Custom HTTPS port not showing up in URL

RE: Custom HTTPS port not showing up in URL

admin888 — Wed, 09 Oct 2019 23:13:46 GMT

Well that was easy. Your option 2 worked out perfectly, and the site is displaying properly too now. Thank you.

RE: Custom HTTPS port not showing up in URL

DouglasFoster — Wed, 09 Oct 2019 23:07:25 GMT

On closer consideration, I think the most important option is "Rewrite HTML" on the Virtual Webserver object. It is right next to "pass host header". Your problem is that the urls are not being rewritten to external syntax.

RE: Custom HTTPS port not showing up in URL

DouglasFoster — Wed, 09 Oct 2019 21:32:43 GMT

Not exactly sure why you have this problem, but here are two things to try:

Option 1

I am pretty sure that "HTTPS and Redirect" means that it accepts HTTP connections on port 80 but redirect to HTTPS on whatever port. This might be creating confusion. Try changing to HTTPS (without redirect) and see if the problem goes away.

Option 2

If you have WAF in front of your Exchange server, you can get rid of the custom port on the public IP using Server Name Indication (SNI)

1) WAF on exchange.example.com:443 (public a.b.c.d) redirects to internal Exchange:443 (10.10.10.10)

2) WAF on otherapp.example.com:443 (public a.b.c.d) redirects to internal Otherstuff:8089 (10.10.10.11).

I perceive the second approach as preferable because the users are more likely to enter the URL correctly in the address bar or Favorites entry.

Curious to hear your results.

RE: Custom HTTPS port not showing up in URL

Peter-Paul Gras — Wed, 09 Oct 2019 19:22:48 GMT

It shouldn't be a problem having more than one server listening on the external 443 port. The mapping is done by WAF based on the certificate and the real server.
I host several external domains all resolving to one IP / port 443
Internally they are mapped to ports 8281, 8282 etc.

Grtz, Peter-Paul

RE: Custom HTTPS port not showing up in URL

admin888 — Wed, 09 Oct 2019 17:28:33 GMT

Good point, I can try that. Meanwhile I've managed to access the links by manually adding the port to the URLs and the site is all screwed up (landing and login page were fine). I think the Javascript on those pages might cause problems for the WAF (I did try rewrite HTML on/off and no firewall profile).

RE: Custom HTTPS port not showing up in URL

BAlfson — Wed, 09 Oct 2019 17:01:00 GMT

What if you change the Real Server to work with 443 and leave the Virtual Server on 8089?

Cheers - Bob

RE: Custom HTTPS port not showing up in URL

admin888 — Tue, 08 Oct 2019 14:31:12 GMT

I already use Port 443 for Exchange services and only have one public IP address, so I'm guessing the only other option here is DNAT?

RE: Custom HTTPS port not showing up in URL

dirkkotte — Sun, 06 Oct 2019 19:40:10 GMT

UTM/SG don't support rewriting URL this way ... as i know.

i would try to use Port 443 for Virtual webserver (if not used already).