How to publish a Web site on a computer that is running ISA Server 2006 or ISA Server 2004
[LEFT][CODE]http://support.microsoft.com/?scid=kb%3Ben-us%3B885186&x=18&y=10[/CODE]
This article discusses how to configure a Web publishing rule to publish a Web site that resides directly on your Microsoft Internet Security and Acceleration (ISA) Server 2006 or ISA Server 2004 computer.
[B]
Before you configure a Web publishing rule Before you configure a Web publishing...
[/B]
[B]Before you configure a Web publishing rule[/B]
Before you configure a Web publishing rule, you must disable socket pooling in Microsoft Internet Information Services (IIS).
For additional information about how to disable socket pooling if ISA Server 2004 is installed on a Microsoft Windows 2000 Server-based computer, click the following article numbers to view the articles in the Microsoft Knowledge Base: [URL="http://support.microsoft.com/kb/238131/"]238131[/URL] ([url=http://support.microsoft.com/kb/238131/]How to Disable Socket Pooling[/url] ) How to disable socket pooling
[URL="http://support.microsoft.com/kb/259349/"]259349[/URL] ([url=http://support.microsoft.com/kb/259349/]IIS Binds To All Available IP Addresses When It Starts[/url] ) IIS binds to all available IP addresses when it starts
For more information about how to disable socket pooling if ISA Server is installed on a Microsoft Windows Server 2003-based computer, click the following article number to view the article in the Microsoft Knowledge Base: [URL="http://support.microsoft.com/kb/813368/"]813368[/URL] ([url=http://support.microsoft.com/kb/813368/]Setting metabase property DisableSocketPooling has no effect[/url] ) IIS 6.0: Setting metabase property DisableSocketPooling has no effect
If you want to use automatic discovery, we recommend that you configure IIS to use another port instead of port 80. ISA Server uses TCP port 80 to publish automatic discovery information. If you do configure IIS to use another port, users must specify a port to connect to the published Web site.
[B]How to configure a Web publishing rule in ISA Server 2006[/B]
[LIST=1][*]Start the ISA Server Management snap-in.[*]Expand the ISA Server computer node, and then click [B]Firewall Policy[/B].[*] On the [B]Tasks[/B] tab, click [B]Publish Web Sites[/B] to start the New Web Publishing Rule Wizard.[*]Type a name for the rule in the [B]Web publishing rule name[/B] box. For example, type Publish internal Web server, and then click [B]Next[/B].[*]On the [B]Select Rule Action[/B] page, make sure that the default [B]Allow[/B] action is selected. This setting enables requests to reach the Web server according to the conditions that are set by the rule.[*]Click [B]Next[/B].[*]On the [B]Publishing Type[/B] page, leave the default [B]Publish a single Web site or load balancer[/B] option selected, and then click [B]Next[/B].[*]Click [B]Use non-secured connections to connect the published Web server or server farm[/B], and then click [B]Next[/B].
[B]Note[/B] If you want to publish a Web server that receives HTTPS requests, click [B]Use SSL to connect to the published Web server or server farm[/B]. In this situation, you must have a digital certificate installed on the server. For more information about the requirements for Secure Sockets Layer (SSL) support, click the server connection security link on the [B]Server Connection Security[/B] page of the New Web Publishing Rule Wizard. For more information about digital certificates for ISA Server, visit the following Microsoft Web site: [URL]http://go.microsoft.com/fwlink/?LinkId=20794[/URL] ([url]http://go.microsoft.com/fwlink/?LinkId=20794[/url]) [*]On the [B]Internal Publishing Details[/B] page, do the following:
[LIST=1][*]Type the internal Web address of the Web site in the [B]Internal site name[/B] box. For example, type ISA_Server_Name in the [B]Internal site name[/B] box. Do not include http:// in this Web address.[*]Click to select the [B]Use a computer name or IP address to connect to the published server[/B] check box.[*]Type the fully qualified domain name (FQDN) of the ISA Server computer in the [B]Computer name or IP address[/B] box, or type the IP address of the internal network adapter of the ISA Server computer in the [B]Computer name or IP address[/B] box.[*]Click [B]Next[/B].[/LIST][*]On the [B]Internal Publishing Details[/B] page, do the following:
[LIST=1][*]If you want to publish a particular folder on the Web site, type that folder name in the [B]Path (optional)[/B] box. If you leave this box blank, you will publish the whole site.[*]Click to select the [B]Forward the original host header instead of the actual one specified in the Internal site name field on the previous page[/B] check box.[*]Click [B]Next[/B].[/LIST][*]On the [B]Public Name Details[/B] page, provide information about what requests will be received by the ISA Server computer and forwarded to the Web server component.
[LIST=1][*]In the [B]Accept requests for[/B] list, click either [B]Any domain name[/B] or [B]This domain name (type below)[/B].
[B]Note[/B] If you click [B]Any domain name[/B], any request that is resolved to the IP address of the external Web listener of the ISA Server computer will be forwarded to the Web site. If you click [B]This domain name (type below)[/B] and provide a specific domain name, such as [url=http://www.fabrikam.com]Microsoft Corporation[/url], only requests for [url]http://www.fabrikam.com[/url] will be forwarded to the Web server component. This configuration assumes that the domain name resolves to the IP address of the external Web listener of the ISA Server computer.
[B]Note[/B] If you want to publish Web sites under more than one domain name, such as [url=http://www.fabrikam.com]Microsoft Corporation[/url] and [url=http://www.adatum.com]Microsoft Corporation[/url], you must click [B]This domain name (type below)[/B] and specify the domain name in this step. You must specify the domain name so that separate Web publishing rules for the two domains will route requests to the correct sites.[*]If you click [B]This domain name (type below)[/B], type the domain name in the [B]Public name[/B] box. For example, type [url=http://www.fabrikam.com]Microsoft Corporation[/url].[*]If you specify a folder in the [B]Path[/B] box, such as News, the path will be required in the request. For example, if you specify News as the path, you must visit the [url=http://www.fabrikam.com/news]Microsoft Corporation[/url] address to access the Web site. The required request format is shown in the [B]Site[/B] box.[/LIST][*]Click [B]Next[/B].[*] On the [B]Select Web Listener[/B] page, click the Web listener that you want to use in the [B]Web listener[/B] list. The Web listener will listen for Web page requests that should be redirected to the Web server component on the ISA Server computer. If you have not defined a Web listener, click [B]New[/B], and then follow these steps to create a new listener:
[LIST=1][*]On the [B]Welcome to the New Web Listener Wizard[/B] page, type the name of the new listener. For example, type Listener on external network for internal Web publishing, and then click [B]Next[/B].[*]If you want to receive HTTPS requests, click [B]Require SSL secured connections with clients[/B].
[B]Note[/B] To use SSL, you must have a digital certificate installed on the ISA Server computer. For more information about digital certificates for ISA Server, visit the following Microsoft Web site: [URL]http://go.microsoft.com/fwlink/?LinkId=20794[/URL] ([url]http://go.microsoft.com/fwlink/?LinkId=20794[/url]) [*]If you do not want to receive HTTPS requests, click [B]Do not require SSL secured connections with clients[/B].[*]Click [B]Next[/B].[*]On the [B]Web Listener IP Addresses[/B] page, click to select the check box that corresponds to the network that will listen for Web requests. Because you want ISA Server to receive requests from the external network, the listener should be one or more IP addresses on the external network adapters of ISA Server. Therefore, click to select the [B]External[/B] check box.[*]Click [B]Next[/B].[*]On the [B]Authentication Settings[/B] page, configure the authentication type that you want to use for the published Web site. For a typical Web site, click [B]No Authentication[/B] in the [B]Select how clients will provide credentials to ISA Server[/B] list.
[B]Note[/B] For more information about these authentication options, click the [B]authentication settings[/B] link. Also, see the "Authentication Concepts in ISA Server 2006" topic in ISA Server 2006 Help and Support.[*]Click [B]Next[/B].[*]On the [B]Single Sign On Settings[/B] page, click [B]Next[/B].[*]Click [B]Finish[/B].[/LIST][*]Click [B]Next[/B].[*]On the [B]Authentication Delegation[/B] page, click the kind of delegation that you want to use in the [B]Select the method used by ISA Server to authenticate to the published Web server[/B] list. For a typical Web publishing scenario, click [B]No delegation, and client cannot authenticate directly[/B].
[B]Note[/B] For more information about the kinds of authentication delegation that are available in ISA Server 2006, click the [B]authentication delegation[/B] link.[*]Click [B]Next[/B].[*] On the [B]User Sets[/B] page, make sure that the default [B]All users[/B] user set is displayed. This setting enables any computer in the external network to access the published Web pages.
[B]Note[/B] To restrict access to specific users, click [B]All Users[/B], click [B]Remove[/B], and then click [B]Add[/B] to add a specific user set.[*] Click [B]Next[/B].[*]On the [B]Completing the New Web Publishing Rule Wizard[/B] page, scroll through the rule configuration to make sure that you have configured the rule correctly, and then click [B]Finish[/B].[*]Click [B]Apply[/B] to save the changes and update the configuration, and then click [B]OK[/B].[/LIST]
[B]How to configure a Web publishing rule in ISA Server 2004[/B]
[LIST=1][*]Start the ISA Server Management snap-in.[*]Expand the ISA Server computer node, and then click [B]Firewall Policy[/B].[*] On the [B]Tasks[/B] tab, click [B]Publish a Web Server[/B] to start the New Web Publishing Rule Wizard.[*]Type a name for the rule in the [B]Web publishing rule name[/B] box. For example, type Publish internal Web server, and then click [B]Next[/B].[*]On the[B] Select Rule Action[/B] page, make sure that the default [B]Allow[/B] action is selected. This setting permits requests to reach your Web server according to the conditions that are set by the rule.[*]Click [B]Next[/B].[*]On the [B]Define Website to Publish[/B] page, do the following:
[LIST=1][*]Type the computer name or the IP address of your ISA Server 2004 computer in the [B]Computer name or IP address[/B] box.[*]Verify that the [B]Forward the original host header instead of the actual one (specified above)[/B] check box is not selected. By default, this check box is not selected.[*]In the [B]Path[/B] box, you can specify the Web site folder that you want to publish. If you leave this box blank, you will publish the whole site.[/LIST][*]Click [B]Next[/B].[*]On the [B]Public Name Details[/B] page, provide information about what requests will be received by the ISA Server computer and forwarded to the Web server component.
