IIS 7 Reverse Proxy based on domain name host?

domain-name-system iis-7 reverse-proxy

Solution 1:

Since you're relying on the domain name rather than IP (which is easier in this situation), here's the most straight forward way of doing this:

  • make sure that your outside-facing server has bindings for the 3 sites based on the host header (website1.mydomain.com, etc). You can leave the IP address as (All unassigned). You probably have this done already. -- Basically what I mean is to add a binding to the first site that is "website1.mydomain.com", and to the other two sites in a similar way. Here's a walkthrough on bindings.

  • create 2 Web Farms in ARR on the ARR server. One to internalserver and the other to internalserver2. Use the primary IPs of those servers. You can setup 3 different Web Farms if you want unique health checks for each website. It's ok that two of them point to the same server. -- Steps: Create a new Server Farm called InternalServer and add a single server to it, which is "internalserver". Then create another Server Farm called InternalServer2, and add just "internalserver2" to it.

  • on the last step of the wizard when creating the site, when it asks if you want ARR to create a rule for you, only say 'yes' the first time. Take note of the rule that it creates so that you can learn from it. Then delete it. You want to manage your own rules. -- I'll explain the rules in the next step.
  • you should then set 3 URL Rewrite rules at the global level (IIS Server node, not the website node). URL = .*, use a condition with {HTTP_HOST} for your domain name, and the action should route to the corresponding webfarm. -- Here's an intro to URL rewrite. Follow those steps and enter a rule like the one below:

Example URL Rewrite:

<rule name="site1" patternSyntax="ECMAScript" stopProcessing="true">
  <match url=".*" />
  <conditions logicalGrouping="MatchAll">
    <add input="{HTTP_HOST}" pattern="^website1\.mydomain\.com$" />
  </conditions>
  <action type="Rewrite" url="http://InternalServer1/{R:0}" />
</rule>

Solution 2:

If you are using a SonicWALL, you can do this:

  1. Create a Network>Address Object of the FQDN type on the WAN.
  2. Add a Network>NAT Policy to translate that Address Object to the internal web server.
  3. Add the rule under Firewall>Access Rules to allow HTTP traffic in to each server.

If you use a different firewall, see if you can do something similar with yours.

Related

Does Active Directory on Server 2003 R2 support IPv6 subnets in Sites and Services?
Recommendations for handling Directory Harvesting spam on Exchange 2003
ErrorDocument when using Apache as reverse-proxy
Should SPF records provided by ISPs contain "all" at the end?
How do I monitor redundant power supplies on a Dell server?
Image fingerprint to compare similarity of many images
With a 500GB SSD and a 250GB SSD is it possible to mirror a 250GB partition on the 500GB with the 250GB SSD using ZFS?
how can i disable outbound mail in postfix?
What is a recommended way to patch the Shellshock Bash bug on an unsupported Ubuntu server?
KVM guests lose connectivity after networking restart
Restricting SSH login by IP address on Debian
Network monitoring tool for FreeBSD [closed]