Turns out that the IP of a much-needed new website is blocked from inside our organization's network for reasons that will take weeks to fix. In the meantime, could we set up a reverse proxy on an Internet-based server which will forward SSL traffic and perhaps client IPs to the external site? Load will be light. No need to terminate SSL on the proxy. We may be able to poison DNS so original URL can work.
How do I learn if I need URL rewriting? Squid/apache/nginx/something else? Setup would be fastest on Win 2000, but other OSes are OK if that would help. Simple and quick are good since it's a temporary solution.
Thanks for your thoughts!
Best Answer
Since you need to do URL rewrite, you can use ARR (Application Request Routing) with IIS 7 (or higher).There is an option to disable "SSL offloading" if you do not wish to terminate SSL on proxy end.
http://www.iis.net/learn/extensions/configuring-application-request-routing-(arr)/http-load-balancing-using-application-request-routing
To ensure that Client IPs are carried over, you can install ARRHelper as per http://blogs.iis.net/anilr/archive/2009/03/03/client-ip-not-logged-on-content-server-when-using-arr.aspx. I assume your web site is running IIS.
Alternatively, for something quick and dirty on Windows, use netsh portproxy to proxy all TCP 443 (SSL) traffic over.
See http://technet.microsoft.com/en-us/library/cc731068(v=ws.10).aspx#BKMK_1
Make sure IIS is not installed, and take note that client IP is not carried over.