Scott Forsyth's Blog

Postings on IIS, ASP.NET, SQL Server, Webfarms and general system admin.

Cloud Resources

IIS Resources

ARR Helper-Week 33

You can find this week’s video here.

This week we take a look at the issue caused by the man-in-the-middle and how to resolve it with ARR Helper—a small component offered by Microsoft to address this very issue.

Over the last few weeks we’ve been looking at web farm related topics, with a recent focus on Application Request Routing (ARR). This week we take a look at the man-in-the-middle issue caused by ARR functioning as a reverse proxy. This causes the IP addresses, SSL, and other data to be hidden from the web servers because of ARR’s role as the middle man. Have no fear though, this is easy to overcome.

This is now the 9th week in a mini-series on web farms, and the 33rd week of the entire series. You can view past and future weeks here: http://dotnetslackers.com/projects/LearnIIS7/

You can find this week’s video here.

Comments

Helal said:

Hello how are you. I really liked your lectures. I am not sure how to fix this. I am using asp.net mvc and my login action are decorated by requiressl attribute.So going to these route they are redirected to https.

Does server redirects work at all on ARR?

# July 4, 2013 1:49 AM

OWScott said:

Hi Helal,

Thanks for encouraging feedback. In your situation you will want to do one of two things. Either your site needs to provide redirects to the proper public URL, or ARR needs to rewrite the URLs to the public URL.

You can achieve the first option automatically by installing ARR Helper and ensuring that the sites on the web servers listen on the same host header as the public site (ARR server). If you pass the same host header through then it should do this for you.

Note that the ARR Helper is a key part of making all of this work smoothly. If that's installed and you listen on the same host header (i.e. you don't change it in ARR) then it should just work.

To achieve the second option it can take a bit more work but it's possible if there are reasons to prevent the first option from working.

# July 19, 2013 5:23 PM

Nanveet said:

Hi OWScott,

I like you blogs and training video.

Please suggest me. Does it work when we used H/W based load balance.

Thanks,

Navneet  

# January 29, 2014 5:44 AM

OWScott said:

Hi Nanveet,

Yes, in most cases it does. It's pretty standard for hardware load balancers to use the X-Forwarded-For header. ARRHelper simply watches for that and puts the header information back into the original locations.

# January 29, 2014 9:36 AM
Leave a Comment

(required) 

(required) 

(optional)

(required)