Unable to get to Private IIS Server

Hi good folks of the community.

I’m in dire need of your help. Many thanks in advance. My setup is such that I have a cloud VM running HAProxy version 2.1.7. I also have an office setup running pfSense. I have setup a port-forwarding on my pfSense box to forward all traffic coming on port 6689 to port 80 on one of my private IIS hosted websites. However when I try to access this website from outside via an IP, I’m easily able to do so. The problem is when I access through the cloud HAProxy box. IIS simply throws a 404 error.

I do know it might be due to the header mismatch on IIS end I am having troubles in getting a solution for this. Below is my config:

log         127.0.0.1 local0

chroot      /var/lib/haproxy
pidfile     /var/run/haproxy.pid
maxconn     4000
user        haproxy
group       haproxy
daemon
tune.ssl.default-dh-param 2048
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
ssl-default-bind-ciphers ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS:!AESCCM

ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11
ssl-default-server-ciphers ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS:!AESCCM

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode                    http
log                     global
option                  httplog
option                  http-server-close
option                  http-keep-alive
option forwardfor       except 127.0.0.0/8
option                  redispatch
cookie                  SRVNAME insert nocache
retries                 3
timeout http-request    10s
timeout queue           1m
timeout connect         10s
timeout client          1m
timeout server          1m
timeout http-keep-alive 10s
timeout check           10s
maxconn                 3000

frontend stats
bind            *:8404
stats           enable
stats uri       /monitor
stats refresh   10s
maxconn         2
http-request use-service prometheus-exporter if { path /metrics }
stats           show-node
stats           hide-version
stats           show-legends
acl AUTH        http_auth(stats-auth)
acl AUTH_ADMIN  http_auth_group(stats-auth) admin
stats http-request auth unless AUTH
stats admin if AUTH_ADMIN

#CEX Frontend(s)
frontend Redirected_HTTP_Traffic_Here_Should_be_Zero
bind *:80
redirect scheme https code 301 if !{ ssl_fc }

frontend HTTPS-PROXY

bind *:443 ssl crt /etc/haproxy/certs/[spoiler]proxy.cexlab.com.pem[/spoiler]

default_backend Grafana

http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;

http-response set-header X-Content-Type-Options nosniff

http-response set-header X-XSS-Protection "1; mode=block"

http-response set-header Referrer-Policy no-referrer-when-downgrade

http-response set-header X-Frame-Options SAMEORIGIN

#http-response set-header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'se

lf' 'unsafe-inline'; font-src 'self' data:"

http-response replace-value Set-Cookie (.*) "1; Secure"

#acl host_proxy hdr(host) -i proxy.cexlab.com

acl stats path -i -m beg /monitor || path -i -m beg /metrics

acl IC path -i -m beg /genesys

http-request deny if { path -i -m beg /metrics }

use_backend stats if stats

use_backend Hyderabad-Office if IC

backend Hyderabad-Office
server LocalServer229 [spoiler]183.82.0.182:6689[/spoiler] maxconn 2

Thanks a lot in advance.

2 posts - 1 participant

Read full topic