I found a strange behavior with TMG 2010 when publishing a website. It appears to rewrite URLs sent outbound to clients when the "send original host header is sent" under certain conditions. Here are those conditions:
Here is precisely what I encountered:
So by process of elimination I found that this appears to be TMG not affecting any host header inbound, nor affecting the alternate URLs outbound.This appears to affect only the main URL outbound, as TMG appears to be rewriting the protocol part of the header when the submitted form returns a redirect from http to https (changing https back to http).
Fixes: Uncheck the "send original host header..." flag and all functionality works correctly. I don't think this is as "clean", because it means that TMG touches every request and changes the host header to the internal host header, however on the IIS bright-side this means the web server will see the same host header no matter what clients request (normalization). The only caveat is that if you wanted to use an internal URL (instead of IP address) for the site that was the same as the external URL it would either not work, or would require a DNS trick on TMG to force it. Or, you could just change the internal URL to something else (not used).
TMG proxy background:
This isn't so much of a bug in TMG as a "feature". TMG is designed to allow external access to internal resources. I've found that it makes a powerful and flexible reverse proxy server, you just have to contend with a few "features". TMG's basic design-premise is based on rewriting URLs that are normally only internally visible, to URLs that are externally visible. This means that TMG errs towards the side of rewriting in exception cases, which this appears to be. This methodology appears to assume that the web servers are dumb, and don't know about external URLs. This premise is fine, except when it is necessary for the web server to perform some type of functionality that requires a complex redirect based on a user action (such as switching to https when a user logs in). TMG assumes that the redirect is internal in nature and blocks the redirect in favor of maintaining the original URL and same-protocol bridging (or more accurately not bridging). This appears to only be an issue when TMG is confused by using the external URL as the internal URL (same as listener and client requests). This shouldn't be an issue when you specify that TMG uses an IP address for the internal site, however it appears that MS has designed TMG to be "smarter" and "more helpful" by performing host header translation outbound, even when you request it no to do so...
- Basware Annual Partner Awards Announced - Business Wire - May 24th, 2020
- Knights of Unicron (SG) - Transformers Wiki - TFWiki.net - June 28th, 2017
- Extropy SHIFT> - March 11th, 2017
- Greydon Square Extropy Lyrics | Genius Lyrics - March 11th, 2017
- DotNetNuke Skins - Home - February 19th, 2017
- Exchange 2010 - www.extropy.com - November 27th, 2016
- Current Issue | Asimov's Science Fiction - November 23rd, 2016
- Executive Team | www.extropy.com - October 1st, 2016
- Extropy Institute Resources - July 29th, 2016
- Extropy Institute Mission - June 17th, 2016
- Transhumanism's Extropy Institute - Transhumanism for a ... - June 15th, 2016
- God Is the Machine | WIRED - June 12th, 2016
- God Is the Machine | WIRED - June 10th, 2016