• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 921
  • Last Modified:

ISA 2004 & Exchange 2003 OWA -- redirect from http:// to https:// ?

I have successfully setup an ISA 2004 server that only allows users to connect to an OWA 2003 server via https://myserver.com/exchange.

What I would like to do is setup ISA to redirect users from http://myserver.com to https://myserver.com/exchange. Is this possible?

As is stands today, the users are given an error if they visit http://myserver.com.

This is a user-convenience thing only. I do not want users to be able to access OWA via http, rather I would like http to redirect to https.

I have considered using a simple web page with a META redirect tag, but is this the correct approach and how would this be done? Can an ISA server even run IIS to serve up the simple web page?

Thanks!!!

Best,
Joe
0
MooseFruit
Asked:
MooseFruit
  • 9
  • 6
1 Solution
 
EmptyoneCommented:
0
 
EmptyoneCommented:
ISA server can run IIS, but would recommend to keep IIS away from the ISA. It is a security risk
0
 
MooseFruitAuthor Commented:
Thanks for the replies, but I need to incorporate ISA and the kb article does not include ISA in the solution.

I am open to alternative ideas, I just want the http -> https redirect to occur.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
EmptyoneCommented:
Publish the owa server on port 80 also, that will fix it
0
 
MooseFruitAuthor Commented:
Publishing OWA on 80 will still require users to enter an extended URL, albeit http, but it will still be the longer http://myserver.com/exchange as opposed to the simpler http://myserver.com.  Plus this defeats best security practice of allowing connections to OWA via https only.

Thanks for the ideas so far.
0
 
EmptyoneCommented:
If you set up the exchange virtual directory to require ssl. Then you would disable the connection not using ssl. And if you change the redirect script like this:

<%
  If Request.ServerVariables("SERVER_PORT")=80 Then
    Response.Redirect "https://" & Request.ServerVariables("SERVER_NAME") &
"/exchange/"
  End If
%>

then you could type http://myserver.com and be redirected to https://myserver.com/exchange
0
 
MooseFruitAuthor Commented:
In your last example we are still defeating best security practices by allowing port 80 to pass the ISA server and the through DMZ where the ISA sits.  Port 80 from the Internet should not be able to reach OWA.

What we need is port 80 (http) to be redirected to port 443 (https) on the external side of the firewall.
0
 
MooseFruitAuthor Commented:
I think you are getting close though!  If only that could be done on the ISA.....
0
 
EmptyoneCommented:
I am looking into it. Have got the same set up on my server at home. Will inform you as soon as I find out something
0
 
MooseFruitAuthor Commented:
Great, thanks for the ideas so far.
0
 
MooseFruitAuthor Commented:
Still looking for assistance if anyone has any ideas.
0
 
MooseFruitAuthor Commented:
Any other ideas???
0
 
EmptyoneCommented:
I have looked at it, but I'm not able to find a way to do it. Have also looked at different ISA sites, but they have not got a good answer for it. But one way to do it is to direct port 80 asking for myserver.com to a server in DMZ, and then set up a redirect on that server
0
 
MooseFruitAuthor Commented:
Found the solution.  Link translation!  Works beautifully.  Thanks for the effort, though.
0
 
MooseFruitAuthor Commented:
0
 
CetusMODCommented:
PAQed with points refunded (500)

CetusMOD
Community Support Moderator
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 9
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now