Web Application Proxy 2012 R2 – HTTP to HTTPS redirect

This post applies to Microsoft Web Application Proxy 2012 R2. I recommend that you upgrade to Windows Server 2016 that provides a built-in function within the Web Application Proxy 2016 to perform HTTP to HTTPS direct. See more here

Updated post: This post has been updated 07/32/2017.
Original post: 25. December 2013 22.15

Performing HTTP to HTTPS redirect with Microsoft WAP
This article explains how to perform HTTP to HTTPS redirect for deployments of Microsoft Web Application Proxy v1.
The guidance within this article is only for companies that doesn’t use a layer 7 application firewall (with the ability to perform HTTP to HTTPS redirect). Most often these firewalls will be Citrix NetScaler, F5, Palo Alto Networks, Barracuda, Fortinet, etc. If your existing firewall support HTTP to HTTP redirect always use the firewall for the redirection.

Software Requirements:

  • Microsoft Internet Information Service
  • URL Rewrite

Configuring HTTP to HTTPS redirect

Install “Microsoft Internet Information Service” on the “Web Application Proxy” server. It may already be installed depend on the roles that have been added. Open “IIS Manager”.

Select the “Web server” and click the “Get New Web Web Application Platform”.

Click “Free Download” on the right.

Find the “URL Rewrite” module, click “Add” and then click “Install”.

Click “I Accept”.

Click “Finish”.

Close the “IIS Manager” and re-open the “IIS Manager”. Click “URL Rewrite”.

Click “Add Rule (s)…”

Click “Blank Rule”.

Type “HTTP to HTTPS” in the “Name” textbox and in the “Pattern” textbox type “(.*)”.

Navigate down to “Condition” and click “Add”.

In the “Condition input” textbox type “{HTTPS}” and under “Patterns” type “^OFF$”. Click “OK”.

Navigate down to “Action”.

Type “https://{HTTP_HOST}/{R:1}” and click “Apply”.

Testing the “HTTP to HTTPS” redirect functionality:
Try accessing your site using HTTP. You should see that the page will be automatically redirected to the HTTPS site. See the network trace below for more details.

Microsoft Windows 2012 R2 – Web Application Proxy support for HTTP
WAP doesn’t allow for applications to be published on port 80/HTTP. It will ONLY allow external connections to HTTPS. It will be possible to use the WAP in bridge mode from HTTPS to HTTP, if your internal applications isn’t configured for HTTPS internally.

IIS Application Request Routing
If you would like support for HTTP on your Web Application Proxy server you should consider using IIS Application Request Routing (ARR):
http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

You can download the IIS add-on here:
http://www.iis.net/downloads/microsoft/application-request-routing
For more information about the Web Application Proxy. See the TechNet overview page: http://technet.microsoft.com/en-us/library/dn280944.aspx

Leave a Reply