HTTPS publish and HTTP site - possible?

Posted on 2009-02-10
Last Modified: 2012-05-06
Pardon the somewhat beginner question, but is the below configuration secure with regards to SSL publishing an internal site that only runs on HTTP in IIS, or will the login process be in clear text for external systems/sniffers?
I know internal traffic will be, but management so far isn't concerned about that point...

Rule config;
From: Anywhere
To: Internal DNS name of host, Forward original host header, Request appear to come from the original client.
Traffic: HTTP & HTTPS
Public name: single DNS FQDN for site (no split DNS, so same name as internal)
Authentication Delegation: No delegation, but client may authenticate directly.
Bridging: Web server, Redirect requests to HTTP port: 80
Users: All Authenticated Users

Listener config;
Client Connection Type: HTTP(80) and HTTPS(81)
HTTP to HTTPS Redirection: Redirect all traffic from HTTP to HTTPS
Client Authentication Method: HTTP Authentication (Integrated), Windows Active Directory
Client Configuration Settings: Require all users to authenticate
Certificates: ISA wildcard selected

Thanks in advance for any help in this matter.

(Sorry if wrong place, but selecting Microsoft ISA as zone returns "not valid")
Question by:ipslave
    LVL 15

    Accepted Solution

    Im not quite clear on your question... but im guesing your just want to publish a site which internally is http only... but externally you want https only?
    change your rule to allow https only (but rediorect to port 80 as you already have)
    change your listener to listen on 443 (HTTPS) only
    LVL 51

    Expert Comment

    by:Keith Alabaster
    Absolutely no issue as long as you are aware you have reduced your security by one level. It is still secure and allows for encrypted traffic from the external client to the ISA server.


    Author Closing Comment

    And that worked :)

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    Suggested Solutions

    ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
    Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now