I've browsed some past topics but didn't see quite what I was looking for... So here it goes
For now, I'm still using ISA in Cache mode (everyone in the LAN is a WebProxy client), inside my LAN (intend to move it to the border and set it up in integrated mode). I've seen posts of ppl having quite some trouble with SSL sites, but so far our world of hurt here is with just one, an iNotes Web Client (to IBM's Domino). From what I know, the server end runs in a Reverse Proxy setup, and it seems authentication can get all messed up... here some have slowdown/freezing issues, while others do not. So, considering that the information inside the tunnel won't be cached/examined by ISA, and that I don't need to prevent access to this particular site to anyone here, I decided to include this site in the "exceptions" list of IE.
When I begin to use ISA in Integrated mode, the traffic to the site won't be able escape going thru ISA, but it will go thru the Firewall service instead, right? (because I made an exception for it in IE) All these lines to get to my question? What about the HTTP Redirector? I suppose that if I enable it and set it to send the request to the Proxy service, I'll begin to run into the freezing issues again; If I set it to reject requests, I won't be able to browse the site, because of IE's exception list (can't go either way). Does it matter whether I leave the Redirector in the option "Send to requested Web Server" or disable the filter altogether? Does this third option "do nothing about it, just send it along" exist because of some issue with HTTP and the Firewall Service?
Oh, I forgot to mention the site and content rules and other configuration related to authentication: I have configured the listener to require authentication and I have NO rules allowing anonymous access (My "Allow All" rule is for the Domain Users group only)
I've read the article, thanks for the information, most of my doubts are cleared now. So please correct me if I'm wrong: no matter how I use the Redirector, one of the key points is that with it user information gets lost (unless I tell the redirector to reject the request of course). So in my case, I should disable the filter and have the firewall client + firewall service handle these requests that I'm going to exclude from the Proxy client and service... right?