Reverse Proxy HTTP > HTTPS and vice versa.
Hello,
I have an issue with reverse proxying and looking for guidance.
We have an issue with translating information between HTTPS and HTTP between two servers and are attempting to use ISA server 2006 on a windows 2003 box in the middle to pass data back and forward.
http traffic from the internal server1 must be re-formatted to https traffic and sent to internal server 2 whilst https traffic from the internal server 2 must be converted to http to send to internal server 1. Is ISA 2006 capable of this, and if so which would be the best (only) method for achieving it?
I'm completely stumped.
Thanks in advance for any help.
Answers
- Yes; you can do this, but it requires:
1. that each srver resolve the other website to an ISA internal IP address
2. you create a Web listener bound to that ISA internal IP address; one for HTTPS and the other for HTTP
3. you create two web publishing rules as:
Name = HTTP to HTTPS
Web listener = HTTP
Public Name = <name of HTTPS server>
Bridging = redirect to SSL port
To = name and IP of HTTPS server
Name = HTTPS to HTTP
Web listener = HTTPS
Public Name = <name of HTTP server>
Bridging = redirect to HTTP port
To = name and IP of HTTP server
..of course, the Web listener will need a certificate matching the name of the FQDN you use for the HTTPS-HTTP connection and the HTTPS server will need to use a certificate that includes the name of the HTTPS server.
Jim Harrison Forefront Edge CS- Marked As Answer byNick Gu - MSFTMSFT, ModeratorWednesday, September 16, 2009 8:53 AM
- Edited byJim Harrison IsaDewd Thursday, September 10, 2009 10:25 PM
- Proposed As Answer byJim Harrison IsaDewd Thursday, September 10, 2009 10:25 PM
All Replies
It sounds to me like you may be able to accompish this with a couple of Server Publishing rules. They give you the option of listening for traffic incoming on a specific port and then redirecting to another. So you would listen on 443 and redirect to 80 and vice versa.
Is that the only thing the ISA Server will be used for?- Yes; you can do this, but it requires:
1. that each srver resolve the other website to an ISA internal IP address
2. you create a Web listener bound to that ISA internal IP address; one for HTTPS and the other for HTTP
3. you create two web publishing rules as:
Name = HTTP to HTTPS
Web listener = HTTP
Public Name = <name of HTTPS server>
Bridging = redirect to SSL port
To = name and IP of HTTPS server
Name = HTTPS to HTTP
Web listener = HTTPS
Public Name = <name of HTTP server>
Bridging = redirect to HTTP port
To = name and IP of HTTP server
..of course, the Web listener will need a certificate matching the name of the FQDN you use for the HTTPS-HTTP connection and the HTTPS server will need to use a certificate that includes the name of the HTTPS server.
Jim Harrison Forefront Edge CS- Marked As Answer byNick Gu - MSFTMSFT, ModeratorWednesday, September 16, 2009 8:53 AM
- Edited byJim Harrison IsaDewd Thursday, September 10, 2009 10:25 PM
- Proposed As Answer byJim Harrison IsaDewd Thursday, September 10, 2009 10:25 PM
- Jim's solution sounds like a good one. I wasn't thinking "outside the box".
- Thanks guys, I'll have a look at this. I've been trying with this but I'm struggling a little with lack of training and short timescales!
I'll need to go sort out these certificates.
Cheers again.
:)
