I use IIS and URL rewrite as a reverseProxy. My actual webapplication is hosted on a server which is not directly accessible to the internet.
In the rewrite rules I replace the host name of the reverse Proxy with the local IP address. This works fine.
However, the application I use provides downloads. Once the client makes a download request a server side process redirects to the actual download file.
This is where I have issues. It seems like the session cookie (JSESSIONID) is not correctly shared between reverse proxy and local server. Instead of being redirected to the download file, I get a 401 "not authorized" message from the local server.
I found a similar question here.
How to properly set JSESSIONID cookie path behind reverse proxy
The user was using Apache as a reverse proxy and was using ProxyPassReverseCookieDomain to rewrite the cookie domain name.
Is there a similar setting in IIS? I tried the following outbounding rule but this doesn't work.
<preCondition name="contains-domain-set-cookie-header">
<add input="{RESPONSE_Set_Cookie}" pattern=".*?domain=MYDOMAIN*?" />
</preCondition>
<rule name="rewrite cookie domain" preCondition="contains-domain-cookie-header">
<match serverVariable="RESPONSE_Set_Cookie" pattern="^(.*?domain=)MYDOMAIN(.*?)$" negate="false" />
<action type="Rewrite" value="{R:1}MYLOCALIP{R:2}" />
</rule>
Are there other ways to handle this?
Thanks,
Thomas
