6

I have an IIS server that is hosting a number of sites and apis. These sites include Confluence and Jira instances. These products actually run their own web servers so the Application Request Routing and Url Rewrite modules are being used to reverse proxy incoming requests to documents.example.com and jira.example.com to localhost:8080 and localhost:8090 - where the confluence and jira instances are running.

Now I am trying to setup a reverse proxy to a small simple-storage-server (s3) api (minio) - that is hosted on localhost:9000 - but the s3 protocol requires that the host header is part of its Message Authentication Codes.

However, when Application Request Routing reroutes a request following a URL Rewrite rule it also rewrites the host header to reflect the new destination header.

This can be disabled by setting system.webServer.proxy:preserveHostHeaders but only in ApplicationHost.config as ARR runs at the server, not the site level.

So now I have a conundrum:

If I set this setting, then the REST APIs that use host header in their MAC can function, but Confluence and Jira as their supported reverse proxy configuration expects rewritten host headers.

For reference, this sets enables host headers to be preserved

%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/proxy -preserveHostHeader:true /commit:apphost
Chris Becke
  • 171
  • 1
  • 1
  • 6

2 Answers2

3

I'm struggling with the same problem. I have a solution I don't like (and I bet you won't like it either), but it does work.

If you enable preserveHostHeaders, you can then add outbound URL Rewrite rules to remap all the cases when you do want to replace host headers.

Michael Donnelly
  • 33
0

When not activating preserveHostHeaders, I am unable to rewrite the host header for the proxied sites needing the original host.

But as stated by this answer, it is possible to do the opposite, activate preserveHostHeaders then rewrite the host header but for proxied sites requiring to keep their actual host. But that is not done through an outbound rule.

It is done through a server variable rewrite on the reverse proxy rule, as shown in this StackOverflow answer to another question on the subject.

So, a reverse proxy done for a site requiring to not have the original host preserved should be configured like this:

<rule name="rewrite-without-preserved-host" stopProcessing="true">
  <match url="^(.*)" />
  <action type="Rewrite" url="http://some.example.com/{R:1}" />
  <serverVariables>
    <set name="HTTP_HOST" value="some.example.com" />
  </serverVariables>
</rule>

(Do not forget to allow setting HTTP_HOST in allowed server variable, in URL Rewrite configuration.)

The reverse proxies which have to preserve the host should not try to set the HTTP_HOST variable and should leave it to ARR through its preserveHostHeaders setting, enabled.

<rule name="rewrite-with-preserved-host" stopProcessing="true">
  <match url="^(.*)" />
  <action type="Rewrite" url="http://other.example.com/{R:1}" />
</rule>

See also this other related StackOverflow question and answers if need be.

Frédéric
  • 129