• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

A question about Destination Sets

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Web Publishing >> A question about Destination Sets Page: [1]
Login
Message << Older Topic   Newer Topic >>
A question about Destination Sets - 27.Aug.2001 4:31:00 AM   
font1975

 

Posts: 89
Joined: 26.Jul.2001
From: houston, texas, usa
Status: offline
I have an internal IIS server behind an ISA server. I have ISA web publishing setup as follows:

a destination set for www.domain.com

a web publish rule which points to the destination set above and forwards to my internal server.

Now, all is working okay. But my question is this; if you enter "domain.com" in the web browser, it still loads my web page. I'm trying to limit it to just accept "www.domain.com".

Anyone know why ISA is accepting "domain.com" even though my destination set is only configured for "www.domain.com"? BTW, both point to the same IP due to the way REGISTER.COM's DNS server makes me do it.

Thanks,
Mark

Post #: 1
RE: A question about Destination Sets - 27.Aug.2001 3:05:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Mark,

That is interesting. I just tested out some scenarios after reading your post to see if if a Destination Set host.domain.com would allow domain.com to the same web site. It didn't work for me!

Are you publishing the site using the Web Proxy service, or are you using Server Publishing rules?

Do you have a path in the Destination Set? (don't know why this would make a diff, but just gathering information)

Thanks!

Tom

------------------
http://www.isaserver.org/shinder/



Get It Here!


(in reply to font1975)
Post #: 2
RE: A question about Destination Sets - 27.Aug.2001 4:30:00 PM   
font1975

 

Posts: 89
Joined: 26.Jul.2001
From: houston, texas, usa
Status: offline
Hi Tom!
Thanks for the reply, figures I'd have an odd problem. I'll fill-in some info:

I'm using a web publishing rule to publish the site. Also, I'm using IIS, and since I'll be hosting a friend's site, I'm setting IIS up to use Host Headers. I've also created one web site without a host header defined so that, in "theory", if a browser doesn't send the host header, the surfer will get a message to upgrade his/her browser.

In the web publish rule, I've configured it to foward the original header, so that I don't have to define a whole bunch of aliases on my internal DNS.

Here, you can connect to my site to test this. If you go to "www.carsandfish.com" you should see my page. If you then go to "carsandfish.com" you'll see the error page about incompatible browsers. This error page comes up because ISA is forwarding the web request to IIS, but with the header "carsandfish.com" which IIS is not configured for, so it displays the default web site (my error page). Hopefully everything is making sense :-)

My thinking is that with the destination set defined for "www.xxx.xxx" ISA should drop "xxx.xxx" and display a 403 Forbidden, similar to when you try to connect to my site with just an IP address (63.143.171.100)

Thanks again for you help,
Mark


(in reply to font1975)
Post #: 3
RE: A question about Destination Sets - 1.Sep.2001 6:27:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Mark,

Perhaps its the vagaries of using Host Headers? Try publishing the sites using different port numbers on the IIS server. The nice thing about Web Publishing Rules is that this sort of port redirection works nicely!

HTH,
Tom

------------------
http://www.isaserver.org/shinder/



Get It Here!


(in reply to font1975)
Post #: 4
RE: A question about Destination Sets - 4.Sep.2001 11:05:00 PM   
font1975

 

Posts: 89
Joined: 26.Jul.2001
From: houston, texas, usa
Status: offline
Tom,

I liked your idea! Seems a lot simpler to create different web sites with different port numbers on IIS, and then create destination sets on ISA and have it redirect it.

However, ISA is still not wanting to handle the incoming requests correctly. I have Exchange 2000 OWA setup as one web site and my main site as another (www.carsandfish.com and mail.carsandfish.com).

I create two destination sets for each site. I map the OWA site to 80 and my site to 81. I thought all was working, but then, after two days of working, ISA is doing it again where it just sends all web requests to the first publishing rule. Both www.xxx.com and mail.xxx.cam are going to the OWA site.

This is quite frustrating as everything seems to be setup correctly. If I do port redirection with ISA, should I still configure host names in IIS and then always forward "original headers"? If so, what's the point of creating multiple Destination sets on ISA?

-Mark


(in reply to font1975)
Post #: 5
RE: A question about Destination Sets - 5.Sep.2001 8:27:00 PM   
font1975

 

Posts: 89
Joined: 26.Jul.2001
From: houston, texas, usa
Status: offline
Follow-up info:

I found a knowledge base article that somewhat describes my issue. The article is Q291427.

Now, my case is a bit different because I only have one external IP address, but ISA is doing the same thing whereby it's only returning the first site in my publish rule list. When I originally posted this thread I only had one rule at the time to publish "www.domain.com" and was confused why just "domain.com" was going through. Now that I've tried using two rules (one for www the other for mail), I discovered whichever rule was listed first was the site that was returned.

I've worked around it by just having one rule send all request to IIS with original host headers and letting IIS handle which site is which. I'm just not sure if this is less secure or not. I can't think of why it would be.

Tom, my last question is this. Does ISA do a reverse look-up on the host header to verify it? I didn't notice on my Sniffer any additional DNS quereies after the HTTP get. But in my config on ISA server, on the internal NIC I specify the internal DNS server and on the external NIC I specify the external DNS servers, could this be an issue? Since my internal DNS are configured to use fowarders already should I just remove the external DNS entries?

Again thanks for your help, and this is a great site!
Mark Fontenot


(in reply to font1975)
Post #: 6
RE: A question about Destination Sets - 7.Sep.2001 6:59:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Mark,

That Q article refers only to situations when you are using IP addresses in your Destination Sets. You are using FQDNs and you have entries in the public DNS that map to your FQDNs.

Make sure your routing rules don't conflict. Remember that routing rules represent an ordered list, and if a request comes in that matches one of the routing rules, then the one on top wins. Of course, you probably didn't create any routing rules, and you don't necessily need to

So, if you create two sites on the same server, make sure each one is using a different port number, and make sure you configure them in the IIS console to use a different port number and confirm that they are working from an internal network client.

Then make two publishing rules, one for the OWA and the other for the alternate web site on port 81 (BTW, I prefer to not run multiple sites on an OWA server because the Exchange server requires so many resources).

Make sure that the send original host header option is enabled for both of the rules.

This should work. There's nothing unusual about this configuration, so it should work without incident.

HTH,
Tom

------------------
http://www.isaserver.org/shinder/



Get It Here!


(in reply to font1975)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Web Publishing >> A question about Destination Sets Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts