Web Chaining

Web chaining is the ability to proxy and forward Web proxy client requests to an upstream ISA server or alternate location. When you configure Web chaining, you are instructing the ISA server to proxy the request to the specified upstream server, rather than retrieving the request itself from the remote Web server.

By default, there is a Web chaining rule named Last Default Rule that is configured to send the request directly to the specified destination. You can create new rules to proxy requests to an upstream server, or forward requests to an alternate location like a hosted site on the internal network.

Creating a Web Chaining Rule

To create a Web chaining rule, complete the following steps:

  1. In the console tree, expand the server name, expand Configuration, and then click Networks.

  2. In the details pane, click the Web Chaining tab.

  3. In the task pane, click the Tasks tab. Under Web Chaining Tasks, click Create New Web Chaining Rule.

  4. On the Welcome To The New Web Chaining Rule Wizard page, type a name for the Web chaining rule and click Next to continue.

  5. On the Web Chaining Rule Destination page, specify the destination networks. Click Add. In the Add Network Entities dialog box, select a network, click Add, and then click Close when you have added all of the networks you would like to include. Click Next.

  6. On the Request Action page, shown in Figure 9-3, specify how the client requests are processed, and then click Next. Your options include the following:

    • Retrieve Requests Directly From The Specified Destination This is the default setting that prompts the Web chaining rule to go directly the requested destination.

    • Redirect Requests To A Specified Upstream Server Select this option to send the request to another ISA server upstream. You can select the Allow Delegation Of Basic Authentication Credentials check box to ensure the upstream proxy server successfully processes the clients' credentials.


      If you select this option, only the specified credentials are used, masking all client requests when authenticating to the upstream server; this condition is rarely useful. The default behavior, when the check box is not selected, is that the upstream server might require authentication, possibly in addition to the downstream server having already authenticated the client. In this case, the client will again respond to the upstream server and authenticate to it as well, using the logged-on user's credentials. This might result in the user providing credentials a second time.

    • Redirect Requests To You can redirect the requests to a hosted site on your network by specifying the URL for the site, and the port on which the site listens, whether that port is a secured port or not.


    There is also a Use Automatic Dial-Up check box. We discuss this topic in Chapter 10, "Configuring Security Policies."

  7. On the Completing The New Web Chaining Rule Wizard page, review the summary of information, and click Finish.

  8. In the details pane, click Apply to save your configuration, and then click OK.

image from book
Figure 9-3: You have several options when defining how client requests should be proxied or forwarded to an upstream server when dealing with Web chaining.

Modifying a Web Chaining Rule

There are some additional options that can be configured by editing a Web chaining rule. For example, you can define SSL bridging and how both HTTP and SSL requests are redirected.

To edit a Web chaining rule, follow these steps:

  1. In the console tree, expand the server name, expand Configuration, and then click Networks.

  2. In the details pane, click the Web Chaining tab, and select the existing Web chaining rule you would like to edit.

  3. In the task pane, click the Tasks tab. Under Web Chaining Tasks, click Edit Selected Rule.

The Edit Selected Rule task launches the Properties dialog box for the given Web chaining rule. There are four tabs available. Table 9-2 outlines the options on each tab.

Table 9-2: Property Settings for a Web Chaining Rule

Tab Name

Tab Options/Descriptions


Specify the name of the rule, and provide an optional description or location to disable the selected rule.


Specify how the requests should be processed, and determine if automatic dial-up should be enforced when the client request matches the rule.


Define the destination networks and how traffic will be handled when intended for these networks.


Specify how the requests should be redirected to the upstream server, as either HTTP or SSL requests. If using SSL, specify the certificate to use and whether you prefer 128-bit encryption.


You can also access the Bridging tab by selecting Define SSL Bridging For Selected Rule under Web Chaining Tasks in the task pane.

Microsoft Internet Security and Acceleration ISA Server 2004 Administrator's Pocket Consultant
Microsoft Internet Security and Acceleration (ISA) Server 2004 Administrators Pocket Consultant (Pro-Administrators Pocket Consultant)
ISBN: 0735621888
EAN: 2147483647
Year: 2006
Pages: 173

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net