I have a question about windows servers and proxies. I'm the web person for a large hospital and our IT team can't solve an issue involving our domain name.
We recently moved our web hosting server from an internal machine to a leased, external, dedicated server at my recommendation (our I.T. people couldn't even get us a proper database running on the internal one).
Any computer connected to our internal network has a setting in their internet explorer that says if they are visiting *.ourdomain.com then do not redirect them through the proxy server and just send them to the proper server in our network. This is all good, except we need www.ourdomain.com to point to the new web server and it should go through the proxy. Well, we have about 15 or 20 subdomains and the I.T. people say they'd prefer not to list them all out in the i.e. exceptions because it'd require too much work to manage (wtf?).
So, is there any other solution? Right now what I've done is put a redirect isapi filter in IIS on the internal web host and any request is rewritten as replace www.ourdomain.com with www.ourOtherdomain.com which is confusing a ton of people. We don't want visitors hitting ourOtherdomain.com.
Any advice or firepower for my meeting with I.T. tomorrow would be awesome.
Best Answer
If I understand your question correctly the majority of your servers on your domain exist on your internal network and you do not want to proxy those, but you do want to proxy the externally hosted servers.
One way to do this may be to simply remove the
*.ourdomain.comexception and instead add exceptions based on your internal address space. So if you where using private addresses inside your network you might add an exception like this10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16. Of course you would just use the network or networks that is actually being used.You might suggest to your IT guys to also consider setting up WPAD this technology allows you to specify the exceptions and proxy configuration in a single javascript file hosted somewhere on your network. I find that a WPAD configuration is far easier to maintain then the a group policy exception list. WPAD is supported by most browsers, although you do have to enable it on Firefox.