Controlling Incoming Requests

ISA Server can also make internal servers securely accessible to external clients. You use ISA Server to create a publishing policy to securely publish your internal servers. The publishing policy, which consists of Internet protocol (IP) packet filters, Web publishing rules, or server publishing rules, together with the routing rules, determine how internal servers are published.

You can use one of the following ISA Server rules to publish servers:

• Web publishing rules to publish Web server content.
• Server publishing rules to publish content on all other servers located on the internal network.
• IP packet filters to publish content on servers on a perimeter network (also known as a screened subnet).

When ISA Server processes a request from an external client, it checks IP packet filters, publishing rules, and routing rules to determine if the request is allowed and which internal server should service the request.

For an incoming Web request, rules are processed in the following order:

1. IP packet filters. If packet filtering is enabled, then if an IP packet filter specifically denies the request, the request is denied.
2. Web publishing rules. If a Web publishing rules specifically denies the request, then the request is denied.
3. Routing rules. If a routing rule specifies that the requests be routed to a specific upstream server or an alternate hosted site, then the specified server handles the request. If a routing rule specifies that the requests be routed to the specified server, then the internal Web server returns the object.