1

I've just configured an internal SVN server in a Windows 2008 box using:
SVN 1.6.2
Apache 2.2.11
mod_ssl 2.2.11
OpenSSL 0.9.8j
DAV 2
mod_auth_sspi 1.0.4

The domain certificate was created by an internal CA (a Win 2003 box), imported into IIS (only because it was the easiest way to request a certificate), exported as a pfx file and later broken into the crt and key files which are used by Apache+OpenSSL.

Now I'd like to expose my server to the Internet. To do that I have to publish the Apache web server in our ISA Server. I'm having difficulty in nailing the right security configurations in the ISA server. Is there a path to follow to publish a secure Apache web server (regardless of the fact that it is acting as a front end to SVN) in an ISA server?

Alessandro Dantas
  • 11
  • 3

1 Answers1

1

It can be done with the regular "Publish Web sites" wizard. If the external website is https://mysvn.com then ISA will need to have a certificate installed for https://mysvn.com; this is configured the listener. (For ease of use I have a wildcard certificate for https://*.mycompany.com and a lisetener called "generic https listener" so I don't need a seperate listener for each site)

If external clients use https to contact ISA then it is best if the ISA uses https (and the same domain name) to contact the webs server - this eliminates problems where a web server returns an internal link (http://internalname.local) that makes it back to the client instead of being re-written by ISA. The SSL certificate on the web server should be trusted by the ISA server, either because it's from a trust root server (i.e.: a proper paid for certificate) or you've set up your own certificate issuing system.

Authentication delegation should be set to "no delegation, but client can authenticate directly" otherwise ISA will try to take over user authentication.

DrStalker
  • 6,676
  • 24
  • 76
  • 106