Using Azure Web Site as a reverse proxy

IIS has been supporting reverse proxy configuration since URL Rewrite and Application Request Routing modules were released a few years ago. It is possible to configure an IIS hosted web site to act as a reverse proxy and forward web request to other URL’s based on the incoming request URL path. This is described in details in Reverse Proxy with URL Rewrite v2 and Application Request Routing.

Not too many people know however that the same kind of configuration can be achieved with a web site hosted in Azure Web Sites. This blog post explains the configurations steps to enable that.

For example if I want to forward all the requests that come to http://ruslany.net/proxy/ to some other URL I’ll need to do two things:

  1. Enable proxy functionality in ARR
  2. Add a proxy rewrite rule

Any site hosted in Azure Web Sites has URL Rewrite and ARR enabled. However the proxy functionality is disabled by default in ARR. To enable that we will use the Azure Site Extension XDT transform which will modify the applicationHost.config file for our site and will enable proxy features.

This is the xdt transform file content to enable proxy:

<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="false"
reverseRewriteHostInResponseHeaders="false" />
</system.webServer>
</configuration>

Create a file named applicationHost.xdt and copy paste this code in there. Then upload this file into the “site” directory of your web site:

After that restart your site for the change to take effect.

Next add the following rewrite rule:

<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Proxy" stopProcessing="true">
<match url="^proxy/?(.*)" />
<action type="Rewrite" url="http://www.iis.net/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

For the purposes of this example I configured proxy to forward all requests to http://www.iis.net/ but you can replace it with the target url of your site.  Now if I browse to http://ruslany.net/proxy/ the url rewrite rule will rewrite the request to a different url and then ARR will forward the request (notice the URL in the browser window. It is still my domain name which confirms that this not an HTTP redirect).

This functionality enables some interesting use cases. For example I could have two separate azure web sites ruslany-forum.azurewebsites.net and ruslany-blog.azurewebsites.net that can appear as if they are under same hostname but in different subfolders, e.g. http://ruslany.net/blog/ and http://ruslany.net/forum/.

Update:

Thanks to Bill Harts who discovered one additional important configuration step that is required if your site also uses ASP.NET MVC. When MVC is enabled on the web site used as a proxy then the MVC Router intercepts all the requests so they are not processed by ARR. So instead of request being forwarded to a destination server you get HTTP 404 – File Not Found error.

In order to fix this you’ll need to exclude the proxy route from the MVC routes by adding the following code to you MVC application:

routes.IgnoreRoute("proxy/{*pathInfo}");

31,228 views

ruslany on May 16th 2014 in URLRewrite, WAWS

PoorFairAverageGoodExcellent (5 votes, average: 4.20 out of 5)

15 Responses to “Using Azure Web Site as a reverse proxy”

  1. Gravatar ImageBob responded on 18 May 2014 at 8:38 am #

    Wow, this is super helpful.
    Before your post, there’s NO any official post mention about ARR on azure. Cannot believe it. Without ARR , even in memory cache will hit its bottleneck for session id sync and lookup. Now we feel easy to build up new website on Azure!

  2. Gravatar ImageRich Schoenrock responded on 29 May 2014 at 7:58 am #

    Do you know if Cloud Services have ARR and URL Rewrite enabled by default as well? Or is it just Web Sites?

  3. Gravatar ImageRich Schoenrock responded on 11 Jun 2014 at 12:43 pm #

    In case anyone else is wondering, you must manually enable ARR for Microsoft Azure Cloud Services. :)

  4. Gravatar ImageBill Harts responded on 17 Jun 2014 at 12:35 pm #

    Ruslan,

    Thanks for writing this. I’m not able to get it working yet. Questions:

    1. You wrote, “Next add the following rewrite rule:” but you didn’t say which file to add it to, is it web.config or applicationHost.xdt? And what directory it should be in?

    2. Is there some way to debug the rules? I’m seeing a cryptic error message in the eventlog.xml file (see below) but it doesn’t really tell me much. Can I enable more detailed logging on Azure that will tell me if the rules are being matched?

    Thanks,
    Bill

  5. Gravatar Imageruslany responded on 17 Jun 2014 at 12:47 pm #

    Hi Bill,

    Yes, the rule should be added to web.config file. As with regards to mode detailed logging – the best way to check how the rewrite rules were applied is to enable Failed Request Tracing for the web site.

  6. Gravatar ImageBill Harts responded on 18 Jun 2014 at 9:37 am #

    Thanks again, Ruslan. I’m still not getting it to work.

    I have followed your instructions exactly, adding the http://www.iis.net rewrite rule to my web.config and enabling via applicationHost.xdt. When I submit an URL with /proxy on it, the URL Rewrite logic detects it, rewrites it correctly to http://www.iis.net, but when the ApplicationRequestRouting module runs it gives an ARR_WEBFARM_NOT_ROUTED message and changes the URL back to the original /proxy. This then leads to a NOT FOUND error. I have attached the ferb log below as well as my web.config.

    Any ideas why this isn’t working?

