2.mydomain.co.uk binding in the main mydomain.co.uk IIS record and then put a http redirect on http://site2.mydomain.co.uk so that it redirects to https://site2.mydomain.co.uk.
If I then go and check the previous record, site1.mydomain.co.uk the redirect has now changed to https://site2.mydomain.co.uk which is not what I wanted. Why is it doing this and how can I prevent this?
Is there any chance you're using the same folder in the filesystem for all 5 websites?
In IIS, the HTTP Redirect settings are stored in a web.config file in the folder you're serving from, so if you were serving all 5 sites from the same folder then they would all have the same settings, i.e. changing the settings for one of them would change it for all of them.
That being said, I strongly recommend that you use URL Rewrite to do http to https redirects. Doing the redirect in this way is compatible with having 5 sites served from the same folder. You can install it from here (WARNING: the install requires an iisreset, i.e. a brief downtime for your site): http://www.iis.net/downloads/microsoft/url-rewrite
After installing URL Rewrite, you can create a rule to do the redirect. Stack Overflow won't let me post the screenshot here, so I uploaded it to here: http://postimg.org/image/4s4vjajs3/cf4f5c08/
Also, if you're using a wildcard certificate, then doing the redirect in this way might remove your need for having 5 different websites.