[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 360
  • Last Modified:

HTTPS publish and HTTP site - possible?

Pardon the somewhat beginner question, but is the below configuration secure with regards to SSL publishing an internal site that only runs on HTTP in IIS, or will the login process be in clear text for external systems/sniffers?
I know internal traffic will be, but management so far isn't concerned about that point...

Rule config;
From: Anywhere
To: Internal DNS name of host, Forward original host header, Request appear to come from the original client.
Traffic: HTTP & HTTPS
Public name: single DNS FQDN for site (no split DNS, so same name as internal)
Authentication Delegation: No delegation, but client may authenticate directly.
Bridging: Web server, Redirect requests to HTTP port: 80
Users: All Authenticated Users

Listener config;
Client Connection Type: HTTP(80) and HTTPS(81)
HTTP to HTTPS Redirection: Redirect all traffic from HTTP to HTTPS
Client Authentication Method: HTTP Authentication (Integrated), Windows Active Directory
Client Configuration Settings: Require all users to authenticate
Certificates: ISA wildcard selected

Thanks in advance for any help in this matter.

(Sorry if wrong place, but selecting Microsoft ISA as zone returns "not valid")
0
ipslave
Asked:
ipslave
1 Solution
 
HayesJupeCommented:
Im not quite clear on your question... but im guesing your just want to publish a site which internally is http only... but externally you want https only?
change your rule to allow https only (but rediorect to port 80 as you already have)
change your listener to listen on 443 (HTTPS) only
0
 
Keith AlabasterCommented:
Absolutely no issue as long as you are aware you have reduced your security by one level. It is still secure and allows for encrypted traffic from the external client to the ISA server.

keith
0
 
ipslaveAuthor Commented:
And that worked :)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now