ISA forward http requestor IP addy

TheMSsForum.com: The Microsoft Software Forum

I'm trying to find info on how to tell ISA to forward the http requestors IP
to the web server on the internal LAN. I did find I guess it would be a FAQ
explaining on how to do this on Tech Net. It basically said to use server
publishing rules. I tried to make a HTTP rule but it isn't an option for
protocols. The webmaster want to make some web security changes and needs
the requestor IP addy. Anyone have a solution to this? This is a SBS2000
server and the web server is on another machine on the LAN.

Thanks,
Chris
Top

Re: ISA forward http requestor IP addy by Chad

Chad
Tue Oct 14 21:10:49 CDT 2003

Hi Chris -

From a security standpoint, I would strongly advise *against* having your
public web server on your LAN. If it were me, I'd put a hardware firewall /
router between your SBS & Internet connection, then hang the web server off
the router. Have the router forward web traffic to the web server, and then
when that web server is compromised, you've still got ISA between it and
your LAN.

As for your question - you will need to create a web publishing rule. I
would recommend using forwarding web traffic based on destination - as this
gives you good flexibility if you ever have more than 1 web server (eg -
you're running OWA on your SBS in addition to the site on the web server).
To create a destination set, navigate to

Servers & Arrays
<servername>
Policy Elements
Destination Sets

Action | New | Set

Give your destination set a meaningful name, and then enter the destination
(e.g. 'www.company.com') - and yes, you do want to include the 'www' Once
you've saved the destination set, navigate to:

Servers & Arrays
<servername>
Publishing
Web Publishing Rules

Action | New | Rule

Destination Sets: Specified Destination Set
Select the destination set you just created
Client Type: Any Request
Rule Action: Redirect the request to internal web server
Enter the internal IP or FQDN for the web server
Check 'Send the original host header...'

Finish the wizard and you should be good to go. HTH!

--
Chad A Gross [SBS-MVP]

SBS ROCKS!!!


Chris Gumm wrote:
> I'm trying to find info on how to tell ISA to forward the http
> requestors IP to the web server on the internal LAN. I did find I
> guess it would be a FAQ explaining on how to do this on Tech Net. It
> basically said to use server publishing rules. I tried to make a HTTP
> rule but it isn't an option for protocols. The webmaster want to make
> some web security changes and needs the requestor IP addy. Anyone
> have a solution to this? This is a SBS2000 server and the web server
> is on another machine on the LAN.
>
> Thanks,
> Chris


Top