Reverse Proxy? For devices(without internet access), in a LAN with an IIS(that has internet) + SSL external website

1

I am facing a situation where I have a LAN network, composed of multiples devices that have access to the LAN but not internet and within the LAN there is a computer with IIS 7 that has access to the internet.

Now, I need to access an external website from the devices that do not have internet but have access to the IIS machine. So I figured that I could create a Reverse Proxy with the IIS server, however I don't have much information or knowledge about how to accomplish that so I installed the URL Rewrite and ARR modules.

My questions here are:

  • Will my devices be able to access an external internet website if they query the IIS Reverse Proxy with a matching patterns?(ex: device => IIS => website => return response to IIS => return response to device)

  • How to create a pattern to access a resource path of a REST API for exemple: http://localiis/1 => http://external/1 (where 1 is a dynamic value passed when querying the local IIS), how to accomplish that?

  • How to deal with the fact that an external internet website require https SSL?

  • Really, is a reverse-proxy what i need? Is it a good solution?

I am lost and would greatly appreciate any help from the community!

SlashJ

Posted 2015-06-24T22:17:29.357

Reputation: 11

Question was closed 2015-07-01T00:36:46.143

Does the IIS server have multiple nics or do you use separate vlans/firewall rules? – Abraxas – 2015-06-24T22:21:22.547

Hi and thanks for the reply. Its a simple wifi LAN where there is an IIS 7 server with internet(connected to the LAN with WIFI but connected to internet with an RJ45), and some devices without internet, that are connected to the LAN with WIFI. – SlashJ – 2015-06-24T22:27:22.823

Answers

0

I would use a forward proxy running on the system that has Internet access. Analogx provides free proxy server software at Proxy. I've used it in the past in situations similar to the one you describe and found it simple to set up. I've included the description for the program from the developer's website:

Do you have several machines on a network, but only one connection to the internet? Wish you could browse the net from the other machines, just like you can from the machine that's connected? Then what you're looking for is called a Proxy Server, and AnalogX has just what you want. AnalogX Proxy is a small and simple server that allows any other machine on your local network to route its requests through a central machine. So what does that mean in English? Simple, run Proxy on the machine with the internet connection, configure the other machines to use a proxy (it's very easy, there's a detailed description in the readme), and voila! You're surfing the web from any other machine on your network! Supports HTTP (web), HTTPS (secure web), POP3 (receive mail), SMTP (send mail), NNTP (newsgroups), FTP (file transfer), and Socks4/4a and partial Socks5 (no UDP) protocols!

Once it is installed and operational, you can then configure the browsers on the systems without Internet access to use the proxy server. See Checking Microsoft Windows proxy server settings for the steps to configure proxy server support in Internet Explorer 11, which changes the system-wide proxy server settings, so any other browser software that uses the system-wide proxy server settings rather than using browser-specific settings will also then use the proxy server. Put the IP address of the system running the proxy server software in the HTTP and Secure (to use HTTPS) fields in the Proxy Settings window and specify the port on which you have the proxy server software listening in the port fields for both.

Google Chrome uses the system-wide proxy server settings, but you can change those settings in Chrome by following the steps at Checking the proxy server settings with Google Chrome on a Windows system. Firefox has its own specific settings, which you can set for both HTTP and HTTPS by specifying the HTTP and SSL proxy server settings, which in your case would both be the IP address for the proxy server on the system with Internet access. Firefox can also be configured to use the system-wide proxy server settings by selecting "Use system proxy settings". You can view and configure its proxy server configuration by using the Alt-T key combination in Firefox to bring up the Tools menu then selecting Options, then Settings under the Network tab to see the Connection Settings.

A forward proxy server is suited for the scenario you are describing. I haven't tried this myself, but you can find instructions at Creating a Forward Proxy Using Application Request Routing on "how to use the Application Request Routing (ARR) and URL Rewrite features of Internet Information Services (IIS) to implement a forward proxy server." The steps, without the images provided at that link are as follows, if ARR and URL Rewrite are already installed:

  1. Open Internet Information Services (IIS) Manager.
  2. In the Connections pane, select the server.
  3. In the server pane, double-click Application Request Routing Cache.
  4. In the Actions pane, click Server Proxy Settings.
  5. On the Application Request Routing page, select Enable proxy.
  6. In the Actions pane, click Apply. This enables ARR as a proxy at the server level.
  7. To start the process of turning ARR into a forward proxy, click on the server node in the Connections pane.
  8. In the server pane, double-click URL Rewrite.
  9. In the Actions pane, click Add Rule(s).
  10. In the Add Rule dialog box, double-click Blank Rule.
  11. In the Edit Inbound Rule dialog box, enter "Forward Proxy" for Name. In the Match URL area, enter the following:
    • Using: Wildcards
    • Pattern: *
  12. Scroll down to the Conditions area of the Edit Inbound Rule dialog box, and then click Add….
  13. In the Add Condition dialog box, select or enter the following:
    • Condition Input: {HTTP_HOST}
    • Type: Matches the Pattern
    • Pattern: *
  14. Scroll down to the Action area of the Edit Inbound Rule dialog box, and then enter the following:
    • Action Type: Rewrite
    • Rewrite URL: http://{C:1}/{R:0}
  15. In the Actions pane, click Apply. Note: This rule enables HTTP messages to pass through the forward proxy. HTTPS (443) messages are not supported on this forward proxy because ARR does not support HTTP CONNECT.
  16. Configure the proxy settings as appropriate in your applications, browsers, etc.

moonpoint

Posted 2015-06-24T22:17:29.357

Reputation: 4 432

Thanks for the reply, and great suggestion, however i wish i could do it but i can't. :( i have access to the IIS settings, but i can't install any software or anything beside URL Rewrite/ARR, so do you know what are my options from there? – SlashJ – 2015-06-25T01:14:53.660

I've updated my answer with instructions on using ARR and URL Rewrite, though I haven't yet tried the instructions myself. Hopefully, they will solve your problem. – moonpoint – 2015-06-25T01:28:19.047

Thanks again for the reply! Actually i was looking at Forward Proxy feature of IIS, however it doesnt seem to support HTTP Connect, so it render it useless considering that the external website is HTTPS. – SlashJ – 2015-06-25T01:53:28.463

Asked: 2015-06-24T22:17:29.357

Viewed: 1 538 times

Active: 2015-06-25T02:01:22.267