|
 Web Proxy Clients
A Web Proxy client is a client application or computer that sends requests to either of the following:
- Port 80 on an ISA Server computer.
- The port on which ISA Server listens for outgoing Web requests from the network in which the client computer resides. By default, ISA Server listens for outgoing Web requests from clients in the Internal network on port 8080.
Web Proxy clients are typically Web browser applications that comply with HTTP 1.1, and have proxy settings configured to send Web requests to ISA Server. Firewall clients and SecureNAT clients with Web proxy settings configured also make Web requests as Web Proxy clients.
You enable the ISA Server default Internal network, and user-defined internal and perimeter networks, to listen for requests from Web Proxy clients. You configure network properties to be applied to all Web Proxy clients in the network. For Web browsers that are not running on computers installed with Firewall Client software, these settings are applied when the Web browser is enabled for automatic detection, or when the Web browser is configured with the location of an automatic configuration script.
Configuring Browser Settings for Web Proxy Clients
The following table summarizes Web browser settings that can be applied to Web Proxy clients.
| Setting |
Location in ISA Server Management |
Details |
|
Enable Web Proxy client connections for this network
|
On the Web Proxy tab of the network properties page
|
Enables a network to listen for requests from Web Proxy clients.
|
|
Bypass proxy for Web servers in this network
|
On the Web Browser tab of the network properties page
|
Specifies that the Web browser should directly access resources located in its own network.
|
|
Directly access computers specified in the Domains tab
|
On the Web Browser tab of the network properties page
|
Specifies that the Web browser bypass the proxy for destinations specified on the Domains tab of the network properties page.
|
|
Directly access these servers or domains
|
On the Web Browser tab of the network properties page
|
Specifies a list of domains and addresses that bypass the proxy. You can enable this setting in addition to bypassing the domain list specified on the Domains tab. Any destinations added to this list should be specified with both the IP address and FQDN, or the FQDN only. For example, to configure the Internal network for direct access, add the IP address range of the Internal network, and the Internal network domain name.
|
The specified list of IP address ranges, computers, and site URLs for direct access is sent to the Web browser in the automatic configuration script when the browser makes a request to ISA Server—either using a WPAD call (\http://wpad.dat) to locate ISA Server, or using a call to the automatic configuration script location (by default, http://ISAServer_Name:8080/array.dll?Get.Routing.Script).
Web Proxy Filter
Web Proxy Filter in ISA Server 2006 works at the application level on behalf of clients residing in networks protected by ISA Server that request HTTP and HTTPS objects. Such Web requests benefit from application-layer inspection and caching, and may be from a number of sources:
- Requests from Web Proxy clients. Web requests (HTTP, HTTPS, or FTP for downloads) from Web Proxy clients that specify ISA Server as a proxy server in browser settings are passed directly to Web Proxy Filter.
- Requests from SecureNAT or Firewall clients not configured as Web Proxy clients. By default, HTTP is bound to Web Proxy Filter. With this setting in place, Web requests from clients that are not Web Proxy clients are passed transparently from the Firewall service to Web Proxy Filter for handling. This is known as transparent NAT. Applying NAT substitutes a global IP address that is valid on the Internet for the internal IP address of the client request, thus protecting internal addresses.
(责任编辑:admin) |
