Re: Turning off rewrite.

Jaggie_ · ‎12-03-2011

Hi everyone,

Please can you confirm that the following is possible and if so how!?

User visits https://intranet.mydomain.com which points to the External port of the SA on the Internet.
If user is not authenticated then they are presented a sign in page.
After sign in the internal resource http://intranet.mydomain.com is reverse proxies to the user.
The URL in the browser should show the correct URL and not rewritten with then "dana" words in the middle.

The idea behind this is that an internal user can visit our intranet and create and resource on it. Then they can open outlook and send a link to a colleague to review the info.

If the colleague is internal to the organisation then they will open the URL as normal and access the internal resource. If they are outside the organisation then the address will be resolved to the external IP of the SA and they will be able to click the link, authenticate and then visit the link through the SA.

At the moment I have a M$ TMG that can do this but I am looking to role this in to an SA.

Thanks

zanyterp_ · ‎11-19-2007

If you want to have the URL, with danaInfo, removed, you will need to enable "browser request follow through" on the role at Users > User roles > roleName > General > Session options.

jayLaiz_ · ‎11-25-2009

Di you try turning on browser request follow through under the user role--->session options.

Regards,

Jay

Kita_ · ‎12-23-2010

Yes, this make sense. This would be PTP or pass through proxy. You can configure PTP for hostname and point this to a internal resource. However, this does mean the hostname will need to be externally resolvable to the SA device.

Kita_ · ‎12-23-2010

I am not sure if there is a way for the SA to control this access since it is not going through the rewriter. Once it is reversed proxied, anyone with access to this link can reach the resource, correct?

Jaggie_ · ‎12-03-2011

Hi - Thanks for your reply.

Maybe I have made things confusion by making the internal and external domain the same. I wil try and clear it up below

What I am looking to have is that if there is an internal resource http://intranet.mydomain.com/finance that a use can click this link whilst they are external to the organisation (external DNS will resolve intranet.mydomain.com to the external IP of the SA) and then by ask to sign in and then be directly redirected to this resource.

Does this make sense?

Jaggie_ · ‎12-03-2011

Ah great -Thanks.

Does the PTP allow us to use SSO between resources?

Jaggie_ · ‎12-03-2011

Thanks for this. This is another piece to the puzzle and helps the user to create links that they can use.

I am still stuck on how to get the SA to redirect a user to the orginal URL that they used. At the moment if they wanted to visit https://intranet.mydomain.com/finance then if they weren't already authenticated then they would be asked to log on and then they are redireted to the bookmark page. If they are authenticated then it works great the page is served as it should be.

Thanks again for your help with this.

Jaggie

Jaggie_ · ‎12-03-2011

I think I have managed to get the SSO working.

At the moment the PTP is working as I want except:

That is a user types the URL from external then after they have been asked to sign in then they are redirected to the bookmark page and not the orginal URL that they typed. If they then reclick the link it goes through just fine as they are already authentication.

Is there any way easily rectify this?

Thanks,

Jaggie

Jaggie_ · ‎12-03-2011

Ok I take it back - after changing this setting it does allow you to type be redirected.

Another question though if I may!

Is there any way to get the SA to redirect http request to https when using the PTP?

at the moment if I type http://intranet.mydomain.com then I it is redirect it https://intranet.mydomain.com. But if I type http://intranet.mydomain.com/finance then I get a 404 "Document not found" - if I replce http with https then it goes through just fine.

Any ideas?