Set up IIS as forward proxy for HTTPS requests

https ssl proxy iis

Is it possible to set up IIS as a forward proxy for HTTPS requests?

My use case is this: I have some process running locally on the IIS machine which is able to make HTTP calls, but not HTTPS calls. I would like to set up IIS so that I can send a HTTP request to it (on localhost) and IIS would then forward the request as a HTTPS request to the real URL (using some sort of mapping based on the original URL).

Like this:

myprogram on server1 <-> http <-> IIS on server1 <-> https <-> server2

Is this possible? This link (http://www.iis.net/learn/extensions/configuring-application-request-routing-(arr)/creating-a-forward-proxy-using-application-request-routing) says "Note that ARR processes only HTTP traffic, not other protocols. ARR does not support the HTTP CONNECT verb, and as a result, does not support forwarding HTTPS traffic." but maybe there are other ways of achieving this on IIS?


This is actually quite easy and a case for SSL offloading.

  1. Install Application Request Routing (ARR) and URL Rewrite with the Web Plattform Installer, restart your IIS Manager.

  2. Now you should see a Server Farms entry in the IIS manager tree. If you have Server 1 with the IP 192.168.1.1 as HTTP and Server 2 with the IP 192.168.1.2 as exposed HTTPS Endpoint , you just setup a Server Farm, add Server 1 to it (by IP or local DNS name, Server 2 must be able to resolve the name of Server 1). Do not add Server 2 to the webfarm. It will ask you to allow automatic creation of a Rewrite Rule to properly forward the requests.*

  3. Create a standard website which has the SSL Binding to Server 2 (potentially with an SNI hostname, if you have more than one site hosting on the IIS).

  4. Then, click on the Server itself (in IIS Manager) and go into the "URL Rewrite" Module. There you will find the new Rewrite Module called something like ARR_[ServerFarm]_Loadbalance. Double click on the rule, and under Conditions, add {HTTPS} (Input) which matches the pattern on (Pattern).

Under Action, you select Action Type Route to Server Farm and set your Action Properties to Scheme: http://, Server farm: [YourServerFarmName] and leave the path untouched. You can then also tick Stop processing of subsequent rules if that is not ticked already.

*NOTE: If you have already other websites running on this server (possibly with SNI), you should also add another condition in the rewrite rule to only forward to the server farm, if the corresponding URL is queried. The condition is {HTTP_HOST} matches the pattern yoururl.com.

Hope that helps.

Related

How to hash based on host + path in Varnish?
How does Docker work as far as being able to edit Apache config files and similar stuff?
Nginx point subdirectory to root
5 seconds for hostname -f and a strange DNS request
Why is my VM created in GCE asia-east1 is getting a US IP address?
Root-causing vastly different performance on iozone O_SYNC benchmark for two HDD manufacturers
Make Yum recognize that httpd24-httpd (from SCL) provides the webserver virtual package
Extend Dovecot/Postfix setup with Calendar/Contact Sync
How to monitor docker container restarting behavior?
Check if RHEL certs have been updated
WinRM-Service is running but can't be reached
SSH works with expired Kerberos Password