Web Application Proxy - HTTP to HTTPS redirect

This article explains how to perform HTTP to HTTPS redirect for deployments of Microsoft Web Application Proxy v1.

The guidance within this article is only for companies that doesn't use a layer 7 application firewall (with the ability to perform HTTP to HTTPS redirect). Most often these firewalls will be Citrix NetScaler, F5, Palo Alto Networks, Barracuda, Fortinet, etc. If your existing firewall support HTTP to HTTP redirect always use the firewall for the redirection.

Requirements:

  • Microsoft Internet Information Service
  • URL Rewrite

Configuring HTTP to HTTPS redirect

Install "Microsoft Internet Information Service" on the "Web Application Proxy" server. It may already be installed depend on the roles that have been added. Open "IIS Manager".

Select the "Web server" and click the "Get New Web Web Application Platform".

Click "Free Download" on the right.

Find the "URL Rewrite" module, click "Add" and then click "Install".

Click "I Accept".

Click "Finish".

Close the "IIS Manager" and re-open the "IIS Manager". Click "URL Rewrite".

Click "Add Rule (s)..."

Click "Blank Rule".

Type "HTTP to HTTPS" in the "Name" textbox and in the "Pattern" textbox type "(.*)".

Navigate down to "Condition" and click "Add".

In the "Condition input" textbox type "{HTTPS}" and under "Patterns" type "^OFF$". Click "OK".

Navigate down to "Action".

Type "https://{HTTP_HOST}/{R:1}" and click "Apply".

Testing the "HTTP to HTTPS" redirect functionality:

Try accessing your site using HTTP. You should see that the page will be automatically redirected to the HTTPS site. See the network trace below for more details. 

 

Microsoft Windows 2012 R2 - Web Application Proxy support for HTTP

WAP doesn't allow for applications to be published on port 80/HTTP. It will ONLY allow external connections to HTTPS. It will be possible to use the WAP in bridge mode from HTTPS to HTTP, if your internal applications isn't configured for HTTPS internally.

IIS Application Request Routing

If you would like support for HTTP on your Web Application Proxy server you should consider using IIS Application Request Routing (ARR):

http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

 

You can download the IIS add-on here:

http://www.iis.net/downloads/microsoft/application-request-routing

For more information about the Web Application Proxy. See the TechNet overview page: http://technet.microsoft.com/en-us/library/dn280944.aspx

 

 

Tags:

blog comments powered by Disqus