Proxying single web site

Posted on 2011-10-20
Last Modified: 2012-05-12
Hello experts

We have an IIS web server (Windows Server 2008 R2) on the other side of a VPN ( Our Workstations do not have access to this VPN, only our main server(, which is a SBS 2011 Server.

We would like our workstations to access the remote web server over our local server for just one single URL, let's say should be proxied to

We tried this with iis redirection, but it does not seem work, because ist still seems not to have access to the VPN (originator of request is probably still the workstation).

Would there be a simple way to let our server be the originator of the page request so it will be able to access the remote web server (proxying)?

Many thanks in advance for your advice.
Question by:mangojerry
    LVL 35

    Expert Comment

    by:Cris Hanna
    How are you accomplishing the access by the SBS Server and not the workstations?
    SBS 2011 uses a single nic and uses the Firewall/Router as it's gateway and all workstations do the same.

    once we understand that, there might be something that can be done in DNS to get them to the correct location.
    LVL 21

    Expert Comment

    by:Larry Struckmeyer MVP
    I must be missing something.... a web server where the only access is via VPN and then from only an SBS 2011?  Can you help us understand why not either put that web server on the same subner (assuming it's inside the same perimeter as the rest), or if not inside the same perimeter,, setup hardware VPN's between the routers, or just make it a real webserver, hosted locally or at a hosted location, with or without limited access.

    Author Comment

    ok, here some more details to clarify:

    The web server is not ours, it's from Philips. It is an internal web server which allows to view x-ray images in a web browser. The server is for internal use, only. It is not public. But we have two branches of the same company connected by VPN, let's say and (where the Philips server is located). All workstations from have VPN access to the main server (to exchange server), but only the main server has VPN access to the subnet, not the workstations of the subnet.

    Now we had the idea, instead of giving all workstations VPN access to the subnet, to access our local main server from the workstation by browser and let it proxying the request to the Philips server in the subnet.

    But we never have done somthing like this. We tried an iis redirect, but it did not work, because the originator of the http request is probably still the workstation. And also the solution should be simple, otherwise we will have to think about another solution.

    Many thanks in advance.
    LVL 77

    Accepted Solution

    by: ===

    you need a gateway to the network from the 192.168.4.x network

    you could use a route with a machine with 2 network cards one for each network
    on the webserver you could add a rule to allow only 192.168.12/24

    on the 192.168.4.x network use dns to setup a cname i.e. xray == 192.168.4.x network goes to the machine with 2 network cards and in its webserver have a 301 redirect to

    on the network setup the cname to point to

    this way on either network it is just http:\\xray


    Assisted Solution

    We have finally decided to leave the idea with the proxy and have opened the VPN tunnel to the subnet for every computer in the subnet. Additionally we have added a route to the firewall wich directs all requests from the workstations directly to the Philips server and have restricted the port of the route to 80.

    ve3ofa: As your solution comes nearest to what we have done, you get the points fromm us.

    Many thanks to all!

    Author Closing Comment

    Used different way to solve the task.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Want to promote your upcoming event?

    Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

    When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
    Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
    This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
    This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now