HTTP to HTTPS Redirection Options in ISA Server 2006

When you publish a Web site over SSL, users may persist in trying to connect to it using HTTP. ISA Server 2006 provides two ways to redirect those users to connect over HTTPS.

The easiest way to redirect HTTP requests to HTTPS is on the Connect tab of the Web listener used to publish the site, shown here:

Typically, in a secure Web publishing scenario, you would choose the option Redirect all traffic from HTTP to HTTPS. This will automatically redirect all HTTP requests to HTTPS.

If you are publishing both HTTP and SSL sites using a single Web listener, you may want to select Do not redirect traffic from HTTP to HTTPS, and then configure HTTP to HTTPS redirection on each publishing rule for your HTTP and SSL sites as appropriate. Note that this option does not result in automatic redirection, but requires the user to retype the URL using "HTTPS". For per-rule configuration, select Notify HTTP users to use HTTPS instead on the Traffic tab of each Web publishing rule, shown here:

The third option on the Connections tab of the Web listener is Redirect all authenticated traffic from HTTP to HTTPS, which will redirect requests only when the user is required to authenticate. If you select this option, the per-rule redirection option is only available if the rule applies to the All Users user set, as authenticated users will already be automatically redirected by the Web listener.

Nathan Bigman

Content Publishing Manager

ISA Server