• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA 2004 & Exchange 2003 OWA -- redirect from http:... - 2.Aug.2004 5:35:00 PM   
MooseFruit

 

Posts: 15
Joined: 26.Apr.2004
Status: offline
I have successfully setup an ISA 2004 server that only allows users to connect to an OWA 2003 server via https://myserver.com/exchange.

What I would like to do is setup ISA to redirect users from http://myserver.com to https://myserver.com/exchange. Is this possible?

As is stands today, the users are given an error if they visit http://myserver.com.

This is a user-convenience thing only. I do not want users to be able to access OWA via http, rather I would like http to redirect to https.

I have considered using a simple web page with a META redirect tag, but is this the correct approach and how would this be done? Can an ISA server even run IIS to serve up the simple web page?

Thanks!

Best,
Joe
Post #: 1
RE: ISA 2004 & Exchange 2003 OWA -- redirect from h... - 9.Aug.2004 3:53:00 PM   
MooseFruit

 

Posts: 15
Joined: 26.Apr.2004
Status: offline
Any thoughts?

(in reply to MooseFruit)
Post #: 2
RE: ISA 2004 & Exchange 2003 OWA -- redirect from h... - 10.Aug.2004 9:31:00 AM   
andrew.toon

 

Posts: 26
Joined: 22.Jul.2004
Status: offline
The way I've done this is to use an .asp page to do a redirect from http://owaserver.com to https://owaserver.com/exchange.

First create the redirect .asp file and virtual directory, and set up the redirect to happen when you get an error 403.4

See - http://support.microsoft.com/default.aspx?scid=kb;en-us;555126&Product=exch2003 for info on how to do this.

Once you've setup the redirect you need to create a web publishing rule for the exchange server and HTTP only. This rule will redirect any requests for HTTP to the redirect .asp. An example rule is shown below.

Rule Name : OWA Redirect
Action : Allow
From : Anywhere
To : Internal name of Exchange Server
Traffic : HTTP
Listener : Standard HTTP
Public Name : External name of Exchange Server
Paths :
External = "/*",
Internal = "/<owa redirect virtual dir>/<owa .asp>"
Bridging : Redirect requests to HTTP (note don't tick the HTTPS box)
Users : All Users

I hope this helps.

Thanks
Andrew

(in reply to MooseFruit)
Post #: 3
RE: ISA 2004 & Exchange 2003 OWA -- redirect from h... - 12.Aug.2004 8:53:00 PM   
MooseFruit

 

Posts: 15
Joined: 26.Apr.2004
Status: offline
Problem is -- that article assumes you are not using an ISA server in a DMZ.

If I don't allow port 80 on the intranet side of the DMZ, how does the client even arrive at OWA to get the redirect?

I would need to do the 80 -> 443 redirect on the ISA box. However I have read that you cannot run IIS and ISA on the same machine. (IIS required to support the ASP solution you outlined)

Any other thoughts?

(in reply to MooseFruit)
Post #: 4
RE: ISA 2004 & Exchange 2003 OWA -- redirect from h... - 14.Aug.2004 5:00:00 PM   
BobW

 

Posts: 227
Joined: 27.Mar.2002
Status: offline
I used the asp redirect...but....

Link Translation works MUCH better. Just tell it to translate all http: to https:

Very cool,
Bob

(in reply to MooseFruit)
Post #: 5
RE: ISA 2004 & Exchange 2003 OWA -- redirect from h... - 14.Aug.2004 5:20:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Bob,

How about just creating an error page that the ISA firewall delivered to the user with a correct link and a reminder that they should have entered the correct string in the first place?

HTH,
Tom

(in reply to MooseFruit)
Post #: 6
RE: ISA 2004 & Exchange 2003 OWA -- redirect from h... - 16.Aug.2004 5:27:00 AM   
BobW

 

Posts: 227
Joined: 27.Mar.2002
Status: offline
Ah, but you are assuming you are dealing with folks who would understand the error page....

I switched to SSL and my users never knew it.

The way they access OWA is by going to a VERY basic website that leads to some internal items, one of which is OWA.

Tom, why not use Link translation? Am I missing something? It seems to be working quite nicely.

Thanks,
Bob

quote:
Originally posted by tshinder:
Hi Bob,

How about just creating an error page that the ISA firewall delivered to the user with a correct link and a reminder that they should have entered the correct string in the first place?

