I have the following scenario in the Global company I work for:
I have a single local ISA2004 server installed on our remote site. This server is not connected to the internet. In the corporation, we have only 3 points on the network that is connected to the Internet. (2 in the US, and 1 in the UK) At these global Hub gateways, we have ISA server farms that is load balanced (with DNS I presume) Basically the only purpose for my proxy server is caching.
I have set up 2 webchaining rules:
* External (Internet/Web) - Redirect to upstream proxy server farm. * Internal (Intranet) - Retreive request directly.
This works very well except for when the following happens: If a user connects to an HTTPS/SSL site like internet banking, he/she will be connected to the site, and log in. The problem is that some HTTPS sites have a security mechanism that automatically logs you off when your requesting IP has changed.
Thus, the user would connect to proxy server "myproxy:8080" from the desktop, the traffic would be forwarded to "US-ProxyServerFarm" which will pick a single server to send the traffic through due to load-balancing. (Let's say "US-ProxyServer14") and finally, the traffic will reach the website.
Now, the next time the user clicks on a link, the same thing will happen once again, but this time "US-ProxyServer22" might be picked by the load-balancing mechanism.
From the Internet Banking web server's perspective, the session has been hijacked, as the originating IP address of the proxy server is now different. - The user is then logged off from the website.
How can I set up a seperate WebChaining rule that will only apply to HTTPS traffic, and then chain it to only a single server (Thus preventing the IP from changing during the session) instead of chaining it to the pool/farm of servers?
I tried to set up a rule like this but it doesn't seem to work
Sorry for the long explanation... Any Help would be apprecitated.
< Message edited by jacauc -- 12.Nov.2006 1:11:18 AM >