IIS7的应用程序请求路由HTTPS [英] IIS7 Application Request Routing HTTPS
问题描述
我有一个反向代理的流量路由到我的应用程序的服务器。
I have a reverse proxy that routes traffic to my app server..
我已经登录我的,它通过HTTPS提供公共网站的功能。该SSL证书安装在只有反向代理服务器。我的应用程序服务器没有SSL证书。 SSL卸载是在反向代理服务器上启用。
I have login feature on my public website that is served through HTTPS. The SSL certificates are installed in the reverse proxy server only. My app server doesn't have SSL certificate. SSL Offloading is enabled in the reverse proxy server.
这完美的作品,到目前为止,我可以通过HTTPS访问登录页面和会员专区。但是,我发现我的会话cookie是不安全的......
This works perfectly so far, I can access the login page and the member area via HTTPS. But, I notice that my session cookie is not secure...
我使用.NET成员资格提供程序进行验证,这将产生的 ASPXAUTH 会话cookie,你都知道。我试图启用的HttpOnly和安全标志这个cookie方式:
I'm using .NET Membership Provider for authentication and this will generate ASPXAUTH session cookie as you all know. I tried to enable the httponly and secure flag for this cookie by:
- 添加requiressl =真窗体身份验证变量在web.config
- 添加的HttpCookie变量,仅Http和requiressl =真。
第一个设置总是给我502错误,当我尝试登录。 502 - Web服务器收到无效的响应,同时作为网关或代理服务器
The first setting always gave me 502 error when I tried to login. 502 - Web server received an invalid response while acting as a gateway or proxy server.
第二个设置给了我的HttpOnly标志,但没有安全标志(I禁用此测试时先设置)。
The second setting gave me the httponly flag but not the secure flag (I disabled the first setting when testing this).
如何解决this..some问题:
How to solve this..some questions:
- 请我需要在所有服务器上安装SSL,包括我的应用程序的服务器?
- 有什么解决方法吗?
请指教。
P.S。
我使用的是IIS 7.5(反向代理)
I'm using IIS 7.5 (Reverse Proxy)
应用程序请求路由(反向代理)
Application Request Routing (Reverse Proxy)
IIS UrlRewrite模块(反向代理)
IIS UrlRewrite Module (Reverse Proxy)
IIS 8(应用服务器)
IIS 8 (app server)
推荐答案
某些应用程序进行编程,以检测是否正在使用HTTPS,并且由于实际的Web服务器处理您卸载启用了HTTP请求时,它会觉得请求是不安全的,往往最终在重定向循环。
Some applications are programmed to detect whether or not you are using HTTPS and since the actual web server is handling an HTTP request with your offloading enabled, it will think the request is not secure and often end up in a redirect loop.
您可以通过每个内容服务器和禁用SSL卸载关于建立一个单一的通配符证书解决这个问题。
You can fix this by setting up a single wildcard certificate on each content server and disable ssl offloading.
[ARR01 - SSL证书] - [ARR02 - SSL证书] LT; - 游客将看到此SSL证书在其浏览器
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | - - | - | - | - | - |
[Content01 - 通配符SSL证书] - [Content02 - 通配符SSL证书]< - 该证书仍然是隐藏的,因此可以是共享单个通配符证书
[ARR01 - ssl certificate] - [ARR02 - ssl certificate] <-- Visitors will see this SSL Certificate in their browser
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
[Content01 - wildcard ssl certificate] - [Content02 - wildcard ssl certificate] <-- This certificate remains hidden and thus can be a shared single wildcard cert.
这篇关于IIS7的应用程序请求路由HTTPS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
