HTTP Redirector: Send To Requested Web Server

TheMSsForum.com: The Microsoft Software Forum

Hello,

I am STILL puzzled by the HTTP Redirector. Does this effectively
disable the cache for ALL clients? I have enabled this setting and it
DOES resolve an authentication problem I had with a particular site.

On page 531 of "ISA Server 2000: Building Firewall for Windows 2000"
(Shinder), we get the following: "Use this option if you NEVER want
SecureNAT and Firewall Clients to access the web proxy service for HTTP
requests". Fair enough.

My understanding of the isaserver.org article "Configuring Web Proxy
Clients for Direct Access" is that this option merely "ALLOWS" clients
to bypass the cache (rather than prevents them for accessing it):
http://www.isaserver.org/tutorials/Configuring_Web_Proxy_Clients_for_Direct_Access.html

All my workstations have the Firewall Client loaded. I "reset" the ISA
Cache and expected it to remain empty. Files are starting to reapper.
How can this be?

Sincere apologies if this is a daft question, but the penny just has
not dropped.

TIA
Stephen
Top

Re: HTTP Redirector: Send To Requested Web Server by Steve

Steve
Mon Jan 16 15:04:09 CST 2006

StudioTwo wrote:

>Hello,
>
>I am STILL puzzled by the HTTP Redirector. Does this effectively
>disable the cache for ALL clients? I have enabled this setting and it
>DOES resolve an authentication problem I had with a particular site.
>
>On page 531 of "ISA Server 2000: Building Firewall for Windows 2000"
>(Shinder), we get the following: "Use this option if you NEVER want
>SecureNAT and Firewall Clients to access the web proxy service for HTTP
>requests". Fair enough.
>
>My understanding of the isaserver.org article "Configuring Web Proxy
>Clients for Direct Access" is that this option merely "ALLOWS" clients
>to bypass the cache (rather than prevents them for accessing it):
>http://www.isaserver.org/tutorials/Configuring_Web_Proxy_Clients_for_Direct_Access.html
>
>All my workstations have the Firewall Client loaded. I "reset" the ISA
>Cache and expected it to remain empty. Files are starting to reapper.
>How can this be?
>
>Sincere apologies if this is a daft question, but the penny just has
>not dropped.

You must also configure web browser clients not to use a proxy server if
you want all access to be direct.

Turning off the HTTP Redirector only prevents ISA from transparently
proxying non-proxy HTTP requests (ie secureNAT and Firewall Client direct
HTTP requests). Proxy requests from a browser are unaffected.

--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.
Top

Re: HTTP Redirector: Send To Requested Web Server by StudioTwo

StudioTwo
Tue Jan 17 06:44:54 CST 2006

Steve, thank so much for the reply.

If within "IE Options -> LAN Settings -> Use A Proxy Server for Your LAN" IS
NOT Checked, All access will be direct.

If the above setting IS checked and pointing to ISA, all access will be
through the proxy server, apart from the sites that are configured for
direct access.

BTW, I loved the phrase "transparently proxying non-proxy HTTP request".

In conclusion, it makes sense for users to have the proxy settings enabled
within their browsers in order to take advantage of the cached content..
Until I disabled the HTTP Redirector, this proxy setting in the browser
would not really have made much difference would it?

Hopefully, I understood.

Thanks,
Stephen

"Steve Foster [SBS MVP]" <steve.foster@picamar.co.uk> wrote in message
news:xn0ehb8g3f4xr8l00n@msnews.microsoft.com...
>
> You must also configure web browser clients not to use a proxy server if
> you want all access to be direct.
>
> Turning off the HTTP Redirector only prevents ISA from transparently
> proxying non-proxy HTTP requests (ie secureNAT and Firewall Client direct
> HTTP requests). Proxy requests from a browser are unaffected.
>
> --
> Steve Foster [SBS MVP]
> ---------------------------------------
> MVPs do not work for Microsoft. Please reply only to the newsgroups.


Top

Re: HTTP Redirector: Send To Requested Web Server by Steve

Steve
Tue Jan 17 19:30:36 CST 2006

StudioTwo wrote:

>Steve, thank so much for the reply.
>
>If within "IE Options -> LAN Settings -> Use A Proxy Server for Your LAN"
>IS NOT Checked, All access will be direct.

IE's ability to reach the internet when no proxy is configured within IE
rely on the Firewall Client (if installed), or basic networking access via
TCP/IP (ie the machine must have a default gateway that can reach the net).

>
>If the above setting IS checked and pointing to ISA, all access will be
>through the proxy server, apart from the sites that are configured for
>direct access.

If IE has a proxy defined, then web requests are sent to the proxy server,
and it acts as a middleman, apart from any exceptions defined in IE.

>
>BTW, I loved the phrase "transparently proxying non-proxy HTTP request".

The point is that ISA, as the end-point for the FWC, or as the gateway for
client PCs, defaults to converting direct HTTP requests into proxied HTTP
requests automatically (ie it redirects HTTP requests, hence HTTP
Redirector). Of course, you can disable this functionality (as in your
case), and have ISA pass HTTP requests through just like any other protocol.

>
>In conclusion, it makes sense for users to have the proxy settings enabled
>within their browsers in order to take advantage of the cached content..
>Until I disabled the HTTP Redirector, this proxy setting in the browser
>would not really have made much difference would it?

Browsing from IE would use the configured proxy in preference to any other
method, so the Firewall Client would have no work to do on behalf of IE.

--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.
Top