Chapter 14. Securing Web (HTTP) Traffic
IN THIS CHAPTER
Although ISA Server 2004 is designed to handle any type of network traffic, it does particularly well in the filtering and securing of the Hypertext Transport Protocol (HTTP), the most common protocol used on the Internet and the transport mechanism for delivering website information, pictures, and video across the Internet.
ISA Server 2004's Application layer filtering technologies enable organizations to properly secure their outward-facing web services from external attacks such as Code Red, Nimbda, and future HTTP-based exploits yet to be written. Although standard packet filter firewalls are limited to opening a port for HTTP, ISA Server 2004 includes the capability to filter the HTTP traffic by host header, path, content type, HTTP commands, and a whole host of other filter options.
In addition to providing for secure web filtering options as an edge firewall, ISA Server 2004 also provides for robust reverse proxy options in the DMZ of an existing firewall, allowing for additional layers of protection and providing for capabilities such as end-to-end SSL encryption, link translation, and more.
This chapter focuses on ISA Server 2004's HTTP securing capabilities. ISA deployment scenarios as an edge firewall and a reverse-proxy server are outlined, and step-by-step guides for securing web servers, SharePoint sites, and other custom web applications are outlined.