Forum Discussion
HTTPS Reverse Proxy on IIS 10 – External Access Fails (Timeout) Although Local Requests Work
Hi,
Based on the troubleshooting you've already done, I don't think the issue is with ARR or the URL Rewrite rule.
The fact that http://localhost:8080/login works confirms the backend application is healthy. Also, since Invoke-WebRequest https://lojistik.abc.com.tr/LMYS/login from the IIS server returns HTTP 200, IIS is successfully accepting the HTTPS request locally, applying the rewrite rule, and proxying it to the backend application.
The key detail for me is that external clients only experience a timeout and no requests appear in the IIS logs. If IIS never logs the request, it usually means the request isn't reaching IIS at all, so ARR and URL Rewrite never get a chance to process it.
At this point, I'd focus on the network path before IIS. Some things I'd verify are:
Test whether TCP port 443 is reachable from an external machine using Test-NetConnection, telnet, or openssl s_client.
Make sure Windows Firewall is allowing inbound HTTPS traffic.
Check whether there's a firewall, load balancer, reverse proxy, or WAF in front of the server that could be blocking or dropping the connection.
If 10.6.130.90 is a virtual IP instead of the IIS server's current address, verify that the NAT or port forwarding is correctly forwarding TCP 443 to the server.
If everything looks correct but the issue persists, I'd run a packet capture network on the IIS server, pktmon, or netsh trace while an external client attempts to connect. If no incoming TCP SYN packets are captured, that would confirm the traffic is being blocked somewhere before it reaches IIS.
Based on the information you've shared, I don't believe this is an ARR or URL Rewrite issue. If the reverse proxy configuration were the problem, IIS would typically return an HTTP error such as 500, 502.3, or 503, and you would still see the request recorded in the IIS logs. A timeout with no IIS log entries almost always points to something in the network path preventing the request from reaching the server.