ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? (Full Version)

All Forums >> [ISA Server 2004 General ] >> Exchange Publishing



Message


MooseFruit -> ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? (2.Aug.2004 5:35:00 PM)

I have successfully setup an ISA 2004 server that only allows users to connect to an OWA 2003 server via https://myserver.com/exchange.

What I would like to do is setup ISA to redirect users from http://myserver.com to https://myserver.com/exchange. Is this possible?

As is stands today, the users are given an error if they visit http://myserver.com.

This is a user-convenience thing only. I do not want users to be able to access OWA via http, rather I would like http to redirect to https.

I have considered using a simple web page with a META redirect tag, but is this the correct approach and how would this be done? Can an ISA server even run IIS to serve up the simple web page?

Thanks!

Best,
Joe




MooseFruit -> RE: ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? (9.Aug.2004 3:53:00 PM)

Any thoughts?




andrew.toon -> RE: ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? (10.Aug.2004 9:31:00 AM)

The way I've done this is to use an .asp page to do a redirect from http://owaserver.com to https://owaserver.com/exchange.

First create the redirect .asp file and virtual directory, and set up the redirect to happen when you get an error 403.4

See - http://support.microsoft.com/default.aspx?scid=kb;en-us;555126&Product=exch2003 for info on how to do this.

Once you've setup the redirect you need to create a web publishing rule for the exchange server and HTTP only. This rule will redirect any requests for HTTP to the redirect .asp. An example rule is shown below.

Rule Name : OWA Redirect
Action : Allow
From : Anywhere
To : Internal name of Exchange Server
Traffic : HTTP
Listener : Standard HTTP
Public Name : External name of Exchange Server
Paths :
External = "/*",
Internal = "/<owa redirect virtual dir>/<owa .asp>"
Bridging : Redirect requests to HTTP (note don't tick the HTTPS box)
Users : All Users

I hope this helps.

Thanks
Andrew




MooseFruit -> RE: ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? (12.Aug.2004 8:53:00 PM)

Problem is -- that article assumes you are not using an ISA server in a DMZ.

If I don't allow port 80 on the intranet side of the DMZ, how does the client even arrive at OWA to get the redirect?

I would need to do the 80 -> 443 redirect on the ISA box. However I have read that you cannot run IIS and ISA on the same machine. (IIS required to support the ASP solution you outlined)

Any other thoughts?




BobW -> RE: ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? (14.Aug.2004 5:00:00 PM)

I used the asp redirect...but....

Link Translation works MUCH better. Just tell it to translate all http: to https:

Very cool,
Bob




tshinder -> RE: ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? (14.Aug.2004 5:20:00 PM)

Hi Bob,

How about just creating an error page that the ISA firewall delivered to the user with a correct link and a reminder that they should have entered the correct string in the first place?

HTH,
Tom




BobW -> RE: ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? (16.Aug.2004 5:27:00 AM)

Ah, but you are assuming you are dealing with folks who would understand the error page....

I switched to SSL and my users never knew it.

The way they access OWA is by going to a VERY basic website that leads to some internal items, one of which is OWA.

Tom, why not use Link translation? Am I missing something? It seems to be working quite nicely.

Thanks,
Bob

quote:
Originally posted by tshinder:
Hi Bob,

How about just creating an error page that the ISA firewall delivered to the user with a correct link and a reminder that they should have entered the correct string in the first place?

HTH,
Tom



[ August 16, 2004, 03:36 PM: Message edited by: BobW ]




MooseFruit -> RE: ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? (16.Aug.2004 4:03:00 PM)

quote:
Originally posted by BobW:
I used the asp redirect...but....

Link Translation works MUCH better. Just tell it to translate all http: to https:

Very cool,
Bob

Is this a feature in ISA? Can you point me in the right direction?

Thx again,
Joe




MooseFruit -> RE: ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? (16.Aug.2004 4:15:00 PM)

Bob:

Link translation works terrific! Thanks for the info.

Good info here:

http://www.isaserver.org/img/upl/spskit/7basiccredandlinktranslate/7basiccredandlinktranslate.htm

best,
Joe




ACC -> RE: ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? (30.Aug.2004 9:50:00 PM)

I have the same question, I couldn't get link translation to work. How did you configure it to work. I tried the http: to https: entry , then added owa.domain.com to owa.domain.com/exchange. I also enabled http on the listener...no good.

Thanks for any help.




druid_ro -> RE: ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? (21.Sep.2004 3:00:00 PM)

How is it possible to use link translation if you have a listener that only uses SSL?

I tried redirect with link translation with listener with both port 80 and 443, and I get a page with 12211 error(ssl required)

Do I need another web publishing rule, or another listener?




MooseFruit -> RE: ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? (27.Sep.2004 7:59:00 PM)

Your listener has to be configured for both 80 and 443.

Having trouble with link translation lately. Plain and simple it just doesn't work.

Anyone have any troubles with ISA RTM & link translation?




tshinder -> RE: ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? (30.Sep.2004 1:41:00 AM)

Hi Moose,

The few times I've used it I had no problems. Do you have specific issues with it?

Thanks!
Tom




penrose.l@2college.nl -> RE: ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? (30.Sep.2004 9:51:00 PM)

Try to open a .zip file attachment using link translation.
Much better is to redirect with HTTP REDIRECT function.

LexP




MooseFruit -> RE: ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? (11.Oct.2004 7:44:00 PM)

Then there is still the issue of requiring port 80 open on the internal firewall ONLY to support redirection. Not an optimal solution IMO.

After months of following this subject I just don't think there is any clean & simple way to redirect users from http://anything to https://server/exchange




ferrix -> RE: ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ? (21.Jun.2005 10:54:00 PM)

Wow, I love posts like this, because they're such an exact match.

We have created a filter, WebDirect (at http://www.collectivesoftware.com) that is built to fix this exact issue. It enables ISA 2004 to perform HTTP redirects. This way, you don't have to let any requests through to your target server unless they are HTTPS, the correct path, and authenticated.

Hope this helps someone in the future (I know this is a pretty old post)




Page: [1]