[isalist] Re: HTTP Redirects

• From: "Rob Moore" <RMoore@xxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Fri, 29 Feb 2008 11:51:39 -0500

http://www.ISAserver.org
-------------------------------------------------------

Can we do the opposite? Can we use a wildcard, and catch 1 path for
every virtual host?

Something like:  http://*.site.tld/path = https://*.site.tld/path

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Friday, February 29, 2008 9:09 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: HTTP Redirects

http://www.ISAserver.org
-------------------------------------------------------
  
You can also specify the vroot in the mapping, so...
https://site.domain.tld/path = https://site.domain.tld/path

This way, you can limit the changes to a single vroot.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Rob Moore
Sent: Friday, February 29, 2008 5:21 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: HTTP Redirects

http://www.ISAserver.org
-------------------------------------------------------

Except we don't want to have it force SSL on all sections of the site,
only certain directories.  What's more, the server hosts several sites,
and we don't want to have to set something in ISA every time we create a
new site.  Is there a way to get ISA to leave 302 responses alone, and
NOT have it "fix" them?  Or can we write generic link translation rules,
similar to the apache rewrite module, to control what parts of the sites
are redirected?

Thanks,
Rob

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Wednesday, February 27, 2008 1:56 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: HTTP Redirects

http://www.ISAserver.org
-------------------------------------------------------

This is link translation.
The user connects to a listener/rule combination that allows
http://site.domain.tld and includes link translation.
If a link or redirect comes through that says https://site.domain.tld,
LT will automatically change that to http://site.domain.tld.  This is
what LT is for.
You can enter a custom definition that says to change
https://site.domain.tld to https://site.domain.tld, but this will cause
all connections from that site to be redirected to HTTPS.
If that's what you want, you're golden.

Jim

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Rob Moore
Sent: Wednesday, February 27, 2008 10:24 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] HTTP Redirects

Hello all-

Using ISA 2006 Standard.

We have an Apache server on our network.  We are using the Apache server
to add a forced redirect from HTTP to HTTPS for some pages on one of the
sites served by that server.  If your browser is on our network, this
works fine.  Apache replies with a 302 status, and a location header
that includes https://site.domain.tld/file
<https://site.domain.tld/file>  just like it should.  However, if your
browser is outside our network the reply seems to have been edited so
that the location header now reads http://site.domain.tld/file
<http://site.domain.tld/file>  (note the lost 's').  This causes the
browser to enter a redirect loop where it tries the unsecured page
repeatedly, and then fails. Since the only difference is that the
request is going through our ISA server when we're outside the network,
it seems like the ISA server is responsible for the problem. I'm not
even sure how to set the monitoring filter on the ISA server, though, to
show me what's going on.

To complicate matters a bit, I don't know how to get the
internally-generated certificate off the Apache server and into the ISA
server. So I published it using the "Publish Non-Web Server Protocols"
wizard. It was working fine until we started using the Apache server to
redirect HTTP requests to HTTPS.

Is there a way to prevent our ISA server from doing whatever it's doing
that seems to be updating this response header? Or is there a better
approach? (Like, maybe getting the cert off the Apache server and into
the ISA server so we can publish the site like a normal web site?)

Thanks,

Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Rob Moore

Network Manager

215-241-7870

Help Desk: 800-500-AFSC

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

• References:
  • [isalist] HTTP Redirects
    • From: Rob Moore
  • [isalist] Re: HTTP Redirects
    • From: Jim Harrison
  • [isalist] Re: HTTP Redirects
    • From: Rob Moore
  • [isalist] Re: HTTP Redirects
    • From: Jim Harrison

Other related posts:

• » [isalist] HTTP Redirects
• » [isalist] Re: HTTP Redirects
• » [isalist] Re: HTTP Redirects
• » [isalist] Re: HTTP Redirects
• » [isalist] Re: HTTP Redirects
• » [isalist] Re: HTTP Redirects
• » [isalist] Re: HTTP Redirects
• » [isalist] Re: HTTP Redirects
• » [isalist] Re: HTTP Redirects

1. Home
2. isalist
3. Archive
4. 02-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---