Configuring incoming Web request properties
| Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
Microsoft Internet Security and Acceleration (ISA) Server intercepts requests from external clients for internal servers. The ISA Server computer must be configured so that it knows which ports and Internet protocol (IP) addresses should be used for internal requests. The array's incoming Web request properties determine the following:
Which IP addresses and ports on the servers in the array should listen for requests. For more information, see Configure listeners for outgoing Web requests.
Which authentication method should be used, when authentication is required.
Number of connections that are allowed.
Whether Cache Array Routing Protocol (CARP) is enabled for the array.
For information on how internal Web servers interact with ISA Server, see ISA Server and IIS Server.
Listeners
You can configure which IP addresses on the servers in the array will listen for Web requests from external clients. For each IP address, you can specify the following:
Whether a server certificate is required and which server certificate to use. The server certificate is used when Internet clients use Secure Hypertext Transfer Protocol (HTTPS) to request objects from an internal Web server. For more information, see SSL bridging and Configure server certificates for Web requests.
Authentication method. For more information, see Authentication methods.
Ports
You can configure which port should be used to listen for incoming Web requests requests from external users. You can configure ports for all the IP addresses on the server or separately for each IP address. By default, the ISA Server computer does not listen for requests from external users.
You should configure the SSL port to 443 for incoming Web requests because most Web browsers cannot use other ports for Secure Socket Layer (SSL).
For configuration instructions, see Configure the TCP port and Enable SSL listeners
Authentication
You can create Web publishing rules, allowing or denying access to a set of computers (client address sets) or to a group of users. If the rule applies specifically to users, then the ISA Server checks the array's outgoing Web request properties to determine how the user should be authenticated. For example, a Web publishing rule might allow access only to specific users. ISA Server will authenticate the user requesting the object to determine if the second rule allows the requesting user access. The user must authenticate, using one of the authentication methods specified for the incoming Web requests.
Authentication Methods
ISA Server provides a secure, encrypted logon environment for those browsers that support Windows NT Challenge/Response authentication and provides basic authentication for other browsers. You can configure the following types of authentication:
Basic authentication
Digest authentication
Integrated authentication
Client certificate authentication
Authentication methods can be set for all the IP addresses on the server, or separately for each IP address. For more information, see Authentication methods and Configure authentication methods for Web requests.
Connection settings
You can configure the maximum number of concurrent outgoing connections for all the ISA Server computers in the array. The minimum value is 1 connection. You can also configure how long a connection can be inactive, before ISA Server closes it. For more information, see Configure connection settings for Web requests.
Enabling Cache Array Routing Protocol
You can enable the Cache Array Routing Protocol (CARP) by selecting to resolve requests within the array before routing the request. For more information, see Cache Array Routing Protocol and Enable Cache Array Routing Protocol.