Blog

TMG 2010 - URL Redirect

One of the issues with the "cloud" world is most apps are hosted using SSL for security.  This means your URL is their URL.  For instance, Microsoft Online (BPOS) will use https://red001.mail.microsoftonline.com for OWA for North America.  If you just add a CNAME entry in DNS, that will redirect traffic but you'll get an SSL error since the names don't match.  For instance, redirecting .com">.com">https://owa.<yourdomain>.com to https://red001.mail.microsoftonline.com will sort of work but with the SSL error so it's ugly.

In the past I'd setup IIS pages that would just redirect http traffic to the https URL I wanted but that's a pain to setup each time.  With TMG 2010 (and really ISA 2006 also I believe), you can just deny that traffic and then redirect it to any URL you'd like.  Here's the steps to redirect in TMG 2010.

  1. Create a new non-SSL web publishing rule. 
  2. Give it any name for the internal site.  You have to give it something to get through the wizard but you won't actually publish anything internal.
  3. Create a listener for the IP that your DNS entry points to for that A Record.
  4. Once the rule is created, go to it's properties and select the Action tab
  5. Check the Deny option, the Redirect box, and enter your destination URL.

 

image

Here’s a screen shot of how I redirect OWA to BPOS.

 

Now when you browse to http://<initialURL> that traffic will be redirected to https://<targetURL>.  That'll at least give your users an easy initial URL to remember.  It won't hide that target URL which can be a shame in certain scenarios.  If the site just users HTTP, then CNAME records work great for that but as I mentioned before that'll give ugly verification errors for HTTPS.