Quantcast
Channel: Application Request Routing (ARR)
Viewing all 739 articles
Browse latest View live

ARR & SSL Off Loading

September 7, 2015, 1:12 pm
$
0
0

Hello all, 

I have been looking for a solution to my issue for a long time now, but for some reason I am just not able to make ARR work how it is required for our application. 

This is how my test environment looks,

Website Request (SSL) --> Hardware Load-balancer --> ARR Node 1 or Node 2 --> application server node 1 or node 2 --> File & SQL Server

Basically, I need to be able to have SSL terminate at the ARR Server, If possible I do not want to be installing the SSL certificates and bindings on the application servers. I just need to be able to modify everything on the ARR servers.

I have tested the configuration with just HTTP traffic which worked perfectly fine.

  1. Where do I have to install the SSL Certificates? (Currently installed on all servers, can I remove it from application nodes?)
  2. Do I need to create Site Bindings on the ARR Servers and Application Servers? (This is not off-loading SSL)
  3. Internal traffic between ARR and Application Node does not need to be HTTPS

This will be used to host multiple websites, and the it will be configured to use PAT not NAT. (Port Address Translation)

My Current Routing Rule has "Use URL Rewrite to inspect incoming requests" and "Enable SSL Offloading" enabled. The routing Rule is set to Wildcard with * and action to "Route to Server Farm" 

Search

Reason phrase / status description pass-through

September 15, 2014, 2:14 pm
$
0
0

I've been running ARR for a while and have recently developed an api that relies heavily on the HTTP Reason Phrase / Status Description for error message handling.

It looks as though ARR strips the reason phrase however and replaces it with IIS standard. Is there any way to make ARR pass on the reason phrase that the content server sets?

E.g. if I GET an api url directly then I get the new reason phrase I set. It might be 

HTTP/1.1 200 HERE IT IS

But if I request that same resource through ARR it gets replaced with the standard

HTTP/1.1 200 OK

WEB SERVER Health Monitoring in ARR

September 27, 2015, 5:40 am
$
0
0

Hi all. Trying to configure ARR health test for looking some "response string is absent" on testing page.

And found that there is no option to configure such testing, just "response match string" option

We are using smart test pages with with couple XML blocks output, every XML block on the page checking something else in the system

I'd like to configure ARR health check to look if an error returned on page and to take server down

Please Help with Idea with no rewrhite test pages

It could be nice to add this health check option in next version of ARR

ARR not passing HTTPS traffic

September 28, 2015, 4:22 pm
$
0
0

I am new to Application Request Routing.  I have configured a dedicated ARR server to pass traffic to other web servers.  I can pass HTTP traffic fine, but when I try to pass HTTPs traffic, I receive an error stating ERR_Connection_Reset in Chrome.  I have configured URL rewrite for {HTTPS} Matches the Patter on, and HTTP_Host.  I have it routed to the Server Farm.  I do not have SSL offloading checked.  I am sure I am missing something as I would greatly appreciate any help I can get.  thanks.

Proxying with Client Certificate

September 28, 2015, 1:34 am
$
0
0

Is it possible to attach a client certificate to all requests proxied through ARR?

I understand how ARR can take the client certificate from a request and turn it into a header. But in this case there will be no client certificate from the user. The important thing is instead to secure communication between ARR and the backend server.

I noticed that IIS Configuration Editor has some client cert settings at the app host level, but I couldn't find any information on these:

  • clientCertFileName
  • clientCertHash
  • clientCertPassword

Does anyone know what these do and how to use them? Random experimentation doesn't seem to be getting me anywhere.

ARR as reverse proxy alongside existing web site

September 29, 2015, 11:28 pm
$
0
0

I have an existing web server serving content from the default site over http and https, and I want to use the same server to act as a reverse proxy that terminates SSL for another web server. In my limited experience so far, ARR takes over my existing web site, which I don't want. I am using ARR 3.0.1 on Windows 2012 R2. I have a wildcard certificate that can be used for both the web site and ARR reverse proxy, though it would be great to figure out how to use different certificates. Is this possible?

IBM WebSphere

September 29, 2015, 5:39 pm
$
0
0

I am trying to setup IIS ARR and point it to a internal website hosted using IBM Websphere.

Example:

Server 1 - Windows 2012 R2 running IIS ARR          https://mydomain.com

Server 2 - IBM iSeries running IBM Websphere       https://MyWebAPP.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&catalogId=15678&storeId=15410

Server 1 will be in the DMZ as the web front end to point to server 2 which is only on the internal LAN. I have setup the same scenario with a internally hosted JBOSS application server and it worked perfectly. I am having trouble setting up the rewrite rules and was wondering if it's possible to accomplish this using IBM WebSphere?

Thanks,

Shannon

How to configure Pingaccess & PingFederate URL through ARR.

October 1, 2015, 7:42 am
$
0
0

I have one application which I want to route through ARR, but the problem is that the application change it’s URL when I hit the first one.

