locked
Trying to Rewrite/Redirect HTTPS to HTTP RRS feed

  • Question

  • User-2020927132 posted

    I am trying to set up single sign-on applications on Microsoft Azure, which point to our internal servers/services. One of the requirements is that the URLs of the applications have to be HTTPS. The problem is that many of our applications do not have HTTPS enabled.

    At this point in time, we are not able to enable HTTPS for our internal sites, so we are looking to see if we can rewrite/redirect HTTPS to HTTP.

    For example:

    We have an application that is accessed via a URL like http://finance.company.com.

    We would then create the application in Azure using https://finance.company.com

    We have a Reverse Proxy Server (IIS) installed on Windows Server 2012 R2 with ARR. This server is currently used to load balance our application URLs to the server farms.

    Is it possible to use our Reverse Proxy Server to rewrite (or redirect?) the URL from HTTPS to HTTP?

    Thanks.

    Thursday, June 30, 2016 7:02 PM

Answers

  • User1278090636 posted

    Hi,

    Yes, you can redirect request from https to http, please take following rule code as reference.

    <rule name="Redirect https to http" stopProcessing="true">
        <match url="(.*)" />
        <conditions>
            <add input="{HTTPS}" pattern="ON" />
            <add input="{HTTP_HOST}" pattern="finance.company.com"/>
        </conditions>
        <action type="Redirect" url="http://{HTTP_HOST}/{R:0}" />
    </rule>

    Best Regards,

    Jean

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Friday, July 1, 2016 2:19 AM

All replies

  • User1278090636 posted

    Hi,

    Yes, you can redirect request from https to http, please take following rule code as reference.

    <rule name="Redirect https to http" stopProcessing="true">
        <match url="(.*)" />
        <conditions>
            <add input="{HTTPS}" pattern="ON" />
            <add input="{HTTP_HOST}" pattern="finance.company.com"/>
        </conditions>
        <action type="Redirect" url="http://{HTTP_HOST}/{R:0}" />
    </rule>

    Best Regards,

    Jean

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Friday, July 1, 2016 2:19 AM
  • User-2020927132 posted

    Hi Jean,

    Thanks for your reply.

    Will this work if the site does not have any HTTPS binding?  i.e. https;//finance.company.com does not exist, only http://finance.company.com does.

    I've seen this from another posting:

    “when IIS processes a request and hands off to the site, if https isn't bound to the server, then the request will drop off, you'll need A) a https binding b) or a site with a https binding to handle the redirect.”

    Does that mean that I need a server somewhere that supports HTTPS?  Can it be a difference server from the application server (i.e. the one that hosts finance.company.com)?  Can it be the server that is performing as the Reverse Proxy?

    Thanks,

    Donovan

    Monday, July 4, 2016 4:25 PM
  • User-2064283741 posted

    You can create a https (and http) site on the ARR and then send the request to the http for the webserver.

    When you terminate at this stage it is often called SSL offloading. And is a fairly common practice especially when you have web farms you are passing the requets too.

    Tuesday, July 5, 2016 12:13 AM
  • User1278090636 posted

    Hi,

    Does that mean that I need a server somewhere that supports HTTPS?  Can it be a difference server from the application server (i.e. the one that hosts finance.company.com)?  Can it be the server that is performing as the Reverse Proxy?

    Yes, you need a server somewhere that binding with https://finance.company.com .

    It can be a different sever from the application server and reverse proxy server.

    Best Regards,

    Jean

    Tuesday, July 5, 2016 3:14 AM
  • User-2020927132 posted

    Sorry, I'm not very familiar with IIS and ARR, so I have more questions.

    We are not looking to use SSL at all, we just want to rewrite the URL.  The applications we have are accessed via http to the hostname (e.g. http://server1.company.com), and we want to redirect the URL https://server1.company.com to it, so we don't have to enable SSL on the site/application.

    Do we need a certificate for server1.company.com in order to do this?  If so, can we do this with a self-signed certificate, or would that generate warnings in the browser?  These sites are only for internal client access.

    Thanks.

    Tuesday, July 5, 2016 7:49 PM
  • User1278090636 posted

    Hi,

    Do we need a certificate for server1.company.com in order to do this?  If so, can we do this with a self-signed certificate, or would that generate warnings in the browser?  These sites are only for internal client access.

    Yes, you need a certificate to add a https binding.

    Yes, you can use a self-signed certificate.

    You can set it to Ignore Client Certificate in the SSL Settings.

    Best Regards,

    Jean 

    Wednesday, July 6, 2016 6:19 AM