RE: Auto Switching to SSL connection
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 18 Dec 2004 09:09:09 -0800
Create two listeners; one using HTTP (TCP:80) and the other using HTTPS
(TCP:443).
Set the HTTP listener to be anonymous and the SSL listener to use
authentication.
Uncheck "require authentication" on both.
Use your rules to determine what, if any authentication is required.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-----Original Message-----
From: William Holmes [mailto:wtholmes@xxxxxxxxxxxxxx]
Sent: Saturday, December 18, 2004 7:22 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Auto Switching to SSL connection
http://www.ISAserver.org
Hello,
Thease are very handy but they don't do quite what I want. The problem
is
that ISA is still requesting a password before it will display the page
and
generate the error. I want to go to SSL prior to ISA prompting for a
password.
user requests http://myserver/securpage
redirect --> https://myserver/securepage
prompt for credentials.
What happens now:
user requests http://myserver/securepage
prompt for credentials
error is generated
the scripts you pointed me to re-direct -->
https://myserver/securepage
The other issue is that I would like to be able to give out direct links
things like http://myserver/securepage/foo/bar/ and have it first
redirected
to https://myserver/securepage/foo/bar.
The issue is that users who browse this site from and internal network
don't
get prompted for passwords. Those who browse from outside do. I want the
authentication handshake to be in SSL.
I am using Radius so the passwords between the client and the isa server
are
running in the clear unless I use ssl.
Any suggestions?
Thanks
Bill
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Saturday, December 18, 2004 1:02 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Auto Switching to SSL connection
http://www.ISAserver.org
http://isatools.org/isa_redirects.zip includes two separate examples and
a
set of instructions on how to use each.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-----Original Message-----
From: William Holmes [mailto:wtholmes@xxxxxxxxxxxxxx]
Sent: Friday, December 17, 2004 8:49 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Auto Switching to SSL connection
http://www.ISAserver.org
Hello,
With ISA 2004 is there a way to configure a rule that will switch the
user to
ssl ? What I would like is requests for http://mysite.com/foo to be
swithced
to https://mysite.com/foo. I don't see any obvious way to do this. The
reason for doing this is that the publishing rule is setup for
authentication
and I obviously would like that to be secure. So I would like the SSL
switch
to take place before the authentication.
Thanks
Bill
William Holmes (MCP)
Department of Computer Science
310 Upson Hall
Cornell University
Ithaca, NY 14853
wtholmes@xxxxxxxxxxxxxx
607 255-1757 (o) 607 227-6049 (c)
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network
Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network
Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
wtholmes@xxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
