MSPSS: is there life after the helpdesk?

sharing solutions to uncommon IT problems

Archive for the ‘ISA’ Category

Splitting HTTP traffic between 2 servers using the same URL – Reverse Proxy

leave a comment »


Due to a problem with a customer, yesterday we found ourselves in a situation where they needed to split traffic between a remote and a local server for incoming HTTP requests for the same URL (different subfolders).

Our customer needed to redirect /* to their external server and /somesubfolder/* to a local server in our network.

The first reaction was “this cannot be done” but after some thinking I realized this could be achieved using a Reverse Proxy which would analyze the incoming traffic for that URL and redirect to the appropriate destination.

In our network we have a ISA Server which we use exclusively for publishing OWA, so I decided to give it a try and it worked! Here below are the steps to create a successful Reverse Proxy with multiple destinations:

– Create a web listener configured to listen on whichever IP address you will use to resolve your URL (obviously the IP Address needs to be added to the Nic of your ISA Server first).

– Create 2 Web Publishing Rules: one for the remote site, I called it “www publishing rule” and one for the internal site “internal site publishing rule”)

– The rules have to be configured in a pretty standard way: remember to select the correct listener in the listener tab and to insert the correct website name in the “Public Name” tab.

– The will only differ in the following tabs:

"Paths" Tab

“Paths” Tab

"To" Tab

“To” Tab




Written by zantoro

January 11, 2013 at 2:45 pm

Posted in ISA, Networking

Tagged with , ,

ISA 2006 – Pass-through authentication + basic authentication = HTTP 403

leave a comment »

when you try to configure ISA 2006 to publish a website, letting the website itself handle the authentication (i.e. basic authentication), you might get an immediate 403 error.
To achieve what stated above you would usually configure the rule as follows:
Authentication on ISA: no authentication
Authentication delegation: no delegation but client can authenticate
MS tells you that if you get a straight 403 it might mean that:
1. you did not select “allow HTTP authentication” in the advanced settings
2. you did not configure a HTTPS port
They forgot 1 more possibility:
In the users tab you might have “All authenticated users” which is not possible since you are not authenticating on ISA anymore (but that’s the default setting of every website publishing rule).
Put “All users” instead and everything should work fine.


Written by zantoro

October 22, 2012 at 9:30 pm

Posted in ISA

Tagged with ,