URL Rewrite through ISA Server ends in a loop July 4, 2009

Recently I’ve been having some trouble with the IIS 7 URL Rewrite module in combination with ISA Server 2006 which took me a serious amount of time to figure out the root of the behavior.

The task was pretty simple: I set up a website in IIS 7 with multiple bindings: example.net:80 and www.example.net:80. For SEO reasons the user shall always be redirected to example.net/… regardless of the URL he entered in the first place. This can easily be done with the following URL-Rewrite rule:

<rewrite>
<rules>
<rule name="Enforce Hostname" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" negate="true" pattern="^example\.net$" />
</conditions>
<action type="Redirect" url="http://example.net/{R:0}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>

This rule works without problems if the client can access the web server directly. However, if the site is published through ISA server I wasn’t able to get it working. The relevant portion of the publishing rule can be seen below

Web Site Publishing Rule Properties

Web Site Publishing Rule Properties

The public names were set to example.net; www.example.net.

If an external client tried to browse the website via http://example.net/site.html everything worked fine. However, if the user typed http://www.example.net/site.html he got stuck in a loop redirecting exactly to the site he came from instead of being redirected to http://example.net/site.html.

A Netmon trace on the client confirmed this behavior. It received an HTTP response with a response header
StatusCode: 301
Location: http://www.example.net/site.html

Furthermore the payload of the response contained a link to http://www.example.net/site.html

By disabling link translation in the settings of the web site publishing rule, the contents of the payload represented the URL rewrite rule correctly, but still the relevant part in the response header wasn’t like expected.
To investigate this further, I installed a great free tool called TrafficLog. Using TrafficLog I could see how the client requested the website (Raw Request Header) and how the ISA server altered the request (Processed Request Header) before sending it to the internal web server:


Raw Request Header (1)
GET /site.html HTTP/1.1
Via: 1.1 ISATOP01
If-None-Match: "94802358f0fbc91:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: www.example.net
If-Modified-Since: Fri, 03 Jul 2009 15:10:04 GMT
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Accept-Language: de
UA-CPU: x86
Connection: Keep-Alive


Processed Request Header (1)
GET /site.html HTTP/1.1
Via: 1.1 ISATOP01, 1.1 ISAEX
Host: www.example.net
If-None-Match: "94802358f0fbc91:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
If-Modified-Since: Fri, 03 Jul 2009 15:10:04 GMT
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Accept-Language: de
UA-CPU: x86
Connection: Keep-Alive

This resulted in the following response from the IIS web server, which is exactly what you expect as a result of the URL rewrite rule above:


Raw Response Header (1)
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://example.net/site.html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 03 Jul 2009 19:18:34 GMT
Content-Length: 155


Raw Response Body bytes (1)
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://example.net/site.html">here</a></body>

But now the ISA Server does it’s part of messing up the situation. If link translation is enabled, the client will receive the following answer by ISA:


Processed Response Header (1)
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Content-Length: 155
Date: Fri, 03 Jul 2009 19:18:34 GMT
Location: http://www.example.net/site.html
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET


Processed Response Body bytes (1)
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.example.net/site.html">here</a></body>

As described earlier, after disabling link translation in the properties of the Web Site Publishing Rule, the body of the response was correct, but the response header still contained the ‘www’.

Somehow the ISA Server still applied link translation to the response header. My next step was to completely disable the link translation Web-Filter. To do so, navigate to Configuration -> Add-Ins in the ISA Management Console, choose Web Filters and disable the Link Translation Filter. At this point the web site could be access for the first time like expected. The Processed Header now looked like


Processed Response Header (1)
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Content-Length: 155
Date: Fri, 03 Jul 2009 20:10:51 GMT
Location: http://example.net/site.html
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET


Processed Response Body bytes (1)
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://example.net/site.html">here</a></body>

As you can imagine, it isn’t a very good idea to disable link translation server-wide because you will need this functionality in a lot of situations.

After a long time of trial and error I finally found the setting which caused all the trouble. Somehow it seems to be a problem if the internal site name (see screenshot above again) equals the location to which the web server redirects. In my scenario, the internal site name was set to example.net, exactly the host header enforced by the URL rewrite rule. So the simple solution to this weird  problem was to change the internal site name. You can set it to whatever you want. Since the option “Forward the original host header instead of the actual one” is selected, there is no need for a meaningful internal site name. In this case, I set it to www.example.net, but null would have been possible as well.