HTH,
Tom



[ August 16, 2004, 03:36 PM: Message edited by: BobW ]

(in reply to MooseFruit)
Post #: 7
RE: ISA 2004 & Exchange 2003 OWA -- redirect from h... - 16.Aug.2004 4:03:00 PM   
MooseFruit

 

Posts: 15
Joined: 26.Apr.2004
Status: offline
quote:
Originally posted by BobW:
I used the asp redirect...but....

Link Translation works MUCH better. Just tell it to translate all http: to https:

Very cool,
Bob

Is this a feature in ISA? Can you point me in the right direction?

Thx again,
Joe

(in reply to MooseFruit)
Post #: 8
RE: ISA 2004 & Exchange 2003 OWA -- redirect from h... - 16.Aug.2004 4:15:00 PM   
MooseFruit

 

Posts: 15
Joined: 26.Apr.2004
Status: offline
Bob:

Link translation works terrific! Thanks for the info.

Good info here:

http://www.isaserver.org/img/upl/spskit/7basiccredandlinktranslate/7basiccredandlinktranslate.htm

best,
Joe

(in reply to MooseFruit)
Post #: 9
RE: ISA 2004 & Exchange 2003 OWA -- redirect from h... - 30.Aug.2004 9:50:00 PM   
ACC

 

Posts: 2
Joined: 30.Aug.2004
Status: offline
I have the same question, I couldn't get link translation to work. How did you configure it to work. I tried the http: to https: entry , then added owa.domain.com to owa.domain.com/exchange. I also enabled http on the listener...no good.

Thanks for any help.

(in reply to MooseFruit)
Post #: 10
RE: ISA 2004 & Exchange 2003 OWA -- redirect from h... - 21.Sep.2004 3:00:00 PM   
druid_ro

 

Posts: 8
Joined: 22.Oct.2003
Status: offline
How is it possible to use link translation if you have a listener that only uses SSL?

I tried redirect with link translation with listener with both port 80 and 443, and I get a page with 12211 error(ssl required)

Do I need another web publishing rule, or another listener?

(in reply to MooseFruit)
Post #: 11
RE: ISA 2004 & Exchange 2003 OWA -- redirect from h... - 27.Sep.2004 7:59:00 PM   
MooseFruit

 

Posts: 15
Joined: 26.Apr.2004
Status: offline
Your listener has to be configured for both 80 and 443.

Having trouble with link translation lately. Plain and simple it just doesn't work.

Anyone have any troubles with ISA RTM & link translation?

(in reply to MooseFruit)
Post #: 12
RE: ISA 2004 & Exchange 2003 OWA -- redirect from h... - 30.Sep.2004 1:41:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Moose,

The few times I've used it I had no problems. Do you have specific issues with it?

Thanks!
Tom

(in reply to MooseFruit)
Post #: 13
RE: ISA 2004 & Exchange 2003 OWA -- redirect from h... - 30.Sep.2004 9:51:00 PM   
penrose.l@2college.nl

 

Posts: 474
Joined: 29.Jan.2004
From: Netherlands
Status: offline
Try to open a .zip file attachment using link translation.
Much better is to redirect with HTTP REDIRECT function.

LexP

(in reply to MooseFruit)
Post #: 14
RE: ISA 2004 & Exchange 2003 OWA -- redirect from h... - 11.Oct.2004 7:44:00 PM   
MooseFruit

 

Posts: 15
Joined: 26.Apr.2004
Status: offline
Then there is still the issue of requiring port 80 open on the internal firewall ONLY to support redirection. Not an optimal solution IMO.

After months of following this subject I just don't think there is any clean & simple way to redirect users from http://anything to https://server/exchange

(in reply to MooseFruit)
Post #: 15
RE: ISA 2004 & Exchange 2003 OWA -- redirect from h... - 21.Jun.2005 10:54:00 PM   
ferrix

 

Posts: 547
Joined: 16.Mar.2005
Status: offline
Wow, I love posts like this, because they're such an exact match.

We have created a filter, WebDirect (at http://www.collectivesoftware.com) that is built to fix this exact issue. It enables ISA 2004 to perform HTTP redirects. This way, you don't have to let any requests through to your target server unless they are HTTPS, the correct path, and authenticated.

Hope this helps someone in the future (I know this is a pretty old post)

(in reply to MooseFruit)
Post #: 16

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts