29 Apr 2009

Custom HTTP Protocol Issue in ISA Server 2006

While trying to publish a CRL (Certificate Revocation List) Location through two sets of MS ISA 2006 Arrays, we had an issue with the HTTP Protocol in ISA proxying the request and therefore changing the Source IP of the request to the ISA rather than the original requesting server's IP.

To remedy this, we created a new HTTP Protocol in ISA and removed the Web Proxy filter from the new protocol. The new protocol was then used in the access rules.

This seemed to go some way to resolving the issue although we still had problems, as it appeared that the out of box HTTP Protocol was still being used and consequently the rule in the next set of ISAs in the route was not matching.

We stumbled across the link below which described our problem which involves creating a deny rule after the problematic access rule. This worked even though the guys commenting on the blog below state that they had problems with it on ISA 2006.

Check the MS ISA Team blog here