Web Chaining

Web chaining is the ability to proxy and forward Web proxy client requests to an upstream ISA server or alternate location. When you configure Web chaining, you are instructing the ISA server to proxy the request to the specified upstream server, rather than retrieving the request itself from the remote Web server.

By default, there is a Web chaining rule named Last Default Rule that is configured to send the request directly to the specified destination. You can create new rules to proxy requests to an upstream server, or forward requests to an alternate location like a hosted site on the internal network.

Creating a Web Chaining Rule

To create a Web chaining rule, complete the following steps:

1. In the console tree, expand the server name, expand Configuration, and then click Networks.

2. In the details pane, click the Web Chaining tab.

3. In the task pane, click the Tasks tab. Under Web Chaining Tasks, click Create New Web Chaining Rule.

4. On the Welcome To The New Web Chaining Rule Wizard page, type a name for the Web chaining rule and click Next to continue.

5. On the Web Chaining Rule Destination page, specify the destination networks. Click Add. In the Add Network Entities dialog box, select a network, click Add, and then click Close when you have added all of the networks you would like to include. Click Next.

6. On the Request Action page, shown in Figure 9-3, specify how the client requests are processed, and then click Next. Your options include the following:

   • Retrieve Requests Directly From The Specified Destination This is the default setting that prompts the Web chaining rule to go directly the requested destination.

   • Redirect Requests To A Specified Upstream Server Select this option to send the request to another ISA server upstream. You can select the Allow Delegation Of Basic Authentication Credentials check box to ensure the upstream proxy server successfully processes the clients' credentials.

     Note

     If you select this option, only the specified credentials are used, masking all client requests when authenticating to the upstream server; this condition is rarely useful. The default behavior, when the check box is not selected, is that the upstream server might require authentication, possibly in addition to the downstream server having already authenticated the client. In this case, the client will again respond to the upstream server and authenticate to it as well, using the logged-on user's credentials. This might result in the user providing credentials a second time.

   • Redirect Requests To You can redirect the requests to a hosted site on your network by specifying the URL for the site, and the port on which the site listens, whether that port is a secured port or not.

   Note

   There is also a Use Automatic Dial-Up check box. We discuss this topic in Chapter 10, "Configuring Security Policies."

7. On the Completing The New Web Chaining Rule Wizard page, review the summary of information, and click Finish.

8. In the details pane, click Apply to save your configuration, and then click OK.

Figure 9-3: You have several options when defining how client requests should be proxied or forwarded to an upstream server when dealing with Web chaining.

Modifying a Web Chaining Rule

There are some additional options that can be configured by editing a Web chaining rule. For example, you can define SSL bridging and how both HTTP and SSL requests are redirected.

To edit a Web chaining rule, follow these steps:

1. In the console tree, expand the server name, expand Configuration, and then click Networks.

2. In the details pane, click the Web Chaining tab, and select the existing Web chaining rule you would like to edit.

3. In the task pane, click the Tasks tab. Under Web Chaining Tasks, click Edit Selected Rule.

The Edit Selected Rule task launches the Properties dialog box for the given Web chaining rule. There are four tabs available. Table 9-2 outlines the options on each tab.