• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Problem with IIS redirect settings and ISA 2006

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Problem with IIS redirect settings and ISA 2006 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Problem with IIS redirect settings and ISA 2006 - 6.Jan.2009 9:50:10 AM   
wilbudl

 

Posts: 15
Joined: 23.Jul.2008
Status: offline
Configuration:  1 ISA server array

Issue:  Redirecting sites using IIS settings for permanent redirect, results in infinite redirect loop when going through ISA.  Accessing the sites internally (without ISA) results in the correct redirect operation.  The web server has 3 sites configured for this for various reasons.  One "real" site that is the actual web content and only accepts requests for specific headers.  One redirect site that is configured for permanent redirect to the "real" site.  The second site only accepts request for specific headers.  The third site is also a redirect site but is using script to accomplish this.  This site was the original site name, but the site has been moved to a different domain.  The second site in this scenario is for variations of the "real" site which is why it's redirecting.  None of the redirected web sites are working.  They all result in a loop that eventually causes ISA to tell me that there have been too many requests from my IP address. (of course)

Regards,
Darryl
Post #: 1
RE: Problem with IIS redirect settings and ISA 2006 - 6.Jan.2009 11:24:58 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Details of publishing rules?

Details of redirect configuration?

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to wilbudl)
Post #: 2
RE: Problem with IIS redirect settings and ISA 2006 - 6.Jan.2009 2:52:01 PM   
wilbudl

 

Posts: 15
Joined: 23.Jul.2008
Status: offline
I finally get the give something back instead of just asking questions...!

Opened a support case with Microsoft because of the urgency of the problem.  Here's the scenario:

ISA 2006 Enterprise server in the DMZ running single NIC; reverse proxy

One internal IIS server hosting multiple web sites

Site A is for www.abcde.com (this is the internal and external site URL)
Site B is for www.12345.com  ("permanent redirect" site)

Moving web site www.12345.com to www.abcde.com using a redirect site in IIS.  The redirect site (B) only accepts requests for www.12345.com and the redirect obviously points to www.abcde.com.

The IIS server is hosting multiple web sites, most with their own IP address.  However, for this particular change, two sites have been configured with the same IP address, using host headers to control the traffic.

Since both external URL's point to the same internal server, the Firewall Policy is configured for the Public Names www.abcde.com, abcde.com, www.12345.com and 12345.com.  The published site name is www.abcde.com.  There is no authentication and all traffic is HTTP.  "Forward the original host header..." is enabled.

Here's what happened
  • User requests www.12345.com in his browser
  • ISA receives the requests and forwards the request to the IIS server.
  • The IIS server processes the request to the correct "redirect site" (B) which responds with a permanent redirect to www.abcde.com (A)
  • ISA receives the response (Here's where it gets good!)  and inspects it,  sees that there is a redirect link to the website that matches the configured internal site as configured in the Firewall Policy, it replaces the link with the original host header (www.12345.com) and forwards the response the the requesting user
  • The browser receives the redirect response so it goes to the "new" site, www.12345.com, and the process starts all over again

I was told that this was a "logic" issue (not a problem) that is not impacted by Link Translation settings.  Seems that our specific configuration had just the right elements to cause this.  The resolution was to replace the published site name (found on the To tab of the Firewall Policy) to the actual server name of the IIS server.  Since the published site name no longer matched the redirect response, ISA no longer replaced the url contained in the response.

I hope this helps someone else if they ever need to configure redirects.

Regards,
Darryl

(in reply to Jason Jones)
Post #: 3
RE: Problem with IIS redirect settings and ISA 2006 - 7.Jan.2009 3:53:45 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Thanks for the feedback, I was going to tell you to do that  (only kidding)

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to wilbudl)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Problem with IIS redirect settings and ISA 2006 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts