How to use ISA Server 2004 to redirect requests to different Web sites based on the client IP address (843128)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2004, Standard Edition

SUMMARY

Describes how to use Microsoft Internet Security and Acceleration (ISA) Server 2004 to redirect client requests to different internal Web sites based on the IP address of the client.

To do this you must create a Web listener, group the client IP addresses into computer sets, and then create a Web publishing rule for each Web site. After you create the Web publishing rules you can configure each rule to apply to the appropriate computer set.

IN THIS TASK

INTRODUCTION

This step-by-step article describes how to use ISA Server 2004 to redirect requests to different internal Web sites based on a client Internet Protocol (IP) address.

The article describes how to configure ISA Server 2004 to redirect requests from two separate client sets to two different internal Web sites. This redirection process occurs when the client requests originate from the same network and target the same IP address on the ISA Server 2004-based computer. In this case, you can configure a single Web listener. A Web listener is associated with a point of entry for the traffic into the ISA Server 2004-based computer.

Note Although the scenario in this article describes the configuration for a Web listener that listens for requests on a single network, you can configure a Web listener to listen for requests from multiple networks.

To group the client addresses that you want to direct to each internal Web site, you can specify the address sets by creating computer sets or by using a built-in computer set. Then, you can configure Web publishing rules that determine where to direct the traffic for each computer set. The Web publishing rules are where the differentiation between client sets occurs. To redirect requests from two different client sets to two different internal Web sites, follow these steps:
  1. Configure a single Web listener.
  2. Use either of the following methods.
    • Create two client computer sets.
    • Create one computer set for a specific IP address or address range, and then set the default Anywhere computer to redirect all other traffic.
  3. Configure a Web publishing rule for each Web site.

    Note You must associate both Web publishing rules with the same Web listener.
  4. Configure the first Web publishing rule to apply to traffic that originates from a specific computer set.
  5. Configure the second Web publishing rule to apply to traffic that originates from a second specific computer set, or from the built-in Anywhere computer set.
back to the top

Create the Web listener

To create the Web listener that will be used by both Web publishing rules, follow these steps:
  1. In ISA Server Management, the Microsoft Management Console (MMC) that is included in ISA Server 2004, click Firewall Policy.
  2. On the Toolbox tab, click Network Objects.
  3. Under Network Objects, click New, and then click Web Listener.
  4. In the Web listener name box, type a name for the Web listener, and then click Next.
  5. Under IP Addresses, click to select the check box for the network that you want the Web listener to listen for requests from, and then click Next.
  6. Under Port Specification, configure the HTTP or the SSL port information that is specific to your environment, and then click Next.
  7. Click Finish.
back to the top

Create the computer sets

When you create the computer sets you can do either of the following:
  • You can create two specific computer sets if you know both of the client IP address ranges that you want to redirect to either Web site.
  • You can create one computer set to apply to a specific IP address range, and then use the built-in Anywhere computer set to apply to all other traffic.
To create a computer set, follow these steps:
  1. In ISA Server Management, click Firewall Policy.
  2. On the Toolbox tab, click Network Objects.
  3. Under Network Objects, click New, and then click Computer Set.
  4. In the Name box, type a name for the computer set.
  5. Click Add.
  6. Click Computer, and then either click Address Range or click Subnet depending on what you want to specify.
  7. Configure the name and IP address information for the computer, the address range or the subnet element, and then click OK.
  8. Repeat steps 5 through 7 for each computer, address range or subnet element that you want to add to the computer set.
  9. Click OK.
  10. If you know the client IP address range for the second computer set, repeat steps 3 through 9 for the second computer set.
back to the top

Create a Web publishing rule for each Web site

For each Web site, create a Web publishing rule by using the same Web listener. Then, assign the appropriate computer set to the Web publishing rule.
  1. In ISA Server Management, click Firewall Policy.
  2. On the Tasks tab, click Publish a Web Server.
  3. In the Web publishing rule name box, type a name for the Web publishing rule for the first Web site, and then click Next.
  4. Under Select Rule Action, click Allow, and then click Next.
  5. Under Define Website to Publish, specify the Web server where the Web site is located and the path that you want to publish, and then click Next.
  6. Under Public Name Details, specify the public domain name or the IP address that users will type to reach the published site, and then click Next.
  7. Under Select Web Listener, click to select the Web listener that you created earlier in the Web listener list, and then click Next.
  8. Under User Sets, click Next to accept the default setting of all users.
  9. Click Finish.
  10. To configure the Web publishing rule to accept traffic from a specific computer set, right-click the Web publishing rule that you just created, and then click Properties.
  11. Click the From tab.
  12. Click Anywhere, and then click Remove.
  13. To add the specific computer set, click Add.
  14. Expand Computer Sets, click the computer set that you created earlier, click Add, and then click Close.
  15. Click OK.
  16. If you created two specific computer sets, repeat steps 1 through 15 to create a Web publishing rule for the second Web site that applies to the second computer set.
  17. If you created only one custom computer set and you want to use the built-in Anywhere computer set to direct all other traffic to the second Web site, follow these steps:
    1. Repeat steps 1 through 9 for the second Web publishing rule.

      Note By default, the Web publishing rule applies to traffic from the built-in Anywhere computer set.
    2. Make sure that the Web publishing rule that applies to the Anywhere computer set is listed below the Web publishing rule that you created for the specific client set. To verify this, view the Web publishing rules in the middle pane. The Order column lists the order that the ISA Server 2004-based computer will process the rules. To move a rule down, right-click the Web publishing rule, and then click Move Down.

      The ISA Server 2004 processes the Web publishing rule that applies to the Anywhere computer set last. Therefore, the rule automatically applies to all clients that are not in the computer set that you created for the first Web publishing rule.
  18. Click Apply to save the changes and to update the configuration, and then click OK.
back to the top

REFERENCES

For more information about how to configure Web publishing rules, click Help on the Action menu, type configure Web publishing rules in the Type in the word(s) to search for box, and then press ENTER.

For more information about Web listeners, click Help on the Action menu, type Web listener overview in the Type in the word(s) to search for box, and then press ENTER.

back to the top
Modification Type:MajorLast Reviewed:7/16/2004
Keywords:kbFirewall kbHOWTOmaster KB843128 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.