02 August 2011

Using TMG link translation to overwrite absolute URL links

#Forefront -

The Problem
Applications that are required to run on an internal and external environment often use different names.  This is generally not an issue when publishing unless you run into the dreaded absolute URL.  Use an HTTP sniffer to help trace the problem like HTTP watch, Firebug or IE developer tools.

An absolute URL / link is one the contains both the host and and relative path as in:

http://myserver.domain/application/page

A relative link by contrast only supplies the link after the host name  as in:

/application/page

This allows the host to be dynamically changed through publishing without it being an issue.  The biggest problem culprit here is scripts that are used for redirection.  These most often only cater for internal use and not for external.  These may also be limited to using the host name as opposed to the FQDN.

http://myserver/application/page

Here is an example of a script that causes this kind of problem.



The application is published externally as http://cawebqa04.fixmyitsystem.com so when the http://CAWEBQA04:80/CAisd/pdmweb8.exe link is encountered navigation fails because the host name is not fully qualified.



The publishing rule
By now you probably have a publishing rule in place.  Check the following settings.

  • Form the TMG management console
  • Select firewall policy
  • Select the rules relevant to the application
  • Edit the rule
  • From the TO tab
  • Enter the public FQDN in the top text field (cawebqa04.fixmyitsystem.com)
  • Enter the internal name in the bottom text field (cawebqa04)
  • Un-check Forward the original host header...
  • Select the Public Name Tab
  • Select Requests for the following web sites
  • Add the public name  (cawebqa04.fixmyitsystem.com)
  • Select the Link Translation tab
  • Click the configure Button
  • Make sure there are no mapping specified


The fix
To resolve this issue you need to define the global some entries for global link translation and enable the link translation on the rules.

Configure the Global link translation

  • Form the TMG management console
  • Select firewall policy
  • Click Configure global link translation from the Tasks Tab
  • Select the Global mappings tab
  • Click add
  • Specify the internal URL (http://cawebqa04:80/)
  • Specify the translated URL (http://cawebqa04.fixmyitsystem.com/)
  • Select the content types tab
  • Ensure the content type that contains the absolute link is checked
  • OK
  • OK

Enforce the link translation

  • Form the TMG management console
  • Select firewall policy
  • Select the rules relevant to the application
  • Edit the rule
  • From the link translation rule check Apply link translation to this rule
  • OK 
  • Apply

Conclusion
As a best practice one should always strive to get application to use relative links.  I for one do not like to have to define loads of translation setting for an application to work internally and externally but sometimes there is no choice.










No comments:

Post a Comment