Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 218
  • Last Modified:

Proxying single web site

Hello experts

We have an IIS web server (Windows Server 2008 R2) on the other side of a VPN (192.168.12.1). Our Workstations do not have access to this VPN, only our main server(192.168.4.1), which is a SBS 2011 Server.

We would like our workstations to access the remote web server over our local server for just one single URL, let's say http://192.168.4.1/company1/default.aspx?param=x should be proxied to http://192.168.12.1/company1/default.aspx?param=x

We tried this with iis redirection, but it does not seem work, because ist still seems not to have access to the VPN (originator of request is probably still the workstation).

Would there be a simple way to let our server be the originator of the page request so it will be able to access the remote web server (proxying)?

Many thanks in advance for your advice.
0
mangojerry
Asked:
mangojerry
2 Solutions
 
Cris HannaCommented:
How are you accomplishing the access by the SBS Server and not the workstations?
SBS 2011 uses a single nic and uses the Firewall/Router as it's gateway and all workstations do the same.

once we understand that, there might be something that can be done in DNS to get them to the correct location.
0
 
Larry Struckmeyer MVPCommented:
I must be missing something.... a web server where the only access is via VPN and then from only an SBS 2011?  Can you help us understand why not either put that web server on the same subner (assuming it's inside the same perimeter as the rest), or if not inside the same perimeter,, setup hardware VPN's between the routers, or just make it a real webserver, hosted locally or at a hosted location, with or without limited access.
0
 
mangojerryAuthor Commented:
ok, here some more details to clarify:

The web server is not ours, it's from Philips. It is an internal web server which allows to view x-ray images in a web browser. The server is for internal use, only. It is not public. But we have two branches of the same company connected by VPN, let's say 192.168.4.0 and 192.168.12.0 (where the Philips server is located). All workstations from 192.168.12.0 have VPN access to the main server (to exchange server) 192.168.4.1, but only the main server has VPN access to the 192.168.12.0. subnet, not the workstations of the 192.168.4.0 subnet.

Now we had the idea, instead of giving all 192.168.4.0 workstations VPN access to the 192.168.12.0 subnet, to access our local main server 192.168.4.1 from the workstation by browser and let it proxying the request to the Philips server in the 192.168.12.0 subnet.

But we never have done somthing like this. We tried an iis redirect, but it did not work, because the originator of the http request is probably still the workstation. And also the solution should be simple, otherwise we will have to think about another solution.

Many thanks in advance.
0
Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
David Johnson, CD, MVPOwnerCommented:
192.168.12.0 === 192.168.4.0
                    === 192.168.12.0

you need a gateway to the 192.168.12.0 network from the 192.168.4.x network

you could use a route 192.168.12.4 with a machine with 2 network cards one for each network
on the webserver you could add a rule to allow only 192.168.12/24

on the 192.168.4.x network use dns to setup a cname i.e. xray == 192.168.4.x network goes to the machine with 2 network cards and in its webserver have a 301 redirect to 192.168.12.4


on the 192.168.12.0 network setup the cname to point to 192.168.12.4

this way on either network it is just http:\\xray


0
 
mangojerryAuthor Commented:
We have finally decided to leave the idea with the proxy and have opened the VPN tunnel to the 192.168.12.0 subnet for every computer in the 192.168.4.0 subnet. Additionally we have added a route to the firewall wich directs all requests from the workstations directly to the Philips server and have restricted the port of the route to 80.

ve3ofa: As your solution comes nearest to what we have done, you get the points fromm us.

Many thanks to all!
0
 
mangojerryAuthor Commented:
Used different way to solve the task.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now