    Thanks in advance.
    Bill

  7. Gravatar ImageBill Harts responded on 19 Jun 2014 at 7:40 am #

    Further info:
    I verified that the transform is working by looking at Config/applicationHost.config. But it still does not route out. Thanks in advance for any ideas.
    Bill

  8. Gravatar Imageruslany responded on 19 Jun 2014 at 9:25 am #

    Hi Bill, I replied to you directly in email.

  9. Gravatar ImageBill Harts responded on 19 Jun 2014 at 1:58 pm #

    Thanks, Ruslan. I sent the requested files to your gmail. Let me know if they don’t make it through the firewall.

    Bill

  10. Gravatar ImageAlex Filman responded on 23 Jun 2014 at 9:46 am #

    You can use http://www.pinproxy.com
    It is the best online proxy found i have listed some features of it to help you.
    They have no ads.(this is why i like them)
    Supports almost every website.
    Best support for youtube,facebook,myspace and much more.
    They are on seperate private servers.not in a shared host so youget the best performance.
    and the best part is youcan use what ever of the subdomain and access there proxy.
    example: you can access the proxy from *.domain.com replace * with whatever word you like.

  11. Gravatar ImageRahul Patil responded on 28 Jul 2014 at 4:12 am #

    Hi, Ruslan.

    I want to reverse proxy my azure website (abc.azurewebsites.net) to xyz.com:1234 domain.

    Basically, what I need is :

    1. My web app is on abc.azurewebsites.net
    2. API I am consuming is on xyz.com:1234/api
    3. I want to make my web app IE8 compatible
    4. But to avoid CORS. I want to implement something like Reverse Proxy so that all the requests made to my API will be through Proxy..

    Will this method help?

    Regards..

  12. Gravatar ImageStanley responded on 06 Aug 2014 at 3:48 am #

    Woops.. below are my web.config

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
    <system.webServer>
    <rewrite>
    <rules>
    <rule name="ReverseProxyInboundRule1" stopProcessing="true">
    <match url="*" />
    <action type="Rewrite" url="http://www.google.com&quot; />
    </rule>
    </rules>
    </rewrite>
    </system.webServer>
    </configuration>

  13. Gravatar ImageStanley responded on 06 Aug 2014 at 6:33 pm #

    Hi Ruslan,

    Thanks for contributing the guide “Using Azure Web Site as a reverse proxy”. I’m enjoy reading your guide for quite a while. Recently I have implemented Azure Website to act as a reverse proxy for our web servers in test environment.

    I believe the xdt transform was successful based on the log file below.

    2014-08-06T10:43:46 sandboxproc.exe C:\DWASFiles\Sites\ARR-BEM\Temp\applicationhost.config
    2014-08-06T10:43:46 env XPROC_TYPENAME=Microsoft.Web.Hosting.Transformers.ApplicationHost.SiteExtensionHelper, Microsoft.Web.Hosting, Version=7.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
    2014-08-06T10:43:46 env XPROC_METHODNAME=Transform
    2014-08-06T10:43:46 Start ‘site’ site extension tranform
    2014-08-06T10:43:46 StartSection Executing InsertIfMissing (transform line 4, 8)
    2014-08-06T10:43:46 on /configuration/system.webServer/proxy
    2014-08-06T10:43:46 Applying to ‘system.webServer’ element (no source line info)
    2014-08-06T10:43:46 Inserted ‘proxy’ element
    2014-08-06T10:43:46 EndSection Done executing InsertIfMissing
    2014-08-06T10:43:46 Successful ‘D:\home\site\applicationHost.xdt’ site extension tranform
    2014-08-06T10:43:46 sandboxproc.exe complete successfully

    I follow your guide but I received an error.

    “The specified CGI application encountered an error and the server terminated the process.”

    Below are the log error.

    HTTP Error 502.3 – Bad Gateway
    There was a connection error while trying to route the request

    Basically I am trying to do is URL Rewrite http://test.blablab.com to http://www.google.com (just an example)

    Below are my web.config

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
    <system.webServer>
    <rewrite>
    <rules>
    <rule name="ReverseProxyInboundRule1" stopProcessing="true">
    <match url="*" />
    <action type="Rewrite" url="http://www.google.com&quot; />
    </rule>
    </rules>
    </rewrite>
    </system.webServer>
    </configuration>

    Appreciate if you can spare some time to look into the issue that i encountered.

    Thanks in advanced. Hope to see your reply soon!

    Regards,
    Stanley

  14. Gravatar ImageMark Rendle responded on 18 Sep 2014 at 8:38 am #

    For this to work, you’ll need to have WEBSITE_PRIVATE_EXTENSIONS set to 1 in the App Settings for the site.

  15. Gravatar ImageChad Lee responded on 29 Nov 2014 at 1:56 pm #

    Thanks for the writeup! I was able to get my site working with this guide.

    If I wanted to add caching ability to my reverse proxy, how would one go about setting that up? E.g., I want the reverse proxy to honor the cache headers of the thing it is proxying and just serve up the content from its cache rather than hitting the underlying site.

Trackback URI | Comments RSS

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

XML Markup: If You want to add XML code to the comment please XML encode it first, otherwise the code will not show up.

Recently Published Articles