Redirect HTTP to HTTPS using Web Adaptor

4910
13
Jump to solution
10-29-2017 09:17 AM
MikeSchonlau
Occasional Contributor II

I may be missing something in the documentation, but I cannot figure out how to redirect requests over port 80 to automatically redirect to my https-configured web adaptor. I can currently get to https://domain/webadaptor/rest, but do not get redirected to that url when going to http://domain/webadaptor/rest. I've tried setting up a rule in IIS with URL Rewrite, but no dice. Any advice on how to set this up? I am probably missing something obvious here because it seems like almost any organization would want this to happen. Users can't be expected to type in http:// everytime.

Thank in advance

Mike

Tags (2)
0 Kudos
1 Solution

Accepted Solutions
MichaelRobb
Regular Contributor II

This has nothing to do with the web adaptor but everything with IIS.  Also, you can still use Web adaptors when using NLB appliances.

Either you need an external appliance to redirect (e.g. F5, KEMP, Citrix etc) 

or you install and configure URL Rewrite.

I can only suspect that the url rewrite rule applied to the IIS application (in this case, the Web adaptor) was incorrectly configured OR my other suspiciton is that you are unaware that installing the web adaptor,choosing 443 will change some IIS settings which the URL redirect may not work under.

Lets make sure your redirect (using URL Rewrite) is setup first..

using IIS 8.5

type in the http link to the web adaptor..  get a 403.

go to IIS   

you will have already installed the urlrewrite either on its own or using the web platform installer.  

e.g. 

Here you can see 3.21 (JSAPI) and the arcgis web adaptor

You can create the new inbound rule to the site so that all child applications will get the redirect.

Add rules

Add a blank inbound rule

Name it, Redirects to HTTPS

pattern:  (.*)

Add a condition

Condition input is {HTTPS}

Pattern:  ^OFF$

Press OK

Go to ACTION pulldown panel

Action Type: Redirect

Redirect URL: https://{HTTP_HOST}/{R:1}

Redirect Type: See Other (303)

Click on APPLY

Verify the changes were successful

IIS will now look like so:

Lets refresh our default page.

yes... redirects.

try a JSAPI under 3.21

yes.. redirects

Try the web adaptor...

In your case, i 'suspect' that it will not work...

go to the SSL settings for the web adaptor:

If Require SSL is checked... uncheck it.  

Make sure to apply and verify successful

*** what i have found is that when installing the web adaptor, choosing port 443 auto checks a setting interfering with the URL Redirect.

Now try your web adaptor link... (not even http just machine name...(or http)

and you should now get redirected to HTTPS

Of course, next step is to get a valid cert.... 

View solution in original post

13 Replies
JonathanQuinn
Esri Frequent Contributor

Have you taken a look at the Disable http access to ArcGIS Server section of the doc?

0 Kudos
MikeSchonlau
Occasional Contributor II

Yes. That was the first thing I did in my process. I've configured ArcGIS Server many times before, but I typically use an AWS load balancer instead of the web adaptor. I can successfully connect to https://<my domain>/arcgis/rest, but when going to http://<my domain>/arcgis/rest, I see the error below:

Http web adaptor error

Maybe I have something configured incorrectly in IIS? I have bindings for 80 and 443, with 443 using an SSL cert for <my domain>.

0 Kudos
MichaelRobb
Regular Contributor II

This has nothing to do with the web adaptor but everything with IIS.  Also, you can still use Web adaptors when using NLB appliances.

Either you need an external appliance to redirect (e.g. F5, KEMP, Citrix etc) 

or you install and configure URL Rewrite.

I can only suspect that the url rewrite rule applied to the IIS application (in this case, the Web adaptor) was incorrectly configured OR my other suspiciton is that you are unaware that installing the web adaptor,choosing 443 will change some IIS settings which the URL redirect may not work under.

Lets make sure your redirect (using URL Rewrite) is setup first..

using IIS 8.5

type in the http link to the web adaptor..  get a 403.

go to IIS   

you will have already installed the urlrewrite either on its own or using the web platform installer.  

e.g. 

Here you can see 3.21 (JSAPI) and the arcgis web adaptor

You can create the new inbound rule to the site so that all child applications will get the redirect.

Add rules

Add a blank inbound rule

Name it, Redirects to HTTPS

pattern:  (.*)

Add a condition

Condition input is {HTTPS}

Pattern:  ^OFF$

Press OK

Go to ACTION pulldown panel

Action Type: Redirect

Redirect URL: https://{HTTP_HOST}/{R:1}

Redirect Type: See Other (303)

Click on APPLY

Verify the changes were successful

IIS will now look like so:

Lets refresh our default page.

yes... redirects.

try a JSAPI under 3.21

yes.. redirects

Try the web adaptor...

In your case, i 'suspect' that it will not work...

go to the SSL settings for the web adaptor:

If Require SSL is checked... uncheck it.  

Make sure to apply and verify successful

*** what i have found is that when installing the web adaptor, choosing port 443 auto checks a setting interfering with the URL Redirect.

Now try your web adaptor link... (not even http just machine name...(or http)

and you should now get redirected to HTTPS

Of course, next step is to get a valid cert.... 

MikeSchonlau
Occasional Contributor II

Thank you for the detailed instructions, Michael. I actually already had my URL Rewrite rule set this way and did not have SSL settings checked. The redirect is working on the server now, but not from the outside. I will have to check with the IT folks to see if they are blocking 80, 443, 6080, or 6443 outside of the network.

0 Kudos
MichaelRobb
Regular Contributor II

Hi Michael,  

Its good to have all the steps to help with troubleshooting.

Regarding the outside traffic.  You would hit the web adaptor, which is port 443.  

Port 6080 and 6443 is only between ArcGIS Server (AGS) and the machine with the web adaptor.  you are saying this works on the server.

Is it possible that there are additional hardware, traffic manipulation occuring with the incoming traffic?

It sounds like you are one step closer.

0 Kudos
MikeSchonlau
Occasional Contributor II

Resolved. The IT folks were blocking something at the firewall. It's purring like a kitten now! Thanks for your help

0 Kudos
MichaelRobb
Regular Contributor II

them pesky network IT guys... 

What specifically was being blocked?  I am now curious how that could be broken becuase its only 443 going out.

0 Kudos
MikeSchonlau
Occasional Contributor II

Not sure. They must have been blocking 443 because it worked on the server itself. Thanks for all of your help.

0 Kudos
JonathanQuinn
Esri Frequent Contributor

I just went through the instructions in the link below and it seems to work:

Redirect from HTTP to HTTPS using the IIS URL Rewrite module – Damian Wiese 

Have you taken a look at that?

0 Kudos