• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

HTTPS to follow a different web-chaining rule

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> General >> HTTPS to follow a different web-chaining rule Page: [1]
Login
Message << Older Topic   Newer Topic >>
HTTPS to follow a different web-chaining rule - 4.Nov.2006 9:07:05 AM   
jacauc

 

Posts: 3
Joined: 4.Nov.2006
Status: offline
Hi,

I have the following scenario in the Global company I work for:

I have a single local ISA2004 server installed on our remote site. This server is not connected to the internet. In the corporation, we have only 3 points on the network that is connected to the Internet. (2 in the US, and 1 in the UK) At these global Hub gateways, we have ISA server farms that is load balanced (with DNS I presume)
Basically the only purpose for my proxy server is caching.

I have set up 2 web chaining rules:

  * External (Internet/Web) - Redirect to upstream proxy server farm.
  * Internal (Intranet) - Retreive request directly.


This works very well except for when the following happens:
If a user connects to an HTTPS/SSL site like internet banking, he/she will be connected to the site, and log in. The problem is that some HTTPS sites have a security mechanism that automatically logs you off when your requesting IP has changed.

Thus, the user would connect to proxy server "myproxy:8080" from the desktop, the traffic would be forwarded to "US-ProxyServerFarm" which will pick a single server to send the traffic through due to load-balancing. (Let's say "US-ProxyServer14") and finally, the traffic will reach the website.

Now, the next time the user clicks on a link, the same thing will happen once again, but this time "US-ProxyServer22" might be picked by the load-balancing mechanism.

From the Internet Banking web server's perspective, the session has been hijacked, as the originating IP address of the proxy server is now different. - The user is then logged off from the website.


How can I set up a seperate Web Chaining rule that will only apply to HTTPS traffic, and then chain it to only a single server (Thus preventing the IP from changing during the session) instead of chaining it to the pool/farm of servers?

I tried to set up a rule like this but it doesn't seem to work

Sorry for the long explanation... Any Help would be apprecitated.

Thanks!
Jacauc

< Message edited by jacauc -- 12.Nov.2006 1:11:18 AM >
Post #: 1
RE: HTTPS to follow a different web-chaining rule - 6.Nov.2006 8:49:13 AM   
jacauc

 

Posts: 3
Joined: 4.Nov.2006
Status: offline
I have played with every last imaginable setting this weekend to see if I could get this to work, and i'm  starting to wonder if this is possible :S

Please help!
Thanks!
Jacauc

< Message edited by jacauc -- 9.Nov.2006 1:42:40 AM >

(in reply to jacauc)
Post #: 2
RE: HTTPS to follow a different web-chaining rule - 23.Apr.2009 3:32:13 AM   
nofree

 

Posts: 1
Joined: 20.Apr.2009
Status: offline
I have the same problem too..does anyone have the solution? jacauc email since nov 2006, but there are no answres...?

(in reply to jacauc)
Post #: 3
RE: HTTPS to follow a different web-chaining rule - 23.Apr.2009 7:13:13 AM   
jacauc

 

Posts: 3
Joined: 4.Nov.2006
Status: offline
never found a solution for this... Working in a different business unit now, but I'm quite sure the problem still exists.

(in reply to nofree)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> General >> HTTPS to follow a different web-chaining rule Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts