Overview
NOTE: Exterro Support does not troubleshoot issues with Internet Information Services (IIS) Manager. Exterro has provided the below steps for those wanting a reverse proxy solution, but it will be up to the customer to configure this and support it. Microsoft will need to be contacted if technical support is needed.
A reverse proxy retrieves and serves content from another web server. This eliminates the need for the web server to be exposed directly to clients, as all traffic appears to originate from the reverse proxy. Reverse proxies can be implemented in a DMZ to allow a web resources to be accessed publicly while keeping the actual backend server(s) unexposed on a secure network.
Prerequisites
- A functioning FTK Central installation
- FTK Central must be using a valid HTTPS certificate (self-signed is OK)
- A Windows Server (2012 R2 or newer), with access to browse FTK Central (typically over port 4443), to act as Reverse Proxy
- A certificate, signed by a trusted CA and issued to the Reverse Proxy server
Procedure
On the Reverse Proxy machine:
- Confirm that you can navigate to the FTK Central URL without receiving any certificate warnings (you may need to install the certificate to the Reverse Proxy server's Trusted Root Certification Authorities certificate store).
- Install IIS:
- Open Server Manager.
- In the Dashboard, click Add roles and features.
- On the Installation Type page, select Role-based or feature-based installation and click Next.
- On the Server Selection page, select the local server and click Next.
- On the Server Roles page, check Web Server (IIS).
- Accept adding any additional features required for Web Server (IIS), then click Next.
- Continue accepting defaults and clicking Next.
- On the Confirmation page, click Install and wait for the installation to complete.
- Confirm IIS is working by browsing to http://localhost to see the IIS Start page.
- Download and install the IIS URL Rewrite extension from http://www.iis.net/downloads/microsoft/url-rewrite.
- Download and install the IIS Application Request Routing extension from https://www.iis.net/downloads/microsoft/application-request-routing.
- Open Internet Information Services (IIS) Manager from the Windows Administrative Tools program group.
- Highlight your server under the Connections tree on the left.
- Double-click Application Request Routing Cache.
- Under Actions on the right, click Server Proxy Settings.
- At the Application Request Routing dialog, check Enable proxy and click Apply on the right.
- Expand your server name and Sites under the Connections tree on the left.
- Click Default Web Site.
- Double-click URL Rewrite.
- Under Actions on the right, click Add Rule(s).
- Under Inbound rules, double-click Blank rule.
- At the Edit Inbound Rule dialog, complete the following and click Apply on the right:
Name: Any friendly name
Requested URL: Matches the Pattern
Using: Regular Expressions
Pattern: (.*)
Action type: Rewrite
Rewrite URL: <FTKCentralURL>/{R:0}
Append query string: Checked
Note: The Rewrite URL base URL must match FTK Central certificate's Issued To name. - Under the Connections tree on the left, right-click Default Web Site and select Edit Bindings.
- Click Add.
- Set the Type to https, select the SSL certificate issued to the Reverse Proxy machine, and click OK.
Note: We do not recommend a publicly exposed Reverse Proxy without using HTTPS and a valid certificate signed by your CA. - Select the existing http binding and click Remove.