130s timeout when accessing service exposed on HTTPS through HTTP

Posted on

130s timeout when accessing service exposed on HTTPS through HTTP – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about windows, http, https, tcp, timeout.

I have windows client application and windows service hosting a web service over HTTPS (on behind it uses standard http.sys). Everything is ok except the situation where user makes a mistake and uses HTTP with HTTPS port for accessing the service. For example service is exposed on: https://somehost:9000 but user incorrectly sets http://somehost:9000.

Normally if the endpoint is not available the client receives 404 Not found but in this case the endpoint is available but the host expects SSLTLS handshake first. When the client calls the service with pure HTTP it hangs and client waits for timeouts. Moreover I found that this is some global behavior because web services exposed on IIS over HTTPS called through browser with HTTP behaves in the exactly same way. The timeout is always 130s. Keep-alive for connections on IIS is configured to 120s so it doesn’t look correlated.

What kind of timeout is used in this case? Is it possible to change it (this question is little bit abstract because I yet don’t know what I want to change)?

Solution :

I think you can use the URL rewrite module, which does a kind of transparent redirect to the correct protocol; here are some details

install and enable the URL rewrite and configure your ISS virtual site to not require-ssl, so that it can handle the HTTP request, and send a http-redirect back to https:// like so

<rule name="HTTP to HTTPS redirect" stopProcessing="true">
  <match url="(.*)" />
      <add input="{HTTPS}" pattern="off" ignoreCase="true" />
  <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />

This strategy is better than making possibly breaking changes to system-wide TCP parameters.

Alternative is to set the appropriate timeout values on http.sys component in your application. Some default values and parameters are mentioned in this doc here;