Microsoft KB Archive/885186

= How to publish a Web site on a computer that is running ISA Server 2006 or ISA Server 2004 =

Article ID: 885186

Article Last Modified on 12/4/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition
 * Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
 * Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
 * Microsoft Internet Security and Acceleration Server 2006 Standard Edition

-





INTRODUCTION
This article discusses how to configure a Web publishing rule to publish a Web site that resides directly on your Microsoft Internet Security and Acceleration (ISA) Server 2006 or ISA Server 2004 computer.



Before you configure a Web publishing rule
Before you configure a Web publishing rule, you must disable socket pooling in Microsoft Internet Information Services (IIS).

For additional information about how to disable socket pooling if ISA Server 2004 is installed on a Microsoft Windows 2000 Server-based computer, click the following article numbers to view the articles in the Microsoft Knowledge Base:

238131 How to disable socket pooling

259349 IIS binds to all available IP addresses when it starts

For more information about how to disable socket pooling if ISA Server is installed on a Microsoft Windows Server 2003-based computer, click the following article number to view the article in the Microsoft Knowledge Base:

813368 IIS 6.0: Setting metabase property DisableSocketPooling has no effect

If you want to use automatic discovery, we recommend that you configure IIS to use another port instead of port 80. ISA Server uses TCP port 80 to publish automatic discovery information. If you do configure IIS to use another port, users must specify a port to connect to the published Web site.

How to configure a Web publishing rule in ISA Server 2006
 Start the ISA Server Management snap-in. Expand the ISA Server computer node, and then click Firewall Policy. On the Tasks tab, click Publish Web Sites to start the New Web Publishing Rule Wizard. Type a name for the rule in the Web publishing rule name box. For example, type Publish internal Web server, and then click Next. On the Select Rule Action page, make sure that the default Allow action is selected. This setting enables requests to reach the Web server according to the conditions that are set by the rule. Click Next. On the Publishing Type page, leave the default Publish a single Web site or load balancer option selected, and then click Next.</li> Click Use non-secured connections to connect the published Web server or server farm, and then click Next.

Note If you want to publish a Web server that receives HTTPS requests, click Use SSL to connect to the published Web server or server farm. In this situation, you must have a digital certificate installed on the server. For more information about the requirements for Secure Sockets Layer (SSL) support, click the server connection security link on the Server Connection Security page of the New Web Publishing Rule Wizard. For more information about digital certificates for ISA Server, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkId=20794

</li> On the Internal Publishing Details page, do the following: <ol style="list-style-type: lower-alpha;"> Type the internal Web address of the Web site in the Internal site name box. For example, type in the Internal site name box. Do not include http:// in this Web address.</li> Click to select the Use a computer name or IP address to connect to the published server check box.</li> Type the fully qualified domain name (FQDN) of the ISA Server computer in the Computer name or IP address box, or type the IP address of the internal network adapter of the ISA Server computer in the Computer name or IP address box.</li> Click Next.</li></ol> </li> On the Internal Publishing Details page, do the following: <ol style="list-style-type: lower-alpha;"> If you want to publish a particular folder on the Web site, type that folder name in the Path (optional) box. If you leave this box blank, you will publish the whole site.</li> Click to select the Forward the original host header instead of the actual one specified in the Internal site name field on the previous page check box.</li> Click Next.</li></ol> </li> On the Public Name Details page, provide information about what requests will be received by the ISA Server computer and forwarded to the Web server component. <ol style="list-style-type: lower-alpha;"> In the Accept requests for list, click either Any domain name or This domain name (type below).

Note If you click Any domain name, any request that is resolved to the IP address of the external Web listener of the ISA Server computer will be forwarded to the Web site. If you click This domain name (type below) and provide a specific domain name, such as, only requests for   will be forwarded to the Web server component. This configuration assumes that the domain name resolves to the IP address of the external Web listener of the ISA Server computer.

Note If you want to publish Web sites under more than one domain name, such as  and , you must click This domain name (type below) and specify the domain name in this step. You must specify the domain name so that separate Web publishing rules for the two domains will route requests to the correct sites.</li> If you click This domain name (type below), type the domain name in the Public name box. For example, type .</li> If you specify a folder in the Path box, such as News, the path will be required in the request. For example, if you specify  as the path, you must visit the   address to access the Web site. The required request format is shown in the Site box.</li></ol> </li> Click Next.</li> <li>On the Select Web Listener page, click the Web listener that you want to use in the Web listener list. The Web listener will listen for Web page requests that should be redirected to the Web server component on the ISA Server computer. If you have not defined a Web listener, click New, and then follow these steps to create a new listener: <ol style="list-style-type: lower-alpha;"> <li>On the Welcome to the New Web Listener Wizard page, type the name of the new listener. For example, type Listener on external network for internal Web publishing, and then click Next.</li> <li>If you want to receive HTTPS requests, click Require SSL secured connections with clients.

Note To use SSL, you must have a digital certificate installed on the ISA Server computer. For more information about digital certificates for ISA Server, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkId=20794

</li> <li>If you do not want to receive HTTPS requests, click Do not require SSL secured connections with clients.</li> <li>Click Next.</li> <li>On the Web Listener IP Addresses page, click to select the check box that corresponds to the network that will listen for Web requests. Because you want ISA Server to receive requests from the external network, the listener should be one or more IP addresses on the external network adapters of ISA Server. Therefore, click to select the External check box.</li> <li>Click Next.</li> <li>On the Authentication Settings page, configure the authentication type that you want to use for the published Web site. For a typical Web site, click No Authentication in the Select how clients will provide credentials to ISA Server list.

Note For more information about these authentication options, click the authentication settings link. Also, see the &quot;Authentication Concepts in ISA Server 2006&quot; topic in ISA Server 2006 Help and Support.</li> <li>Click Next.</li> <li>On the Single Sign On Settings page, click Next.</li> <li>Click Finish.</li></ol> </li> <li>Click Next.</li> <li>On the Authentication Delegation page, click the kind of delegation that you want to use in the Select the method used by ISA Server to authenticate to the published Web server list. For a typical Web publishing scenario, click No delegation, and client cannot authenticate directly.

Note For more information about the kinds of authentication delegation that are available in ISA Server 2006, click the authentication delegation link.</li> <li>Click Next.</li> <li>On the User Sets page, make sure that the default All users user set is displayed. This setting enables any computer in the external network to access the published Web pages.

Note To restrict access to specific users, click All Users, click Remove, and then click Add to add a specific user set.</li> <li>Click Next.</li> <li>On the Completing the New Web Publishing Rule Wizard page, scroll through the rule configuration to make sure that you have configured the rule correctly, and then click Finish.</li> <li>Click Apply to save the changes and update the configuration, and then click OK.</li></ol>

How to configure a Web publishing rule in ISA Server 2004
<ol> <li>Start the ISA Server Management snap-in.</li> <li>Expand the ISA Server computer node, and then click Firewall Policy.</li> <li>On the Tasks tab, click Publish a Web Server to start the New Web Publishing Rule Wizard.</li> <li>Type a name for the rule in the Web publishing rule name box. For example, type Publish internal Web server, and then click Next.</li> <li>On the Select Rule Action page, make sure that the default Allow action is selected. This setting permits requests to reach your Web server according to the conditions that are set by the rule.</li> <li>Click Next.</li> <li>On the Define Website to Publish page, do the following: <ol style="list-style-type: lower-alpha;"> <li>Type the computer name or the IP address of your ISA Server 2004 computer in the Computer name or IP address box.</li> <li>Verify that the Forward the original host header instead of the actual one (specified above) check box is not selected. By default, this check box is not selected.</li> <li>In the Path box, you can specify the Web site folder that you want to publish. If you leave this box blank, you will publish the whole site.</li></ol> </li> <li>Click Next.</li> <li>On the Public Name Details page, provide information about what requests will be received by the ISA Server computer and forwarded to the Web server component. <ol style="list-style-type: lower-alpha;"> <li>In the Accepts requests for list, click either Any domain name or This domain name (type below). If you click Any domain name, any request that is resolved to the IP address of the external Web listener of the ISA Server computer will be forwarded to your Web site. If you click This domain name (type below) and provide a specific domain name, such as www.fabrikam.com, only requests for http://www.fabrikam.com will be forwarded to the Web server component. This configuration assumes that the domain name resolves to the IP address of the external Web listener of the ISA Server computer.

Note If you want to publish Web sites under more than one domain name, such as www.fabrikam.com and www.adatum.com, you must click This domain name (type below) and specify the domain name in this step. You must specify the domain name so that separate Web publishing rules for the two domains will route requests to the correct sites.</li> <li>If you click This domain name (type below), type the domain name in the Public name box. For example, type www.fabrikam.com .</li> <li>If you specify a folder in the Path box, such as News, the path will be required in the request. For example, if you specify News as the path, you must visit the http://www.fabrikam.com/news address to access the Web site. The required request format is shown in the Site box.</li></ol> </li> <li>Click Next.</li> <li>On the Select Web Listener page, click the Web listener that you want to use in the Web listener list. The Web listener will listen for Web page requests that should be redirected to the Web server component on your ISA Server 2004 computer. If you have not defined a Web listener, click New, and then follow these steps to create a new listener: <ol style="list-style-type: lower-alpha;"> <li>On the Welcome to the New Web Listener Wizard page, type the name of the new listener. For example, type Listener on external network for internal Web publishing, and then click Next.</li> <li>On the IP Addresses page, click to select the check box that corresponds to the network that will listen for Web requests. Because you want ISA Server to receive requests from the external network, the listener should be one or more IP addresses on the external network adapters of ISA Server. Therefore, click to select the External check box, and then click Next.</li> <li>On the Port Specification page, make sure that the HTTP port is set to 80. Port 80 is the default setting.</li> <li>If you want to receive HTTPS requests, click to select the Enable SSL check box, make sure that the Secure Sockets Layer (SSL) port is set to 443, and then provide the certificate name in the Certificate box. To use SSL, you must have a digital certificate installed on the ISA Server computer. For more information about digital certificates for ISA Server 2004, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkId=20794

</li> <li>Click Next, and then click Finish.</li></ol> </li> <li>Click Next.</li> <li>On the User Sets page, make sure the default All users user set is displayed. This setting permits any computer in the external network to access the published Web pages.

Note To restrict access to specific users, click All Users, click Remove, and then click Add to add a specific user set.</li> <li>Click Next.</li> <li>On the Completing the New Web Publishing Rule Wizard page, scroll through the rule configuration to make sure that you have configured the rule correctly, and then click Finish.</li> <li>Click Apply to save the changes and update the configuration.</li></ol>

<div class="references_section">