Despite SSL offroading on the Load balancer, Spoofing Web Applications as being accessed by HTTPS . (URLRewrite,IIS)

[japanese(日本語)]

Despite SSL offroading on the Load balancer, Spoofing Web Applications as being accessed by HTTPS .

 

 

  1. Install URLRewrite module to IIS
  2. on the URL Rewrite module setting, Add “HTTPS” on “server variables”
  3. write web.config as follows.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<rewrite>
   <rules>
       <rule name="backend" patternSyntax="Wildcard">
           <match url="*" />
           <serverVariables>
               <set name="HTTPS" value="on" />
               </serverVariables>
           <action type="None" />
       </rule>
   </rules>
</rewrite>
</system.webServer>
</configuration>