Web listener overview

When you create a Web publishing rule, you specify a Web listener to be used when applying the rule. The Web listener properties determine:

The Web listener is used to:

Web listeners can be used by more than one Web publishing rule.

Web listener network (IP address) selection

The Web listener network, or networks, that you select depend on which network clients will use to connect to the published Web server. For example, if the Web site you are publishing allows client requests from the Internet (External network), you should select the External network for the Web listener. By selecting the External network, you are selecting the IP addresses on the ISA Server computer that are associated with the external network adapter. If you do not limit the IP addresses, all IP addresses associated with the selected network adapter will be included in the listener configuration.

Web listeners are used by a Web publishing rule. The rule specifies source network objects in addition to specifying a Web listener. The network objects specified for the Web publishing rule must also be specified for the Web listener.

Publishing multiple SSL Web sites on selected IP addresses

You can specify that a Web listener will listen on one or more specific IP addresses. When you do so for an HTTPS Web listener, you can choose to assign a single certificate to all of the IP addresses, or a different certificate to each IP address. Assigning a different certificate to each IP address enables you to publish several sites over HTTPS using the same Web listener, without using a wildcard certificate. For example, you can publish mail.contoso.com using a certificate with that name on one IP address, and team.contoso.com using a certificate with that name on a different IP address.

Alternatively, you can publish multiple Secure Sockets Layer (SSL) Web sites using a single Web listener and a wildcard certificate. This scenario is described in the ISA Server 2004 document, Publishing Multiple Web Sites using a Wildcard Certificate in ISA Server 2004 at the Microsoft TechNet Web site.

By using the same listener for several sites, you can take advantage of the ISA Server single sign-on feature, which requires a common Web listener for all of the single sign-on sites.

Authentication

You can create Web publishing rules, allowing or denying access to a set of computers or to a group of users. If the rule applies specifically to users, ISA Server checks the incoming Web request properties to determine how the user will be authenticated. For example, a Web publishing rule might allow access only to specific users. ISA Server will authenticate the user requesting the object, to determine if the Web publishing rule allows the requesting user access. The user must authenticate, using one of the authentication methods specified for the incoming Web requests.

ISA Server provides a secure, encrypted logon environment for browsers that support Microsoft Windows NT Challenge/Response authentication, and for other browsers that use Basic authentication. Authentication methods can be set for all IP addresses on the server, or separately for each IP address.

Single sign-on allows your users to move safely from one application to another, without having to reauthenticate. Single sign-on is configured on the Single Sign On Settings page of the New Web Listener Wizard, and is available for HTML forms-based authentication.

For more information about authentication in ISA Server, see Authentication Concepts in ISA Server 2006 at the Microsoft ISA Server TechCenter Web site (http://www.microsoft.com).

Limiting concurrent connections

By limiting the number of connections allowed simultaneously to the ISA Server computer, you can prevent attacks that overwhelm the system's resources. This is particularly useful when publishing servers.

For instructions, see Configure maximum number of concurrent connections allowed.




web link Get latest ISA Server content at ISA Server Guidance.
Send feedback about this page Send feedback about this page.