Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
ISA Appends port :0 when redirecting to https - breaks in firefox
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
ISA Appends port :0 when redirecting to https - breaks ... - 27.Oct.2006 7:31:53 PM
|
|
|
calvind
Posts: 12
Joined: 3.Mar.2006
Status: offline
|
I am publishing a web farm and everything is working except for one annoying little thing. I am forwarding all port 80 traffic to https in the publishing rule but when it forwards http://www.foo.com/page.htm, it forwards to https://www.foo.com:0/page.htm. I'm not sure why that ":0" gets in there and it works fine in IE but a firefox user that tries to go to http gets an "Unable to connect" error and has to manually remove the ":0" to get to the page.
Looking in the logs I see the client connecting to ISA but not getting redirected to a web server in the farm. ISA sees them trying on port 80, says there was a failed connection attempt, and gives me an http status code of 12241. I can't find the definition of that status code anywhere.
Can anyone shed some light on this?
Thanks,
Calvin
|
|
|
|
|
RE: ISA Appends port :0 when redirecting to https - bre... - 30.Oct.2006 8:49:37 AM
|
|
|
tshinder
Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Calvin,
Whoa! Why would you forward HTTP as HTTPS? Isn't that a waste of resouces? The client to ISA Firewall should be SSL and the ISA Firewall to Web server should be SSL for secure end to end security.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls
|
|
|
|
|
RE: ISA Appends port :0 when redirecting to https - bre... - 30.Oct.2006 11:32:58 AM
|
|
|
calvind
Posts: 12
Joined: 3.Mar.2006
Status: offline
|
OK maybe I'm missing something then. I'm redirecting users by using the "redirect all traffic from http to https" option in the listener. It is described in your blog here: http://blogs.isaserver.org/shinder/2006/09/21/redirecting-http-requests-to-ssl-requests-using-the-2006-isa-firewall/
So I would think that this would direct the client to forward to the https site. Not just forward from isa to the web server in https. Actually I am pretty sure that it is doing a simple client-side redirect because otherwise I wouldn't see https on the client if ISA were doing all of the work.
Am I missing something here?
Thanks,
Calvin
|
|
|
|
|
RE: ISA Appends port :0 when redirecting to https - bre... - 30.Oct.2006 11:34:49 AM
|
|
|
calvind
Posts: 12
Joined: 3.Mar.2006
Status: offline
|
I just re-read my original post and can see what happened. Bad description of the setup on my part. Sorry about that. I think my last post clarifies things and should be a "safe" solution. So - any solutions to the problem I am seeing?
|
|
|
|
|
RE: ISA Appends port :0 when redirecting to https - bre... - 31.Oct.2006 8:28:40 AM
|
|
|
tshinder
Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: calvind
OK maybe I'm missing something then. I'm redirecting users by using the "redirect all traffic from http to https" option in the listener. It is described in your blog here: http://blogs.isaserver.org/shinder/2006/09/21/redirecting-http-requests-to-ssl-requests-using-the-2006-isa-firewall/
So I would think that this would direct the client to forward to the https site. Not just forward from isa to the web server in https. Actually I am pretty sure that it is doing a simple client-side redirect because otherwise I wouldn't see https on the client if ISA were doing all of the work.
Am I missing something here?
Thanks,
Calvin
Hi Calvin,
OH! OK, that makes sense. Yes, you can configure the ISA Firewall to redirect HTTP to HTTPS and is being working pretty well.
Tom
_____________________________
Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls
|
|
|
|
|
RE: ISA Appends port :0 when redirecting to https - bre... - 31.Oct.2006 8:29:47 AM
|
|
|
tshinder
Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: calvind
I just re-read my original post and can see what happened. Bad description of the setup on my part. Sorry about that. I think my last post clarifies things and should be a "safe" solution. So - any solutions to the problem I am seeing?
Hi Calvin,
Have you tried it with IE 7? Since IE 7 makes IE more secure than Firefox, it makes sense to go back to it.
Tom
_____________________________
Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls
|
|
|
|
|
RE: ISA Appends port :0 when redirecting to https - bre... - 31.Oct.2006 9:44:30 AM
|
|
|
calvind
Posts: 12
Joined: 3.Mar.2006
Status: offline
|
Yeah I have tried IE7. It is smart enough to ignore the ":0" part of the address and it brings me to the site. But I can't really control the client the users will use. Any idea why that is getting put in the url and more importantly how to get rid of it?
Thanks,
Calvin
|
|
|
|
|
RE: ISA Appends port :0 when redirecting to https - bre... - 2.Nov.2006 9:30:27 AM
|
|
|
tshinder
Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Calvin,
OK, got it.
I don't know of a way to change this. I'll have to check some packet traces to see what's going on here.
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls
|
|
|
|
|
RE: ISA Appends port :0 when redirecting to https - bre... - 2.Nov.2006 2:37:52 PM
|
|
|
calvind
Posts: 12
Joined: 3.Mar.2006
Status: offline
|
I should note that I am using this same rule when publishing 2 single web servers and it works fine. I have created 2 new web farm publishing rules as we are deploying a new web farm to replace the previously mentioned servers and both of the web farm publishing rules behave the same way (appending the :0) but both of the single web server publishing rules don't. So it appears this is a web farm specific issue.
Now when you talk about checking packet traces...do you want anything from me or is this something you can reproduce and test on your end?
Calvin
|
|
|
|
|
RE: ISA Appends port :0 when redirecting to https - bre... - 3.Nov.2006 9:44:05 AM
|
|
|
tshinder
Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Calvin,
This is something I should be able to repro myself.
Tom
_____________________________
Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls
|
|
|
|
|
RE: ISA Appends port :0 when redirecting to https - bre... - 20.Nov.2006 12:23:50 PM
|
|
|
calvind
Posts: 12
Joined: 3.Mar.2006
Status: offline
|
I finally got this fixed. Turns out it is related to a bug in the Link Translation module. I'm not 100% sure how that plays in since I am actually using the redirection option but it must use something from link translation to redirect the user. There is a hotfix #927265 that fixes the problem. If anyone else is seeing this though, that hotfix is not released publicly yet so you have to contact Microsoft support to get the download.
Thanks for the help...hopefully this helps someone else.
Calvin
|
|
|
|
|
RE: ISA Appends port :0 when redirecting to https - bre... - 4.Dec.2006 10:57:28 AM
|
|
|
tshinder
Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Calvin,
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls
|
|
|
|
|
RE: ISA Appends port :0 when redirecting to https - bre... - 26.Feb.2007 12:13:44 PM
|
|
|
no fear
Posts: 32
Joined: 19.Oct.2005
Status: offline
|
I'm hosted a datacenter and im using the ISA 2006 HTTP to HTTPS redirection and im afraid about this ":0" part .
Can any one ensures that this will not cause any problem when the user is using any web browser (for example : not IE bowser ) ??
this is highly urgent
|
|
|
|
|
RE: ISA Appends port :0 when redirecting to https - bre... - 2.Apr.2008 3:48:22 PM
|
|
|
JohnnyM
Posts: 1
Joined: 2.Apr.2008
Status: offline
|
I am also getting this :0 error at the end of a redirected HTTP to HTTPS webpage. I have ISA 2006 with the supportability update. It does not work at all with Firefox or non IE browsers.
How do I get rid of this? I have searched the internet for days without finding any useful information.
Thanks,
JohnnyM
|
|
|
|
|
RE: ISA Appends port :0 when redirecting to https - bre... - 11.Apr.2008 10:07:43 AM
|
|
|
tshinder
Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hey guys,
Call PSS to get the hotfix.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
