IIS 7 Reverse Proxy based on domain name host?

Solution 1:

Since you're relying on the domain name rather than IP (which is easier in this situation), here's the most straight forward way of doing this:

  • make sure that your outside-facing server has bindings for the 3 sites based on the host header (website1.mydomain.com, etc). You can leave the IP address as (All unassigned). You probably have this done already. -- Basically what I mean is to add a binding to the first site that is "website1.mydomain.com", and to the other two sites in a similar way. Here's a walkthrough on bindings.

  • create 2 Web Farms in ARR on the ARR server. One to internalserver and the other to internalserver2. Use the primary IPs of those servers. You can setup 3 different Web Farms if you want unique health checks for each website. It's ok that two of them point to the same server. -- Steps: Create a new Server Farm called InternalServer and add a single server to it, which is "internalserver". Then create another Server Farm called InternalServer2, and add just "internalserver2" to it.

  • on the last step of the wizard when creating the site, when it asks if you want ARR to create a rule for you, only say 'yes' the first time. Take note of the rule that it creates so that you can learn from it. Then delete it. You want to manage your own rules. -- I'll explain the rules in the next step.
  • you should then set 3 URL Rewrite rules at the global level (IIS Server node, not the website node). URL = .*, use a condition with {HTTP_HOST} for your domain name, and the action should route to the corresponding webfarm. -- Here's an intro to URL rewrite. Follow those steps and enter a rule like the one below:

Example URL Rewrite:

<rule name="site1" patternSyntax="ECMAScript" stopProcessing="true">
  <match url=".*" />
  <conditions logicalGrouping="MatchAll">
    <add input="{HTTP_HOST}" pattern="^website1\.mydomain\.com$" />
  </conditions>
  <action type="Rewrite" url="http://InternalServer1/{R:0}" />
</rule>

Solution 2:

If you are using a SonicWALL, you can do this:

  1. Create a Network>Address Object of the FQDN type on the WAN.
  2. Add a Network>NAT Policy to translate that Address Object to the internal web server.
  3. Add the rule under Firewall>Access Rules to allow HTTP traffic in to each server.

If you use a different firewall, see if you can do something similar with yours.