Sanibel Logic LLC

...Scalable Technologiesfor the Enterprise

SSLRedirect Interoperability with ISA Server 2006

In certain senarios, SSLRedirect HTTPS:// redirected URLs will be changed back to HTTP:// URLs by the Microsoft ISA Server 2006, resulting in an endless loop between SSLRedirect and ISA Server 2006.  This is a problem with ISA Server 2006, however can be fixed with an ISA Server 2006 configuration change.

Symptom is outlined as:

  • You have a computer that is running Microsoft Internet Security and Acceleration (ISA) Server 2006 or Microsoft Internet Security and Acceleration (ISA) Server 2004 in a split DNS infrastructure. 
  • You have a Web server that automatically redirects HTTP requests to Secure Socket Layer (SSL) requests (in this case; SSLRedirect).
  • You create a Web publishing rule for the Web server that redirects HTTP requests to HTTPS.
  • You use one of the following configurations:
    • You configure the Web listener to listen for HTTP requests and also to use bridging. 
    • You configure the Web listener and the bridging for both HTTP and for SSL requests (HTTPS). 

In this scenario, when the Web server receives an HTTP request, it redirects the request to the ISA server as an SSL request (HTTPS).

For example, http://www.contoso.com is redirected to https://www.contoso.com.Then, the ISA server translates SSL requests to HTTP requests and redirects it back to the Web server. This causes an endless loop.

The resolution for the ISA Server 2006 problem is outlined in Microsoft Knowledge Base article 924373 .  In the KB article, follow the method 2 explicit mapping configuration change.

Here is an email from a licensee who configured the ISA Server 2006 fix as outlined in the above KB article:

Email_3

Loading