 

Forex- I am hitting “ a.com” from normal browser without ARR, it immediately redirect to the “b.com:9031” & b.com displays the login page of the application. Here “b.com:9031” displays the login page only when it get the request from “a.com” . And after login ong b:com:9031" it again redirect to "a.com"with my webpage.both are two different application hosted on different server, it is apache base application.

 

Now I want to redirect “a.com” through ARR & the request first will go to “a.com” site & it should shows the login page to end user which “b.com:9031 is giving & after login it shoud again show me the webpage with "a.com"is showing.

Note- there is no web page on "a.com" it just a virtual host which sending the request to 'b.com:9031" & get the web page again on "a.com"

 

Is it possible? If it is possible then How I can achieve this scenario. 

Thanks,

Kundan

Search

IIS rewrite overwrites Cache Control HTTP header

June 5, 2015, 7:03 am
$
0
0

We have a IIS 7.5 Web project that acts as a reverse proxy for different versions of another Web project. It uses Application Request Routing for rewriting. Recently we found out that the cache-control HTTP response header is modified in this proxy. E.g. the real web application sends a no-cache header but the proxy response is private. This leads to problems in the frontend (it's a shop system and the response should not be cached e.g. basket counts).

I setup this minimal working example to show the problem. Create an empty Web project called ProxyHeaderExample with a local IIS Web Server and Project URL http://localhost/ProxyHeaderExample

 in the Web.config paste

<configuration><system.webServer><rewrite><rules><!-- proxy all request  --><rule name="Proxy" enabled="true" stopProcessing="true"><match url="(.*)" /><conditions /><action type="Rewrite" url="https://twitter.com/{R:1}" /></rule></rules></rewrite></system.webServer></configuration>

Internally the requests are rewritten to twitter (just for example because they use a no-cache header - replace this with a host of your choice that uses no-cache). So if you request e.g.http://localhost/ProxyHeaderExample/inetsrv/ it is proxied to https://twitter.com/inetsrv (the twitter account of IIS). Now you can compare the cache-control HTTP header of the real response and the proxy response (using your browsers development console).

Is there a way to prevent this? I always want to keep the original header value.

18. view trace Warning -REWRITE_DISABLED_KERNEL_CACHE

October 5, 2015, 8:09 am
$
0
0

Hi Team,

I trying to configure ARR for my Exchange servers for Exchange active sync. I have created the ARR server farms to point to my exchange CAS servers. When try to access URL I am able to access the Active sync sites and outlook web access fine. When I check the FailedReqLogfiles it shows the warning message 18. view trace  Warning  -REWRITE_DISABLED_KERNEL_CACHE .

The Active sync request seems to be working fine. I don't know whether i need ignore this warning message or I need to action on this. If yes then please let me know how to fix this warning.

Thanks in Advance

Regards

sanjivram

 

Response buffer threshold problem in ARR version 3.0.1952

October 6, 2015, 11:02 am
$
0
0

Hello,

I have configured two ARR proxy server with different version and they behave differently.

The problem is with streaming video. When I use proxy with ARR version 3.0.1750 and set the "Response buffer threshold" to 0 everything is working fine. The video is streaming immediately to the client and video controls (play, pause, forward, etc.) are working.

If I use the second server, with same config, but with ARR version 3.0.1952 I must set the "Response buffer threshold" to as much as video file size or bigger to be able to use the video player controls. Of course in that case I must wait for the proxy to download the video before starting streaming to the client. If I set the Response buffer threshold to 0 (or any size lower that the video size) the file is streaming but the video controls are not working. I cannot play,pause or forward the video.

I tested this behaviour in a newly installed virtual machine with the default settings and the result is same as above. Are there any setting or dependencies  in the new version that should be taken into account?

Thank you in advance!

restrict abc.company.com but allows abc.company.com/api

October 15, 2015, 1:47 pm

What is the difference between "Response buffer (KB)" and "Response buffer threshold (KB)" in the ARR proxy settings?

October 21, 2015, 5:27 pm
$
0
0

See title. What is the difference between these two configurations? The titles would make it seem that the first configuration is for the initial buffer size and the second is for the maximum buffer size, but that interpretation doesn't make sense given that
you can set the first to be greater than the second.

I ask because I have not been able to serve files that are >1MB in size through the proxy unless the response buffer threshold setting is high enough. I am wondering what the difference is.

Pass Group information to application

October 27, 2015, 5:33 am
$
0
0

Hi all,

We use ARR as reverse proxy to authenticated users belonging to various Windows Domain Groups. We would now like to pass the group information to the application in order to decide what content should be delivered back. Is this possible with the ARR 3.0.

Thx in advance,

Frank 

Two Sites on IIS Reverse Proxy - IP Preference Allocation Outbound Traffic Issue

October 27, 2015, 10:24 am
$
0
0

I have two sites setup on IIS/ARR Server for Reverse Proxying external Users through DMZ to Internal hosted IIS sites.  Each site has a unique IP Address/SSL certificate binding and firewall configured for allowing traffic on these IPs.  While Inbound traffic is seen to be coming from the correct IP Address assigned to the Site outbound traffic is showing source address as the the first IP Address bound to IIS/ARR Server NIC and not the IP Address bound to the IIS/ARR Site?

