Publishing multiple Web sites over HTTP

  • Article

This topic provides instructions for publishing over HTTP. For information about how to publish over an SSL-secured connection, see Publishing multiple Web sites over HTTPS.

To publish multiple Web sites over HTTP

  1. In the Forefront TMG Management console tree, click Firewall Policy.

  2. In the task pane, click the Toolbox tab.

  3. On the Toolbox tab, click Network Objects, click New, and then select Web Listener to open the New Web Listener Wizard.

  4. Complete the New Web Listener Wizard as outlined in the following table.

    Page Field or property Setting or action

    Welcome to the New Web Listener Wizard

    Web listener name

    Type a name for the Web listener. For example, type:

    HTTP Web Site Listener

    Client Connection Security

    Select Do not require SSL secured connections with clients.

    Web Listener IP Addresses

    Listen for incoming Web requests on these networks

    Select the External network. Click Select IP Addresses, and then select Specified IP Addresses on the Forefront TMG computer in the selected network. In the Available IP Addresses list, select the appropriate IP address, click Add, and then click OK.

    Authentication Settings

    Select how clients will provide credentials to Forefront TMG

    In the drop-down list, select No Authentication.

    Single Sign On Settings

    Enable SSO for Web sites published with this listener

    Single sign-on (SSO) is available only when forms-based authentication is used. If you enable SSO, you must click Add, and then specify a domain within which SSO will be applied.

    Completing the New Web Listener Wizard

    Review the settings, and then click Finish.

  5. In the task pane, click the Tasks tab.

  6. On the Tasks tab, click Publish Web Sites to open the New Web Publishing Rule Wizard.

  7. Complete the New Web Publishing Rule Wizard as outlined in the following table.

    Page Field or property Setting or action

    Welcome to the New Web Publishing Rule Wizard

    Web publishing rule name

    Type a name for the Web publishing rule. For example, type:

    Multiple Web Sites (HTTP)

    Select Rule Action

    Action

    Select Allow.

    Publishing Type

    Select Publish multiple Web sites.

    Specify Web Sites to Publish

    Published sites

    For each Web site that you want to publish, click Add, and then, in Internal site name, type the host name that Forefront TMG will use in HTTP request messages sent to the published Web site.

    Do not select Forefront TMG will use SSL to connect to the Web site.

    Published Web Sites Public Names

    Public name suffix

    Type the suffix that will be appended to the internal site names that are specified on the Specify Web Sites to Publish page to create the public names that users will use to access the published Web sites.

    Select Web Listener

    Web Listener

    In the drop-down list, select the Web listener that you created in step 4. You can then click Edit to modify properties of the Web listener that is selected.

    Authentication Delegation

    Select the method used by Forefront TMG to authenticate to the published Web server

    Select No delegation, and client cannot authenticate directly.

    User Sets

    This rule applies to requests from the following user sets

    Do not change the default option, All Users.

    Completing the New Web Publishing Rule Wizard

    Review the settings, then and click Finish.

  8. In the details pane, click Apply, and then click OK.

Notes

  • The Web listener can also be configured for HTTP authentication or forms-based authentication. However, client authentication will then be performed over HTTP without encryption. Because user credentials will be transmitted in plain text, such configurations are considered insecure and are disabled by default. To enable such a configuration, open the properties of the Web listener. On the Authentication tab, click Advanced, and then select the Allow client authentication over HTTP check box. For best security practices, use such a configuration only if you have an SSL accelerator in front of the Forefront TMG computer. For more information about Web listeners, see Web listener overview.
  • This procedure creates a separate Web publishing rule for each published site specified, but they all use the same Web listener.
  • When you publish multiple Web sites according to this procedure, the public name suffix is appended to each of the internal site names that you specify. For example, if you want to publish the sites news.fabrikam.com, sports.fabrikam.com, and weather.fabrikam.com, specify the internal site names news, sports, and weather, and then provide the public name suffix fabrikam.com. The wizard will create three Web publishing rules, one for each of the sites, each using the same Web listener.
  • You can configure the way in which credentials are passed to the published server in a Web publishing rule. For more information, see About delegation of credentials.
  • Web publishing rules match incoming client requests to the appropriate Web site on the Web server.
  • You can create Web publishing rules that deny traffic, to block incoming traffic that matches the rule conditions.
  • Forefront TMG does not treat paths as case-sensitive. If your Web server includes both foldera and folderA, and you publish a path to one of the folders, both folders will be published.
  • For more information about other settings in Web publishing rules, see Overview of Web publishing concepts.