Google Groups

Re: Setting up Reverse Proxy


Rahul Feb 5, 2012 3:18 PM
Posted in group: Fiddler
Hello Eric,
as mentioned earlier, after reading your suggestions, I have reverse
proxy working with host headers.
However, with regard to https, I have not been able to get it going.
Allow me to summarize one last time,  and I hope you can find time to
shed some light.

-------------------------
Machine1 (Client)
-------------------------
- IP is 192.168.2.5
- hosts file has ----> 192.168.2.2  www.wa.com
- The CA cert is in (LocalMachine and CurrentUser) / Trusted Root
Certification Authorities
- Makes an http call ---> http://www.wa.com:4444       (IE/Firefox/
Chrome)
- Makes the same http call using .net
(reaching same results)

------------------------
Machine2(Server)
------------------------
- IP is 192.168.2.2
- hosts file has --->127.0.0.1  www.wa.com
- Firewall configured to allow inbound tcp port 4444 traffic
- The CA cert is in LocalMachine and CurrentUser / Trusted Root
Certification Authorities
- SSL certificate (pfx) (CN=www.wa.com) is installed in (LocalMachine
and CurrentUser) / Personal and functional (proof: works with fiddler
disabled)
- The asp.net application is bound to port 80 and 443 (ssl is
attached) and has full permission to the SSL cert's private keys.
Using host header www.wa.com in this binding.
- The IIS setting is set to Require SSL and Anonymous authentication
is enabled
- Fiddler is running and is configured with the following:
    -- to allow Remote computers to connect
    -- Capture HTTPS connects and Decrypt https traffic is enabled
    -- The following custom rule has been coded in the OnBeforeRequest
event handler
        if (oSession.HostnameIs("www.wa.com"))   oSession.host
="www.wa.com:443";       // Tried 80 as well
    -- !listen 4444 www.wa.com            // checked with netstat that
fiddler is listening on port 4444


--------------
Error
---------------
The error I get in my ,net client application is "The underlying
connection was closed: Could not establish trust relationship for the
SSL/TLS secure channel.

The error that I get when I type https://www.wa.com:4444
   in chrome I get ----> Invalid Server Certificate
   in Firefox I get -----> The certificate is not trusted because no
issuer chain was provided.
   (I took a look at the SSL certificate listed under IIS, and the
Certificate stores (Local Machine and Current User) and confirmed that
the Certification Path of the SSL certificate had the CA listed at the
root. The same CA which is installed on the Client's certificate
stores under Trusted Root Certification Authorities.)

I am sorry if I am taking too much time on this forum but I have come
to what appears as a dead-end for me.

Fiddler is an indispensable tool and if I can get the https reverse
proxy working, we, at our company, will benefit a great deal from it.

Thank you once again !
-- Rahul



On Feb 5, 9:58 am, EricLaw <bay...@gmail.com> wrote:
> If they were exactly equivalent, I wouldn't have described both
> options. The Registry entry only works when Fiddler can identify an
> inbound request as destined for the current machine. That doesn't work
> in this case because you haven't communicated to Fiddler in any way
> that you expect it to act as the hostname "tws.com".
>
> If you delete your CustomRules.js file in your \Documents
> \Fiddler2\Scripts folder, the next time Fiddler starts, the
> SampleRules.js file from the Fiddler application folder will be used
> to recreate your CustomRules.js file.
>
> On Feb 5, 12:29 am, Rahul <rahulmisra2...@gmail.com> wrote:
>
>
>
>
>
>
>
> > Eric, thank you for your prompt reply.
> > When I try to open Custom Rules, I get a blank notepad window titled
> > customrules.js. I uninstalled and reinstalled the product but to no avail.
>
> > Also, the documentation talks about the custom rule and the registry entry
> > as equivalent in effect. You asked me to go the code route. I had used the
> > registry to make an entry (ReverseProxyForPort) but that did not work.
>
> > Thanks