What counts as a 'valid http response' for testing an NLS server?

Question

Direct Access detects you are inside the network by making an SSL connection to a system within your network. The steps to validate include resolving the name, making an https connect, validating the certificate, and CRL.

From the linked Microsoft doc.

If the client can access the network location URL successfully over SSL and receive a valid HTTP response indicating a successful connection,

What I specifically want to know is what counts as a valid http response? Does the response need to be an HTTP 200? Can I configure a server that is available both internally and externally and have it work if my server returns a HTTP 200 for internal clients, and a 403 for external clients? Or does any valid HTTP reply count as successful, so long as it is HTTP?

Or to put it differently, can I use IP address based ACLs on my main web server, so I can avoid having to maintain a separate server inside my network?

score 0 · Answer 1 · answered Apr 20 '16 at 22:01

It must be a 200 OK. The web server must not be reachable externally. If you don't want to use a dedicated web server, you can create a new web site on an existing internal web server. Obviously that would require a dedicated IP address, but you could SNI instead. You can also host the NLS on a load balancer (NetScaler, F5, Kemp all support it) if you don't want to use a web server at all.

What counts as a 'valid http response' for testing an NLS server?

1 Answers1