[isalist] Re: Publishing in ISA2006

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 29 Jan 2007 20:47:57 -0800

The rule works with the related listener.

You cannot evaluate one without including the other - period.

The listener; not the rule is what determines if HTTP/HTTPS redirection
is possible.

If the listener doesn't accept HTTP, then it can't redirect it to HTTPS.

You're not trying to publish a stealth service, are you?

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Ball, Dan
Sent: Monday, January 29, 2007 10:51 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Publishing in ISA2006

 

Not Exchange traffic, but the main web server.  They both use the same
listener, so it makes it difficult to modify one but not the other.
Once I got the webserver working, I was planning on taking Tom's
suggestion that he had awhile back and using a redirect page to redirect
OWA calls to an alternate port/listener.

 

In any case, in this particular instance I'm referring to normal web
traffic that I want in plain-text.  Correct me if I'm wrong, but I was
under the assumption that if the publishing rule was not working
"non-SSL", then both the "authenticated traffic" and "all traffic"
options would behave the same way.  I.e., they would both return an
error if the client wasn't capable of the connection.  

 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Monday, January 29, 2007 11:57 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Publishing in ISA2006

 

You never had ISA 2004 doing the redirects without custom code.

It did not have this option.

 

Let's get this straight - you want to publish plain-text Exchange web
traffic?!?

Also; "Redirect authenticated traffic from HTTP to HTTPS" option in the
web listener.  This works because it redirects all web traffic to HTTPS"
is incorrect; that setting only redirects traffic which has already been
authenticated - probably why only some requests are working.  Change it
to redirect "ALL" requests.

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Ball, Dan
Sent: Monday, January 29, 2007 8:04 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Publishing in ISA2006

 

Nope, same server, and ISA_Redirects have never been used on that
server.  I used to publish the website without requiring SSL, now that
is the only way I can get it to work.  In fact, I used the "connections"
tab in the listener to force everything over to HTTPS, just to get it
working.  I just can't figure out how to get it publish "without" SSL,
as there seem to be some browsers that have a problem with that method.
While I'd like to tell them to fix their own system and get over it,
that won't fly with a "public" website.  

 

Where can I start looking for clues on this problem?

 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Monday, January 29, 2007 9:29 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Publishing in ISA2006

 

That error response can only be obtained when web publishing.

IIS response is quite different.

You probably were using the ISA_Redirects tool or something similar and
forgot to move it to the new server.

The good news is that in ISA 2006, such custom mechanisms aren't
required.

In the listener "Connections" tab, you can opt to redirect anonymous or
authenticated HTTP connections to HTTPS.

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Roy Tsao
Sent: Monday, January 29, 2007 1:18 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Publishing in ISA2006

 

Original publishing is SSL bridge or tunneling?

        ----- Original Message ----- 

        From: Ball, Dan <mailto:DBall@xxxxxxxxxxx>  

        To: isalist@xxxxxxxxxxxxx 

        Sent: Monday, January 29, 2007 10:40 AM

        Subject: [isalist] Publishing in ISA2006

         

        When I upgraded ISA2004 to ISA2006, my published webserver and
Exchange server no longer worked.  

         

        Browsing to the website gave me this error:

        Error Code: 403 Forbidden. The page must be viewed over a secure
channel (Secure Sockets Layer (SSL)). Contact the server administrator.
(12241)

         

        Typing https:// into the URL allowed the traffic to flow.

         

        The only way I could get it to work was to enable the "Redirect
authenticated traffic from HTTP to HTTPS" option in the web listener.
This works because it redirects all web traffic to HTTPS.  However, it
doesn't work for all pages, we have a few pages that have problems, and
have had reports from some people that cannot access the website at all.

         

        So, I need to get this working properly again.  I've deleted all
of the publishing rules and the web listener several times, recreating
everything from scratch; it still gives me the same error.  I've
followed every tutorial I could find, it appears that I'm doing it
correctly.  There must be some little detail that I'm missing with
ISA2006.  Probably something obvious, but it is eluding me...

         

        Anyone have any ideas?

All mail to and from this domain is GFI-scanned.

All mail to and from this domain is GFI-scanned.


All mail to and from this domain is GFI-scanned.

Other related posts: