azure gateway https backend pool and htaccess redirect loop

Question

I have the htaccess rewrite rule:

RewriteCond %{HTTP_HOST}: ^(?:www\.)?samplesite\.net
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

on two azure vm running IIS. I have an application gateway sitting in front that has a backend Https pool with the server certs of the two azure vms.

I have a multi-site https listener on the gateway listening for https traffic to the gateway with the specific URI www.samplesite.net. There is an attached rule that uses the backendHttps pool.

The VMs host multiple sites and I only want to redirect HTTP to HTTPS for this one site. I have the private key for www.samplesite.net on Azure gateway for the listener.

If I point directly at any VM I am successfully redirected to HTTPS. If I point at the gateway I receive a too many redirect error.

If I do not rewrite on the server I can go directly to HTTPS or HTTP with no issue via the gateway.

Why am I getting this redirect if I have end to end encryption?

Edit: In relation to using gateway rules to redirect traffic:

Rules are processed in the order they are listed, and traffic is directed using the first rule that matches regardless of specificity. For example, if you have a rule using a basic listener and a rule using a multi-site listener both on the same port, the rule with the multi-site listener must be listed before the rule with the basic listener in order for the multi-site rule to function as expected.

Edit2: If anyone is interested I had to do this:

RewriteCond %{HTTP_HOST}: ^(?:www\.)?samplesite\.net
RewriteCond %{HTTP_X_FORWARDED_PROTO} ^http$
RewriteRule ^(.*)$ https://www.samplesite.net%{REQUEST_URI} [L,R=302]

As an alternative to the htaccess rule, you can set up the rule attached to the http listener to redirect to the https listener. That way the redirect gets handled at the app gateway instead of the vm. — Jason P, May 29 '18 at 01:53
in order to help you better could you share error code or message. — Zahid Faroq, May 29 '18 at 04:43
@Jason P sorry. I should have also mentioned I tried redirect on the portal. The redirect rule wasn't triggered. I have read that these are executed based on order in the portal. Unfortunately there are more broad rules already in place that I would have to delete. Deleting the other rules and listeners would break other sites already in place. At least until I could add them again. Also, each time I want another specific site to redirect to Https I would have to delete the broad rules and re add them after the multi site domain specific rules. — MByrne, May 29 '18 at 06:12

score 0 · Answer 1 · answered May 29 '18 at 13:39

I had to check the header forwarded from the gateway

> RewriteCond %{HTTP_HOST}: ^(?:www\.)?samplesite\.net 
> RewriteCond %{HTTP_X_FORWARDED_PROTO} ^http$ 
> RewriteRule ^(.*)$ https://www.samplesite.net%{REQUEST_URI} [L,R=302]

https://www.helicontech.com/isapi_rewrite/doc/examples.htm https://stackoverflow.com/a/41512717/7889282

https://sitecoreblog.marklowe.ch/2017/01/using-ip-geolocation-and-ssl-on-azure/

azure gateway https backend pool and htaccess redirect loop

1 Answers1