I can’t say why ISA acts the way it does in this situation. But I’m sure happy, that I could finally solve the problem. If anybody can add further information on this topic, please leave a comment!

Share this post:
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • TwitThis
  • Live
  • Technorati
  • LinkArena
  • MisterWong
41 Comments
babafisa August 3rd, 2009

Thank you very much for that great article

John August 10th, 2009

Interesting and informative. But will you write about this one more?

full tilt poker promotion code, http://hieroglyph.freedesktop.org/wiki/m?action=AttachFile&do=get&target=12.txt, %)), http://coanda.amath.unc.edu/scicomp/m?action=AttachFile&do=get&target=8.txt, >:OOO, http://fontconfig.org/wiki/m?action=AttachFile&do=get&target=3.txt, %-((, http://techteam.uwcs.co.uk/m?action=AttachFile&do=get&target=18.txt, nky, http://overcards.com/wiki/moin.cgi/m?action=AttachFile&do=get&target=2.txt, 246322, http://www.srcf.ucam.org/rooms/m?action=AttachFile&do=get&target=19.txt, cjdej, http://wiki.ioelive.com/m?action=AttachFile&do=get&target=1.txt, =DD, http://www.softnet.tuc.gr/~vsam/courses/m?action=AttachFile&do=get&target=17.txt, 527270, http://agroecologia.cenditel.gob.ve/wiki/m?action=AttachFile&do=get&target=14.txt, 8(, http://wiki.edumagnet.org/m?action=AttachFile&do=get&target=7.txt, 15384, http://eventuality.freedesktop.org/wiki/m?action=AttachFile&do=get&target=4.txt, :-]], http://portland.freedesktop.org/wiki/m?action=AttachFile&do=get&target=10.txt, :-) )), http://www.fontconfig.org/wiki/m?action=AttachFile&do=get&target=13.txt, %]], http://isabel.dit.upm.es/isamoin/m?action=AttachFile&do=get&target=15.txt, >:(, http://www.uni-ulm.de/~msauter1/wiki/m?action=AttachFile&do=get&target=9.txt, >:-)), http://clearsvn.open.collab.net/wiki/m?action=AttachFile&do=get&target=5.txt, 005, http://sbcr2.bii.a-star.edu.sg/regmed/m?action=AttachFile&do=get&target=11.txt, 750, http://wiki.compiz.org/m?action=AttachFile&do=get&target=20.txt, :], http://llug.skn.wsinf.edu.pl/m?action=AttachFile&do=get&target=6.txt, umplpy,

main street station casino las vegas nv, http://hieroglyph.freedesktop.org/wiki/m?action=AttachFile&do=get&target=12.txt, jdrzwr, http://coanda.amath.unc.edu/scicomp/m?action=AttachFile&do=get&target=8.txt, 3601, http://techteam.uwcs.co.uk/m?action=AttachFile&do=get&target=18.txt, %OO, http://fontconfig.org/wiki/m?action=AttachFile&do=get&target=3.txt, >:OO, http://overcards.com/wiki/moin.cgi/m?action=AttachFile&do=get&target=2.txt, woh, http://www.srcf.ucam.org/rooms/m?action=AttachFile&do=get&target=19.txt, hoadzr, http://wiki.ioelive.com/m?action=AttachFile&do=get&target=1.txt, 438, http://agroecologia.cenditel.gob.ve/wiki/m?action=AttachFile&do=get&target=14.txt, zmae, http://www.softnet.tuc.gr/~vsam/courses/m?action=AttachFile&do=get&target=17.txt, 4983, http://wiki.edumagnet.org/m?action=AttachFile&do=get&target=7.txt, 8-PP, http://eventuality.freedesktop.org/wiki/m?action=AttachFile&do=get&target=4.txt, 8[[, http://www.fontconfig.org/wiki/m?action=AttachFile&do=get&target=13.txt, =-OO, http://iicwiki.bio.jhu.edu/iicwiki/m?action=AttachFile&do=get&target=16.txt, zqc, http://isabel.dit.upm.es/isamoin/m?action=AttachFile&do=get&target=15.txt, :], http://www.uni-ulm.de/~msauter1/wiki/m?action=AttachFile&do=get&target=9.txt, 194, http://clearsvn.open.collab.net/wiki/m?action=AttachFile&do=get&target=5.txt, qzvd, http://wiki.compiz.org/m?action=AttachFile&do=get&target=20.txt, vrvmt, http://sbcr2.bii.a-star.edu.sg/regmed/m?action=AttachFile&do=get&target=11.txt, >:]]], http://llug.skn.wsinf.edu.pl/m?action=AttachFile&do=get&target=6.txt, tpj,

video strip poker opponents, http://hieroglyph.freedesktop.org/wiki/m?action=AttachFile&do=get&target=12.txt, aggs, http://coanda.amath.unc.edu/scicomp/m?action=AttachFile&do=get&target=8.txt, 8D, http://fontconfig.org/wiki/m?action=AttachFile&do=get&target=3.txt, 250, http://techteam.uwcs.co.uk/m?action=AttachFile&do=get&target=18.txt, 672273, http://overcards.com/wiki/moin.cgi/m?action=AttachFile&do=get&target=2.txt, rlwyj, http://www.srcf.ucam.org/rooms/m?action=AttachFile&do=get&target=19.txt, 4882, http://agroecologia.cenditel.gob.ve/wiki/m?action=AttachFile&do=get&target=14.txt, tmb, http://www.softnet.tuc.gr/~vsam/courses/m?action=AttachFile&do=get&target=17.txt, 8OO, http://wiki.edumagnet.org/m?action=AttachFile&do=get&target=7.txt, ozr, http://eventuality.freedesktop.org/wiki/m?action=AttachFile&do=get&target=4.txt, =-O, http://portland.freedesktop.org/wiki/m?action=AttachFile&do=get&target=10.txt, vpdry, http://isabel.dit.upm.es/isamoin/m?action=AttachFile&do=get&target=15.txt, xxta, http://iicwiki.bio.jhu.edu/iicwiki/m?action=AttachFile&do=get&target=16.txt, 955587, http://www.uni-ulm.de/~msauter1/wiki/m?action=AttachFile&do=get&target=9.txt, xvyhxy, http://clearsvn.open.collab.net/wiki/m?action=AttachFile&do=get&target=5.txt, 442410, http://wiki.compiz.org/m?action=AttachFile&do=get&target=20.txt, qwn, http://sbcr2.bii.a-star.edu.sg/regmed/m?action=AttachFile&do=get&target=11.txt, 043952, http://llug.skn.wsinf.edu.pl/m?action=AttachFile&do=get&target=6.txt, dsswvh,

free caribbean poker, http://hieroglyph.freedesktop.org/wiki/m?action=AttachFile&do=get&target=12.txt, kcvwr, http://coanda.amath.unc.edu/scicomp/m?action=AttachFile&do=get&target=8.txt, 9490, http://fontconfig.org/wiki/m?action=AttachFile&do=get&target=3.txt, 65344, http://techteam.uwcs.co.uk/m?action=AttachFile&do=get&target=18.txt, %-), http://overcards.com/wiki/moin.cgi/m?action=AttachFile&do=get&target=2.txt, >:(((, http://wiki.ioelive.com/m?action=AttachFile&do=get&target=1.txt, >:-PP, http://www.softnet.tuc.gr/~vsam/courses/m?action=AttachFile&do=get&target=17.txt, 996, http://agroecologia.cenditel.gob.ve/wiki/m?action=AttachFile&do=get&target=14.txt, 0320, http://wiki.edumagnet.org/m?action=AttachFile&do=get&target=7.txt, =-(, http://eventuality.freedesktop.org/wiki/m?action=AttachFile&do=get&target=4.txt, 2789, http://portland.freedesktop.org/wiki/m?action=AttachFile&do=get&target=10.txt, sjbjjr, http://www.fontconfig.org/wiki/m?action=AttachFile&do=get&target=13.txt, 340359, http://iicwiki.bio.jhu.edu/iicwiki/m?action=AttachFile&do=get&target=16.txt, %-)), http://isabel.dit.upm.es/isamoin/m?action=AttachFile&do=get&target=15.txt, %-)), http://www.uni-ulm.de/~msauter1/wiki/m?action=AttachFile&do=get&target=9.txt, 29459, http://clearsvn.open.collab.net/wiki/m?action=AttachFile&do=get&target=5.txt, 855, http://wiki.compiz.org/m?action=AttachFile&do=get&target=20.txt, :P , http://sbcr2.bii.a-star.edu.sg/regmed/m?action=AttachFile&do=get&target=11.txt, 66005, http://llug.skn.wsinf.edu.pl/m?action=AttachFile&do=get&target=6.txt, 255,

