ISA Proxy – HTTPS Traffic

httpsisa-serverPROXY

We have an ISA 2006 setup for our organisations proxy. It's been working well for the last few months just blocking everything except a few allowed web site and web applications.

We need to allow some people to access a web application hosted off site via HTTPS. I've tried and tried, wasted 3 days on it and have given in.

Can someone please tell me how on earth this is achieved?

Looking at the Monitor, it looks like it passes one rule, then is blocked by the default rule. I just don't unterstand it well enough to take it on further.

Best Answer

You need a URL or Domain Name set describing the target.

Then, you need an Access Rule.

  • Allow
    • From: Internal (or whatever network the users are on)
    • Protocols: HTTP & HTTPS (or just HTTPS)
    • To: Target URL Set
    • Users: Whomever you want. If setting All Users works, it's an authentication problem.

Caveats:

  • Authentication must be working in order to do it by user.
  • the target URL Set for HTTPS needs to be https://domain.com
    • possibly http://domain.com (yes, even for SSL, I don't have one to test with but remember some funkiness around that)
    • HTTPS targets in URL Sets cannot include a path, because the browser doesn't share that with the proxy. Domain Name Sets would work for this too.
  • When testing, remember the Two Minute Rule.
    • the Two Minute Rule is that ISA will take up to two minutes for the change to kick in, so wait until then before deciding something hasn't worked.

You'll need to post more details about how you're going about it, and the problems you're having - from your description, it could be anything.

Related Topic