How can I configure this to use the IP bound to the Reverse Proxy Site? 

Search

2GB limit download size on proxy ARR IIS 7.5

April 27, 2015, 6:37 am
$
0
0

Hello,

   I found a limit up to 2GB when I want to download a file across the proxy IIS 7.5 on windows 2008 R2. When I try to download it, instantly I have this message :

502 - Web server received an invalid response while acting as a gateway or proxy server.

It work fine with a file up to 1.9GB.

May be a limit to increase but i don't find it. Somebody can help me ?

SignalR and LongPolling fails

November 4, 2015, 4:59 am
$
0
0

I use SignalR and it works fine so far. However, whenever my connection falls back to long polling it doesn't work anymore. The request to/poll and /reconnect afterwards fail with net::ERR_CONNECTION_RESET. Anything I could try?

This only happens as long as the traffic is routed via an IIS proxy (using ARR). If I connect directly to my self-hosted SignalR server everything works as expected.


If I check in Chrome a (failed) request times out after 10.00 seconds. Do I have to change this timeout somewhere?

If I enable detailed tracing I get:

SignalR error: Error: Long polling request failed

The client tries a few times and then stops:

SignalR error: Error: Couldn't reconnect within the configured timeout of 30000 ms, disconnecting.

If I check *Failed Request Tracing* in IIS I see the following warning:

MODULE_SET_RESPONSE_ERROR_STATUS
Warning ModuleName="RewriteModule",
Notification="SEND_RESPONSE", HttpStatus="500", HttpReason="URL
Rewrite Module Error.", HttpSubStatus="52", ErrorCode="The data is
invalid. (0x8007000d)", ConfigExceptionInfo=""

ARR URl Rewrite is not working for external servers

July 23, 2013, 1:39 pm
$
0
0

We are trying to setup a reverse proxy mechanism using ARR and URL Rewrite. The rewriting is working fine when the target url is a one which is hosted in the same server. But when we try to route it to an external server the routing is now working. We are getting the

HTTP Error 502.3 - Bad Gateway
	The operation timed out

	Module ApplicationRequestRouting
	Notification ExecuteRequestHandler
	Handler ApplicationRequestRoutingHandler
	Error Code 0x80072ee2
	Requested URL http://localhost:8882/ff
	Physical Path D:\pocwebsites\exposed\ff
	Logon Method Anonymous
	Logon User Anonymous


	•The CGI application did not return a valid set of HTTP errors.
	•A server acting as a proxy or gateway was unable to process the request due to an error in a parent gateway.

	•Use DebugDiag to troubleshoot the CGI application.
	•Determine if a proxy or gateway is responsible for this error.



Please find the web.config file given below,

<?xml version="1.0" encoding="UTF-8"?><configuration><system.webServer><rewrite><rules><rule name="or_rule_1" enabled="true"><match url=".*" /><action type="Rewrite" url="http://www.cnn.com" /></rule></rules></rewrite></system.webServer></configuration>



Redirecting traffic and SSO headers to Tomcat

November 3, 2015, 11:56 am
$
0
0

I'm working on a project, having a webapp (java/jsp) running on tomcat, and we need to implement SSO on top of it.

In order to get SSO on top of the webapp, I had to bypass the traffic from IIS to tomcat using a simple rule in ARR (*/webapp* then rewrite to localhost:8080/webapp/). The SSO has 3 main folders which I created them some rules not to pass traffic  to anywhere. The problem that after the other team implemented the SSO, I'm unable to get the HTTP headers sent to right end. And Honestly I suspect my URL Rewrite Rules, please take a look and let me know what I'm doing wrong there. When the user is trying to use his/her credentials, a 400.0 is shwoing.

SSO has 3 folders (Folder1, Folder2 and Folder3), rules are (All using wildcards):

  • Pattern */Folder1* -> Action Type None (Stop Processing subsequent rules is checked)
  • Same rules for the other two Folders
  • Tomcat Rule: Pattern */webapp* -> Action Type Rewrite to localhost:8080/webapp (Only Stop Processing box is checked)

I know it is not easy to figure out what is wrong here, but I need some suggestions if my rules were wrong.

Thank you

ARR no loadbalance Http traffic on error 50x with Windows Authentication

November 4, 2015, 12:00 pm
$
0
0

We have a rich client, using http request, made with .Net 4.0 / Wcf

The http request use authentication like Basic (LDAP) or Windows (NTLM and Kerberos).

With a ARR and for example 2 IIS in farm, when one of the IIS is on error (error returning 50X), the ARR marks the IIS as Unhealthy but the traffic is always sent to the bad IIS !!!

In fact, we think that a socket in established to ensure the Windows authentication, and this socket is not reset reset when only an error type 50X done ! On other error like Stop the IIS Service, the AppPool, the ARR see correctly it and the loadballacing is OK.

This case occurs only when the application use Windows authentication, not with other type like Basic !!!

Microsoft support not seeing any solution, it directs us to debug our WCF Development :(

An explanation ?

Viewing all 739 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>