We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

HTTPS publish and HTTP site - possible?

Medium Priority
381 Views
Last Modified: 2012-05-06
Pardon the somewhat beginner question, but is the below configuration secure with regards to SSL publishing an internal site that only runs on HTTP in IIS, or will the login process be in clear text for external systems/sniffers?
I know internal traffic will be, but management so far isn't concerned about that point...

Rule config;
From: Anywhere
To: Internal DNS name of host, Forward original host header, Request appear to come from the original client.
Traffic: HTTP & HTTPS
Public name: single DNS FQDN for site (no split DNS, so same name as internal)
Authentication Delegation: No delegation, but client may authenticate directly.
Bridging: Web server, Redirect requests to HTTP port: 80
Users: All Authenticated Users

Listener config;
Client Connection Type: HTTP(80) and HTTPS(81)
HTTP to HTTPS Redirection: Redirect all traffic from HTTP to HTTPS
Client Authentication Method: HTTP Authentication (Integrated), Windows Active Directory
Client Configuration Settings: Require all users to authenticate
Certificates: ISA wildcard selected

Thanks in advance for any help in this matter.

(Sorry if wrong place, but selecting Microsoft ISA as zone returns "not valid")
Comment
Watch Question

IT Director
CERTIFIED EXPERT
Commented:
Im not quite clear on your question... but im guesing your just want to publish a site which internally is http only... but externally you want https only?
change your rule to allow https only (but rediorect to port 80 as you already have)
change your listener to listen on 443 (HTTPS) only

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Keith AlabasterEnterprise Architect
CERTIFIED EXPERT
Top Expert 2008

Commented:
Absolutely no issue as long as you are aware you have reduced your security by one level. It is still secure and allows for encrypted traffic from the external client to the ISA server.

keith

Author

Commented:
And that worked :)
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.