• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Problems going from a SSL page, back to http

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Cache] >> General >> Problems going from a SSL page, back to http Page: [1]
Login
Message << Older Topic   Newer Topic >>
Problems going from a SSL page, back to http - 27.Nov.2004 3:05:00 AM   
hilmark

 

Posts: 3
Joined: 27.Nov.2004
From: Iceland
Status: offline
Hi,

I have been working on a problem with a published web site. (ISA2004, IIS6 on W2k3)
I installed a Certificate on the web server which is running a fully functional .aspx page web site. Selected pages should use SSL.

On internal servers everything works. So if i go from the web main page:
http:\\www.dom.com\index.aspx?GroupId=2 (which is the front page without ssl, and dom.com being a dummy domain:-)
to the ssl page:
http:\\www.dom.com\index.aspx?GroupId=109 (page 109 is programmed to change to https, wich it does)
Then when located on:
https:\\www.dom.com\index.aspx?GroupId=109
All links on the page change to https:\\... but when clicking on them the underlying programming reroutes the users to http:\\...

So when located on the internal network everything works fine. Going in to SSL pages and out again works plus this solution is being used behind varius versions of PIX in production environments.

Now.. if I am accessing the web through the ISA web publishing rule I go to the SSL page:
http:\\www.dom.com\index.aspx?GroupId=109
and I get re routed to
https:\\www.dom.com\index.aspx?GroupId=109

BUT.. There is no way out !

I'm stuck. When I click the link on the main page link:
url = https:\\www.dom.com\index.aspx?GroupId=2
is targeted and should change to:
http:\\www.dom.com\index.aspx?GroupId=2, BUT IT DOES NOT !

When I look at the ISA log it seems to be opening the following URL:
http:\\www.dom.com:443\index.aspx?GroupId=2
with port=443 and protocol=https
Is that normal notations for SSL requests from ISA server? Why not https:\\...

I've tried all versions of the publishing rule but now it has the following settings.
TO: www.dom.com - request coming from ISA
BRIDGING: Web Server - redirect http(80) and ssl(443) - no cert

Funny thing. If I am on the SSL page, and change the rule so that I take out the ssl redirect in BRIDGING, it is possible to go back and forth to the main page but now everyting is in https from the client to the ISA.
Then if I turn of the explorer and run it upp again, it is not possible to access the ssl bage any more. I neet to enable ssl redirect again.

If anyone has questions or points for me to try, or is certain that this is a programming issue. PLEASE send me a line "[Smile]"
Post #: 1
RE: Problems going from a SSL page, back to http - 29.Nov.2004 3:42:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Hilmark,

If you want to go from HTTP to HTTPS, then you'll need two Web Publishing Rules and maybe two listeners, depending on the configuration.

HTH,
Tom

(in reply to hilmark)
Post #: 2
RE: Problems going from a SSL page, back to http - 29.Nov.2004 12:17:00 PM   
hilmark

 

Posts: 3
Joined: 27.Nov.2004
From: Iceland
Status: offline
Hi, and thank you for taking the time to reply.

Here are some more information.

Web Server: is on a hidden 10.10.140.10 address

There is one publishing rule:
FROM: Anywhere
TO: FQDN of the web server (10.10.140.10 in HOST file)
LISTENER: External public IP address for the service.
Network: External
Ports: 80/443
Certificate: FQDN
BRIDGING: Redirect req to http 80 / Redirect req to https 443

Note, there is no problem going from http to https. It's getting back that is the problem.

Going to a http page which is programmed to use https results in the page loading in https.

After that, pushing a programmed button that points to a http page also takes you to a https page. If the page is programmed to send you to http a loop begins where the ISA constantly tries to access on https but the page tries to redirect to http.

Please direct me to some info or documents on using two publishing rules or listeners for this.

NOTE. This works fine from all internal networks, not using web publishing.

Best regards
Hilmar

(in reply to hilmark)
Post #: 3
RE: Problems going from a SSL page, back to http - 29.Nov.2004 5:59:00 PM   
hilmark

 

Posts: 3
Joined: 27.Nov.2004
From: Iceland
Status: offline
Hello again..

Tried creating two publishing rules and dividing the listeners in to 80 and 443. (two listeners)

NO Success ;-(

But I found the solution. It involved dissabling the Link Translation Filter Add-in under Configuration.

On ISA 2000 link translation is installed via isa feature pack 1 and is by default disabled. That's why you did not run to this problem with ISA 2000. However, on ISA 2004 link translation is enabled by default.

Either:

1. Disable link translation which is under configuration, add-ins.

OR

2. Create a link translation dictionary:

Here are the steps from my lab and you can replace the names with your server's name:

My IIS server name is masoudh23.
The external IP address of my ISA is 157.59.123.61

1. Enable link translator.
2. Go to the web publishing rule, properties.
3. Click on the tab "public Name" and enter the public name. You get this information from what you type on the browser to access the web site. For example I type in my browser <https://157.59.123.61/nxt/secure/DPDTWelcome.asp>. Where
157.59.123.61 is the external ip address of ISA. Therefore for "public Name" I have typed is <http://157.59.123.61>
4. Click on Translation tab and check Replace absolute links in web pages.
5. Click on add and for "Replace this text" type <http://iisservername> (in my lab I typed <http://masoudh23>).
For "With this text" I typed http://157.59.123.61 which is the external ip address of my isa server.
6. Click on apply and then restart ISA services.

(in reply to hilmark)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Cache] >> General >> Problems going from a SSL page, back to http Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts