Configuring the HTTP Redirector.












As you are well aware, ISA Server can function as a caching server, a firewall, or in integrated mode where both firewall functionality and caching functionality are used together. In such cases, the ISA firewall and the Web Proxy Service are designed to function together so that all Web requests from firewall and SecureNAT clients are passed to the Web Proxy Service. This feature enables firewall and SecureNAT client to retrieve Web data that is cached on the ISA Server without any direct browser configuration. An application filter, called the HTTP Redirector, handles this feature.



The HTTP Redirector’s job is to forward all HTTP requests from firewall and SecureNAT clients to the Web Proxy Service. The Web Proxy Service can then retrieve the HTTP requests – either from the Internet or the ISA Server cache – and return those requests to the firewall and SecureNAT clients. In a nutshell, the filter allows firewall and SecureNAT clients to access HTTP data without having to be configured as Web Proxy clients.

However, there is an important caveat that must be considered. When the HTTP Redirector passes requests from firewall and SecureNAT clients, all authentication data is lost and the Web Proxy Service sees the requests as unauthenticated requests. If unauthenticated requests are allowed, the Web Proxy Service simply services the requests from the cache or the Internet and returns the results to the client. If unauthenticated requests are not allowed, then all HTTP Redirector requests will fail.


Curt Simmons is the Author of ‘Microsoft ISA Configuration and Administration



Amazon.com (April, 2001)


Curt Simmons is also the Author of Microsoft Internet Security and Acceleration Server 2000 Study Guide : Exam 70-227 ( Certification Study Guides)


The reverse, however, is also true. Let’s say that you configure a policy that allows HTTP access for half of your users and denies access to the second half. If the HTTP Redirector is used, authentication information is lost and the users who are denied access will still gain access via the HTTP Redirector.

So, when considering the use of the HTTP Redirector, which saves you configuration time and headaches in the end, you must take a careful look at your rules and whether or not you want all firewall and SecureNAT client HTTP requests to be managed as unauthenticated requests and how your policy configuration will be affected.

The HTTP Redirector gives you three configuration options that govern how the filter manages firewall and HTTP requests. You can access the HTTP Redirector filter by opening ISA Management, and then expanding Servers and Arrays | desired server / array | Extensions | Application Filters. Double-click the HTTP Redirector filter in the console’s details pane. The filter can be enabled on the General tab, and if you click the Options tab, you see the configuration options available to you.



The first option, which is selected by default, redirects all HTTP requests from firewall and SecureNAT clients to the Web Proxy Service on the local ISA Server computer. You also see a check box option that allows the HTTP Redirector to directly send the HTTP request to the requested Web server if the Web Proxy Service should be unavailable. Depending on your policy configuration, you’ll need to decide if you want the HTTP Redirector to bypass the Web Proxy Service and send client requests directly to Internet Web servers when the Web Proxy Service is not available. Objects are not cached in this case.

The second option completely bypasses the Web Proxy Service altogether and the HTTP Redirector sends HTTP requests to the requested Web server for service. No objects are cached when this option is used.

The final option simply rejects all HTTP request from firewall and SecureNAT clients. Even if your policies allow the HTTP request, the HTTP redirector will reject the request and not pass it onto the Web Proxy Service. In order for firewall and SecureNAT clients to access HTTP data under this configuration, they must be setup as Web Proxy clients.


Curt Simmons, MCSE, MCT, CTT, is a technology author and trainer from Dallas. Visit Curt on the Internet at http://curtsimmons.hypermart.net.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top