cancel
Showing results for 
Search instead for 
Did you mean: 

Turning off rewrite.

Highlighted
Occasional Contributor

Turning off rewrite.

Hi everyone,

Please can you confirm that the following is possible and if so how!?

User visits https://intranet.mydomain.com which points to the External port of the SA on the Internet.
If user is not authenticated then they are presented a sign in page.
After sign in the internal resource http://intranet.mydomain.com is reverse proxies to the user.
The URL in the browser should show the correct URL and not rewritten with then "dana" words in the middle.

The idea behind this is that an internal user can visit our intranet and create and resource on it. Then they can open outlook and send a link to a colleague to review the info.

If the colleague is internal to the organisation then they will open the URL as normal and access the internal resource. If they are outside the organisation then the address will be resolved to the external IP of the SA and they will be able to click the link, authenticate and then visit the link through the SA.

At the moment I have a M$ TMG that can do this but I am looking to role this in to an SA.

Thanks
13 REPLIES 13
Highlighted
Respected Contributor

Re: Turning off rewrite.

If you want to have the URL, with danaInfo, removed, you will need to enable "browser request follow through" on the role at Users > User roles > roleName > General > Session options.

Highlighted
Super Contributor

Re: Turning off rewrite.

Di you try turning on browser request follow through under the user role--->session options.

Regards,

Jay

Highlighted
Valued Contributor

Re: Turning off rewrite.

Yes, this make sense.  This would be PTP or pass through proxy.  You can configure PTP for hostname and point this to a internal resource.  However, this does mean the hostname will need to be externally resolvable to the SA device.  

Valued Contributor

Re: Turning off rewrite.

I am not sure if there is a way for the SA to control this access since it is not going through the rewriter.  Once it is reversed proxied, anyone with access to this link can reach the resource, correct?

Highlighted
Occasional Contributor

Re: Turning off rewrite.

Hi - Thanks for your reply.

Maybe I have made things confusion by making the internal and external domain the same. I wil try and clear it up below

What I am looking to have is that if there is an internal resource http://intranet.mydomain.com/finance that a use can click this link whilst they are external to the organisation (external DNS will resolve intranet.mydomain.com to the external IP of the SA) and then by ask to sign in and then be directly redirected to this resource.

Does this make sense?


Highlighted
Occasional Contributor

Re: Turning off rewrite.

Ah great -Thanks.

Does the PTP allow us to use SSO between resources?

Highlighted
Occasional Contributor

Re: Turning off rewrite.

Thanks for this. This is another piece to the puzzle and helps the user to create links that they can use.

I am still stuck on how to get the SA to redirect a user to the orginal URL that they used. At the moment if they wanted to visit https://intranet.mydomain.com/finance then if they weren't already authenticated then they would be asked to log on and then they are redireted to the bookmark page. If they are authenticated then it works great the page is served as it should be.

Thanks again for your help with this.

Jaggie

Highlighted
Occasional Contributor

Re: Turning off rewrite.

I think I have managed to get the SSO working.

At the moment the PTP is working as I want except:

That is a user types the URL from external then after they have been asked to sign in then they are redirected to the bookmark page and not the orginal URL that they typed. If they then reclick the link it goes through just fine as they are already authentication.

Is there any way easily rectify this?

Thanks,

Jaggie

Highlighted
Occasional Contributor

Re: Turning off rewrite.

Ok I take it back - after changing this setting it does allow you to type be redirected.

Another question though if I may! Smiley Happy 

Is there any way to get the SA to redirect http request to https when using the PTP?

at the moment if I type http://intranet.mydomain.com then I it is redirect it https://intranet.mydomain.com. But if I type http://intranet.mydomain.com/finance then I get a 404 "Document not found" - if I replce http with https then it goes through just fine.

Any ideas?