URL Subdirectory only redirect

Hi there experts, I have a curly issue, that I'm hoping has a simple resolution.

I currently have an SBS 2003 setup with ISA as the firewall.

In this firewall, it has the ability to re-direct an incoming web request based on the subdirectory being accessed, for example, if the request enters on 443 (https) but is attempting to access the /APPLICATION subdirectory, it redirects the request to port 8000 on the internal interface

ie

https://remote.company.com/APPLICATION gets translated to http://internal.company.local:8000/APPLICATION

We have been forced to change from SBS 2003 with ISA to SBS2011 and now need to use a hardware firewall (a Netgear FVS338) and I wanted to try and replicate this behaviour. The particular webapp won't run on the new SBS 2011 setup, so it is going on an older server (and is working well internally)

So to summarise, what I want to do is..

Keep existing http://remote.company.com/ SBS functionality
"Remote.company.com" is a substitude for our external address
"oldappserver" is a substitute for our older internal server's name (a different box to the SBS)

I am hoping that there is an IIS redirect or similar solution to this but so far I've only seen that IIS can redirect whole site names only, not subdirectories in a site, as I don't think the firewall is sophisticated enough to perform this task like ISA could.

thanks
ivvaustAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Cliff GaliherConnect With a Mentor Commented:
There is no way to do this with IIS because of how web servers terminate the connection.

What you describe is known as an application-aware reverse proxy and some firewalls do have this functionality...but not the baseline Netgear models.

You can either replace your firewall with a higher end UTM device with reverse proxy functionality (I don't know of any offhand, but I've heard that higher-end sonicwalls and such can do this), you can set up a dedicated server as a reverse proxy (TMG 2010, Untangle, etc) or you can go a different route altogether such as getting multiple public IPs and no longer rely on the path to route the request.

-Cliff
0
 
ivvaustAuthor Commented:
I already have multiple IPs but was hoping to avoid having to hang the machine on its own connection, and get a seperate certificate etc..

Looks like this will have to been the way to go though! Thankyou
0
 
ivvaustAuthor Commented:
Clear, concise, and told me exactly what I needed to know.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.