I have been working on a problem with a published web site. (ISA2004, IIS6 on W2k3) I installed a Certificate on the web server which is running a fully functional .aspx page web site. Selected pages should use SSL.
On internal servers everything works. So if i go from the web main page: http:\\www.dom.com\index.aspx?GroupId=2 (which is the front page without ssl, and dom.com being a dummy domain:-) to the ssl page: http:\\www.dom.com\index.aspx?GroupId=109 (page 109 is programmed to change to https, wich it does) Then when located on: https:\\www.dom.com\index.aspx?GroupId=109 All links on the page change to https:\\... but when clicking on them the underlying programming reroutes the users to http:\\...
So when located on the internal network everything works fine. Going in to SSL pages and out again works plus this solution is being used behind varius versions of PIX in production environments.
Now.. if I am accessing the web through the ISA web publishing rule I go to the SSL page: http:\\www.dom.com\index.aspx?GroupId=109 and I get re routed to https:\\www.dom.com\index.aspx?GroupId=109
BUT.. There is no way out !
I'm stuck. When I click the link on the main page link: url = https:\\www.dom.com\index.aspx?GroupId=2 is targeted and should change to: http:\\www.dom.com\index.aspx?GroupId=2, BUT IT DOES NOT !
When I look at the ISA log it seems to be opening the following URL: http:\\www.dom.com:443\index.aspx?GroupId=2 with port=443 and protocol=https Is that normal notations for SSL requests from ISA server? Why not https:\\...
I've tried all versions of the publishing rule but now it has the following settings. TO: www.dom.com - request coming from ISA BRIDGING: Web Server - redirect http(80) and ssl(443) - no cert
Funny thing. If I am on the SSL page, and change the rule so that I take out the ssl redirect in BRIDGING, it is possible to go back and forth to the main page but now everyting is in https from the client to the ISA. Then if I turn of the explorer and run it upp again, it is not possible to access the ssl bage any more. I neet to enable ssl redirect again.
If anyone has questions or points for me to try, or is certain that this is a programming issue. PLEASE send me a line
There is one publishing rule: FROM: Anywhere TO: FQDN of the web server (10.10.140.10 in HOST file) LISTENER: External public IP address for the service. Network: External Ports: 80/443 Certificate: FQDN BRIDGING: Redirect req to http 80 / Redirect req to https 443
Note, there is no problem going from http to https. It's getting back that is the problem.
Going to a http page which is programmed to use https results in the page loading in https.
After that, pushing a programmed button that points to a http page also takes you to a https page. If the page is programmed to send you to http a loop begins where the ISA constantly tries to access on https but the page tries to redirect to http.
Please direct me to some info or documents on using two publishing rules or listeners for this.
NOTE. This works fine from all internal networks, not using web publishing.
Tried creating two publishing rules and dividing the listeners in to 80 and 443. (two listeners)
NO Success ;-(
But I found the solution. It involved dissabling the Link Translation Filter Add-in under Configuration.
On ISA 2000 link translation is installed via isa feature pack 1 and is by default disabled. That's why you did not run to this problem with ISA 2000. However, on ISA 2004 link translation is enabled by default.
1. Disable link translation which is under configuration, add-ins.
2. Create a link translation dictionary:
Here are the steps from my lab and you can replace the names with your server's name:
My IIS server name is masoudh23. The external IP address of my ISA is 18.104.22.168
1. Enable link translator. 2. Go to the web publishing rule, properties. 3. Click on the tab "public Name" and enter the public name. You get this information from what you type on the browser to access the web site. For example I type in my browser <https://22.214.171.124/nxt/secure/DPDTWelcome.asp>. Where 126.96.36.199 is the external ip address of ISA. Therefore for "public Name" I have typed is <http://188.8.131.52> 4. Click on Translation tab and check Replace absolute links in web pages. 5. Click on add and for "Replace this text" type <http://iisservername> (in my lab I typed <http://masoudh23>). For "With this text" I typed http://184.108.40.206 which is the external ip address of my isa server. 6. Click on apply and then restart ISA services.