locked
Edge, Chrome Version 90 - Cookie Reverse Proxy Not Working RRS feed

  • Question

  • User460057122 posted

    My solution scheme: Client<-->HTTPS<-->Proxy Server<-->HTTP<-->Application Server

    Proxy Server is done by the IIS (version: 10.0.14393.0) on Windows Server. I have URL Rewrite module. The full setup works perflectly until version 90, on both Edge and Chorme browser. The problem manifests returning html code 502.3 - bad gateway on first POST request with cookie file (so just after creating a session and setup a cookie by server). The problem do not touch HTTP - application then works normally. The problem do not touch HTTPS when not using RevereseProxy but connecting directly to Application Server. The Problem do not touch HTTPS when cookie do not exist.

    The problem accours ONLY when using HTTPS on version 90 of Edge and Chrome and when cookie file exist on client side. So I believe the problem is related to SSL unloading, but I do not undestand how, and why. I'm missing probably some headers configuration, but I do not know what exactly, or maybe there is problem somewhere in URL Rewirte rule. Any help will be apriciate.

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
        <system.webServer>
            <rewrite>
                <rules>
                    <rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
                        <match url="(.*)" />
                        <action type="Rewrite" url="http://127.0.0.1:8080/ksuytr5/{R:1}" appendQueryString="true" />
                        <conditions>
                        </conditions>
                    </rule>
                </rules>
                <outboundRules>
                    <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1" enabled="true">
                        <match filterByTags="A, Base, Form, Frame, Head, Img, Input, Link, Script" pattern="^http(s)?://127.0.0.1:8080/ksuytr5/(.*)" />
                        <action type="Rewrite" value="http{R:1}://poland.company.net/{R:2}" />
                    </rule>
                    <preConditions>
                        <preCondition name="ResponseIsHtml1">
                            <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                        </preCondition>
                    </preConditions>
                </outboundRules>
            </rewrite>
        </system.webServer>
    </configuration>

    Here difference between version 89 and 90 in response, the same web app resource. In version 90, the request is not forworded, the IIS answer right away. Link to picture: https://drive.google.com/file/d/1zfJbER_Gxbj-pUExo6JaTCeTBfv7jTjG/view?usp=sharing

    Link to request tracing log: https://drive.google.com/file/d/1wnM91v1MS6bEooNmCOju2oNgZZId_SD_/view?usp=sharing

    Sunday, April 18, 2021 8:24 PM

All replies

  • User1065476709 posted

    Hi Dawid_Szczecin,

    The problem manifests returning html code 502.3 - bad gateway on first POST request with cookie file (so just after creating a session and setup a cookie by server).

    You can refer to this link about how to troubleshoot 502 Errors in ARR.

    https://docs.microsoft.com/en-us/iis/extensions/troubleshooting-application-request-routing/troubleshooting-502-errors-in-arr.

    Best regards,

    Sam

    Monday, April 19, 2021 9:42 AM
  • User460057122 posted

    Thanks for answer. It helps me to understand I have strange timeout but IIS repond imidiatly after request, so still means nothing:( Why the browser version change the behavior of IIS ? That's strange. It's connected maybe with request headers somehow. When In the request header is 'cookie' or 'from' then IIS respond imidiately 502.3 error. When for example those headers are not in the headers IIS forwards request to application server and all is ok. I will add that I'm using XMLHttpRequest.

    Wednesday, April 21, 2021 5:57 AM
  • User1065476709 posted

    Hi Dawid_Szczecin,

    Why the browser version change the behavior of IIS ? That's strange. It's connected maybe with request headers somehow. When In the request header is 'cookie' or 'from' then IIS respond imidiately 502.3 error.

    This is impossible, the client does not have the right to modify the content of the server.

    Best regards,

    Sam

    Wednesday, April 21, 2021 8:11 AM
  • User460057122 posted

    I can fully agree "This is impossible" but anyway the bahavior of client could maybe influence how the IIS proxy treat the requests. The problem described here accours when no development has been done on server, only client browser version change. 

    I develop simple test page, and simple response on application serwer to debug the problem. 

    <!DOCTYPE html> 
    <html>
      <head>
        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
        <title>XHR Test</title>
      </head>
      <body>
       <button>Send XHR main_msg</button>
       <button>Create a cookie</button>
       <button>delete cookie</button>
       <div id='log'></div>
      </body>
      <script>
    /*TIMESTAMP***********************************************************************************************************/
    function actual_timestamp()
    {
    var d = new Date();
    return d.getFullYear()+'-'+('0'+(d.getMonth()+1)).substring(('0'+(d.getMonth()+1)).length-2)+'-'+('0'+d.getDate()).substring(('0'+d.getDate()).length-2)+' '+('0'+d.getHours()).substring(('0'+d.getHours()).length-2)+':'+('0'+d.getMinutes()).substring(('0'+d.getMinutes()).length-2)+':'+('0'+d.getSeconds()).substring(('0'+d.getSeconds()).length-2);
    }
    /*POST FUNCTION*******************************************************************************************************/
    function communicate(url,requester_id,post_data) 
    {
    var request = new XMLHttpRequest();
    let key = sessionStorage.getItem('key');
    request.open('POST',url, true);
    request.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
    request.timeout = 45000;
    request.ontimeout = function(){console.log('timeout');alert('Server timeout');location.reload();}
    request.onerror = function(){console.log('Error');alert('Server error');location.reload();}
    request.onload = function()
    {
      if (request.status >= 200 && request.status < 400) 
      {
        document.getElementById('log').innerHTML+=actual_timestamp()+' '+request.responseText+'<br>';
      }
    }
    request.send(post_data);
    }
    /*BUTTONS***********************************************************************************************************/
      document.getElementsByTagName('button')[0].addEventListener('click',function(){
          document.getElementById('log').innerHTML+=actual_timestamp()+' Request Send<br>';
          setTimeout(function() {
            communicate('./main_msg','main','');
          }, 500);
      });
      document.getElementsByTagName('button')[1].addEventListener('click',function(){
          document.getElementById('log').innerHTML+=actual_timestamp()+' Cookie set client side<br>';
          document.cookie = "ID=123;path=/;";
      });
      document.getElementsByTagName('button')[2].addEventListener('click',function(){
          document.getElementById('log').innerHTML+=actual_timestamp()+' Clear cookie<br>';
          document.cookie.split(';').forEach(function(c) {
            document.cookie = c.trim().split('=')[0] + '=;' + 'expires=Thu, 01 Jan 1970 00:00:00 UTC;';
          });
      });
    /********************************************************************************************************************/
      </script>
    </html>

    The application server response is simple JSON text with empty 2D array. When cookie do not exist in the request, proxy forwards the request to application. When cookie exist on client side, the proxy do not forwards anything (no request logged on application server) IIS just reponse imidiately with 502.3.

    Wednesday, April 21, 2021 11:01 AM
  • User1065476709 posted

    Hi Dawid_Szczecin,

    The application server response is simple JSON text with empty 2D array. When cookie do not exist in the request, proxy forwards the request to application. When cookie exist on client side, the proxy do not forwards anything (no request logged on application server) IIS just reponse imidiately with 502.3.

    Can you provide a detailed screenshot of the 502.3 error? Or you can refer to this link to troubleshoot 502.3.

    Troubleshooting 502 Errors in ARR.

    Best regards,

    Sam

    Thursday, April 22, 2021 8:54 AM
  • User460057122 posted

    Sorry for long response (I shall be more focus to respond quickly), but I spent last days for finding "workaround" solution to keep application up and running for clients. The response is:

    502 - Web server received an invalid response while acting as a gateway or proxy server.
    There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.

    If anybody still read this, please remember that this error accurs only when COOKIE is in the request header, when it's not in the request header then the request is passed properly to application server. Finally application server shows that no request reach it when cookie is in the request header, so IIS respond to the client but do not ask application server. Error Tracking log is in the first post.

     <EventData>
      <Data Name="ContextId">{80000631-0001-EE00-B63F-84710C7967BB}</Data>
      <Data Name="ModuleName">ApplicationRequestRouting</Data>
      <Data Name="Notification">128</Data>
      <Data Name="HttpStatus">502</Data>
      <Data Name="HttpReason">Bad Gateway</Data>
      <Data Name="HttpSubStatus">3</Data>
      <Data Name="ErrorCode">2147954552</Data>
      <Data Name="ConfigExceptionInfo"></Data>
     </EventData>

    Monday, April 26, 2021 8:09 AM
  • User702935273 posted

    Very often cookies stop working because the user visits a large number of sites in a day. I had a similar situation when I needed to write an essay on the environment and I found a great website, but it only loaded the topics, but the essays themselves did not load. I cleaned the cookies and reloaded my browser and eventually everything worked. All the essays loaded.

    Monday, April 26, 2021 2:58 PM
  • User460057122 posted

    Very often cookies stop working because the user visits a large number of sites in a day. I had a similar situation when I needed to write an essay on the environment and I found a great website, but it only loaded the topics, but the essays themselves did not load. I cleaned the cookies and reloaded my browser and eventually everything worked. All the essays loaded.

    I can agree that this could be the case sometimes, but then eventually sometimes it will work for some users. In my case it's not working for all users (around 500 users). Anyway already tested, cookies in browsers cleaned, all security options tested, nothing helps. Thank you for answer.

    Friday, April 30, 2021 11:43 AM