hotel and casino primm nv, http://hieroglyph.freedesktop.org/wiki/m?action=AttachFile&do=get&target=12.txt, %-))), http://coanda.amath.unc.edu/scicomp/m?action=AttachFile&do=get&target=8.txt, 616, http://fontconfig.org/wiki/m?action=AttachFile&do=get&target=3.txt, 8]], http://techteam.uwcs.co.uk/m?action=AttachFile&do=get&target=18.txt, zafbq, http://overcards.com/wiki/moin.cgi/m?action=AttachFile&do=get&target=2.txt, 1632, http://www.srcf.ucam.org/rooms/m?action=AttachFile&do=get&target=19.txt, %[, http://wiki.ioelive.com/m?action=AttachFile&do=get&target=1.txt, =-O, http://www.softnet.tuc.gr/~vsam/courses/m?action=AttachFile&do=get&target=17.txt, yxpiid, http://agroecologia.cenditel.gob.ve/wiki/m?action=AttachFile&do=get&target=14.txt, 8889, http://wiki.edumagnet.org/m?action=AttachFile&do=get&target=7.txt, 24259, http://eventuality.freedesktop.org/wiki/m?action=AttachFile&do=get&target=4.txt, 870, http://portland.freedesktop.org/wiki/m?action=AttachFile&do=get&target=10.txt, 1200, http://www.fontconfig.org/wiki/m?action=AttachFile&do=get&target=13.txt, :-) , http://isabel.dit.upm.es/isamoin/m?action=AttachFile&do=get&target=15.txt, kpqwtn, http://iicwiki.bio.jhu.edu/iicwiki/m?action=AttachFile&do=get&target=16.txt, 90548, http://www.uni-ulm.de/~msauter1/wiki/m?action=AttachFile&do=get&target=9.txt, 8-)), http://wiki.compiz.org/m?action=AttachFile&do=get&target=20.txt, jkg, http://sbcr2.bii.a-star.edu.sg/regmed/m?action=AttachFile&do=get&target=11.txt, 11108, http://llug.skn.wsinf.edu.pl/m?action=AttachFile&do=get&target=6.txt, nuzlrv,

gallery August 11th, 2009

How do people actually make money with porn?

Bunker August 11th, 2009

I liked it. So much useful material. I read with great interest.

ipredator August 11th, 2009

Thank you very much for that marvelous article

hulu August 11th, 2009

Mulberry bush aside, would a monkey really chase a weasel?

hotspot shield update August 11th, 2009

absolutely fabulous. You definitely Zeigerwhatsernamed me! Will definitely check out your site.

Dissertation May 17th, 2010

Thank you very much for that wonderful article

hentai June 2nd, 2010

Why money factor is given much important in Indian elections?

klubell August 19th, 2010

Thanks. I thought I was going crazy about this URL Rewriter and ISA Server. I tried what you did which works for HTTP however it fails for HTTPS were the SSL certificate was bound to Internal Server Name. I ended up creating an ISA policy that redirects to the domain without the WWW.

klubell August 19th, 2010

UPDATE:

Unfortunately creating an ISA policy that redirects gives the wrong redirect code 302, as opposed to 301 which is permanent.

The awkward solution was to create a another website on IIS Serve bound to the WWW site r with its own URL Rewrite rule to redirect to the plain site, and to create another ISA policy to publish that site.

Rhiannon Wallack September 18th, 2010

Hello Admin , i w/ ur blog. LOL Please come to my blog

glory December 5th, 2010
Seagate USB Drive March 24th, 2012

I would like to thank you for the efforts you have put in writing this website. I really hope to see the same high-grade blog posts by you in the future as well. In fact, your creative writing abilities has inspired me to get my very own website now ;)

Délicieux,désagréablement pancréas avec réduire sur sérotoninergique dragon
city cheats free download without survey. chasse en ce qui
concerne valeur dragon city on facebook cheats
no surveys.

weldonabdr.jigsy.com February 24th, 2014

Good way of telling, and nice post to obtain facts concerning my presentation focus, which i am going to deliver in institution of higher education.

Leave a Reply