[LIST=1][*]In the [B]Accepts requests for[/B] list, click either [B]Any domain name[/B] or [B]This domain name (type below)[/B]. If you click [B]Any domain name[/B], any request that is resolved to the IP address of the external Web listener of the ISA Server computer will be forwarded to your Web site. If you click [B]This domain name (type below)[/B] and provide a specific domain name, such as [url=http://www.fabrikam.com]Microsoft Corporation[/url], only requests for [url]http://www.fabrikam.com[/url] will be forwarded to the Web server component. This configuration assumes that the domain name resolves to the IP address of the external Web listener of the ISA Server computer.
[B]Note[/B] If you want to publish Web sites under more than one domain name, such as [url=http://www.fabrikam.com]Microsoft Corporation[/url] and [url=http://www.adatum.com]Microsoft Corporation[/url], you must click [B]This domain name (type below)[/B] and specify the domain name in this step. You must specify the domain name so that separate Web publishing rules for the two domains will route requests to the correct sites.[*]If you click [B]This domain name (type below)[/B], type the domain name in the [B]Public name[/B] box. For example, type [url=http://www.fabrikam.com]Microsoft Corporation[/url].[*]If you specify a folder in the [B]Path[/B] box, such as News, the path will be required in the request. For example, if you specify News as the path, you must visit the [url=http://www.fabrikam.com/news]Microsoft Corporation[/url] address to access the Web site. The required request format is shown in the [B]Site[/B] box.[/LIST][*]Click [B]Next[/B].[*] On the [B]Select Web Listener[/B] page, click the Web listener that you want to use in the [B]Web listener[/B] list. The Web listener will listen for Web page requests that should be redirected to the Web server component on your ISA Server 2004 computer. If you have not defined a Web listener, click [B]New[/B], and then follow these steps to create a new listener:
[LIST=1][*]On the [B]Welcome to the New Web Listener Wizard[/B] page, type the name of the new listener. For example, type Listener on external network for internal Web publishing, and then click [B]Next[/B].[*]On the [B]IP Addresses[/B] page, click to select the check box that corresponds to the network that will listen for Web requests. Because you want ISA Server to receive requests from the external network, the listener should be one or more IP addresses on the external network adapters of ISA Server. Therefore, click to select the [B]External[/B] check box, and then click [B]Next[/B].[*]On the [B]Port Specification[/B] page, make sure that the HTTP port is set to 80. Port 80 is the default setting.[*]If you want to receive HTTPS requests, click to select the [B]Enable SSL[/B] check box, make sure that the Secure Sockets Layer (SSL) port is set to 443, and then provide the certificate name in the [B]Certificate[/B] box. To use SSL, you must have a digital certificate installed on the ISA Server computer. For more information about digital certificates for ISA Server 2004, visit the following Microsoft Web site: [URL]http://go.microsoft.com/fwlink/?LinkId=20794[/URL] ([url]http://go.microsoft.com/fwlink/?LinkId=20794[/url]) [*]Click [B]Next[/B], and then click [B]Finish[/B].[/LIST][*]Click [B]Next[/B].[*] On the [B]User Sets[/B] page, make sure the default [B]All users[/B] user set is displayed. This setting permits any computer in the external network to access the published Web pages.
[B]Note[/B] To restrict access to specific users, click [B]All Users[/B], click [B]Remove[/B], and then click [B]Add[/B] to add a specific user set.[*] Click [B]Next[/B].[*]On the [B]Completing the New Web Publishing Rule Wizard[/B] page, scroll through the rule configuration to make sure that you have configured the rule correctly, and then click [B]Finish[/B].[*]Click [B]Apply[/B] to save the changes and update the configuration.[/LIST]
[B]REFERENCES[/B]
For more information about how to publish a Web server by using ISA Server 2004, visit the following Microsoft Web site:[url=http://technet.microsoft.com/en-us/library/cc302545.aspx]Publishing Web Servers Using ISA Server 2004[/url] ([url=http://technet.microsoft.com/en-us/library/cc302545.aspx]Publishing Web Servers Using ISA Server 2004[/url])
[B]APPLIES TO[/B]
[LIST][*]Microsoft Internet Security and Acceleration Server 2004 Standard Edition[*]Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition[*]Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition[*]Microsoft Internet Security and Acceleration Server 2006 Standard Edition[/LIST]
[/LEFT]