The scenario: A web server running a single site under two different addresses:
- www.mysite.com (regular site)
- ws1.mysite.com (web services)
Both are accessible via HTTPS, and both are running on the same application (whether it's a web service call or a regular www call is handled programmatically).
I have a web page on that www site which calls a web service on the ws1 site via Javascript. This is technically a CORS call. However, for backward compatibility, I want to make the calls non-CORS. The best way to do this would be to make a URL Rewrite rule to fork a custom address (say www.mysite.com/ws1/) to the web services place (ws1.mysite.com) so the browsers aren't aware this is CORS (because, in the end, it's not "Cross-Origin", really).
So, I've setup the following rules on the site:
<rewrite>
<rules>
<remove name="WS1-Inbound" />
<rule name="WS1-Inbound" enabled="false">
<match url="^ws1/(.*)" />
<conditions />
<serverVariables />
<action type="Rewrite" url="https://ws1-mysite.com/{R:1}" logRewrittenUrl="true" />
</rule>
</rules>
<outboundRules>
<remove name="WS1-Outbound" />
<rule name="WS1-Outbound" enabled="false">
<match filterByTags="None" pattern="^https://ws1-mysite.com/(.*)" />
<conditions />
<action type="Rewrite" value="ws1/{R:1}" />
</rule>
</outboundRules>
</rewrite>
This returns a 404.4. Ah, so I turn on ARR, and now I get a 502.3.
The inbound rule is applied successfully, it never gets to the outbound rule.
Do I:
- Need to turn on ARR at all in this situation?
- Need to handle SSL in some special way? I just need it to pass through.
