Inhaltsverzeichnis

4.4 IIS Redirection

Configuration for non-Gateway traffic.

IIS Binding

IIS listens on port 8443 (internal, not public): 

# Change IIS Site Binding
Import-Module WebAdministration
Set-WebBinding -Name "Default Web Site" -BindingInformation "*:8443:" -PropertyName Port -Value 8443

Proxy Rule

All non-Gateway requests are forwarded to IIS: 

{
  "Match": {
    "Default": true
  },
  "Target": {
    "Type": "Http",
    "Url": "http://127.0.0.1:8443",
    "PreserveHostHeader": true,
    "ForwardClientCertificate": true
  }
}

Header Forwarding

{
  "ForwardHeaders": {
    "X-Forwarded-For": true,
    "X-Forwarded-Proto": true,
    "X-Client-Cert": true,
    "X-Client-Cert-DN": true
  }
}

Security

IIS should only be reachable from localhost: 

<!-- web.config -->
<security>
  <ipSecurity allowUnlisted="false">
    <add ipAddress="127.0.0.1" allowed="true"/>
  </ipSecurity>
</security>