I found a strange behavior with TMG 2010 when publishing a website. It appears to rewrite URLs sent outbound to clients when the "send original host header is sent" under certain conditions. Here are those conditions:
Here is precisely what I encountered:
So by process of elimination I found that this appears to be TMG not affecting any host header inbound, nor affecting the alternate URLs outbound.This appears to affect only the main URL outbound, as TMG appears to be rewriting the protocol part of the header when the submitted form returns a redirect from http to https (changing https back to http).
Fixes: Uncheck the "send original host header..." flag and all functionality works correctly. I don't think this is as "clean", because it means that TMG touches every request and changes the host header to the internal host header, however on the IIS bright-side this means the web server will see the same host header no matter what clients request (normalization). The only caveat is that if you wanted to use an internal URL (instead of IP address) for the site that was the same as the external URL it would either not work, or would require a DNS trick on TMG to force it. Or, you could just change the internal URL to something else (not used).
TMG proxy background:
This isn't so much of a bug in TMG as a "feature". TMG is designed to allow external access to internal resources. I've found that it makes a powerful and flexible reverse proxy server, you just have to contend with a few "features". TMG's basic design-premise is based on rewriting URLs that are normally only internally visible, to URLs that are externally visible. This means that TMG errs towards the side of rewriting in exception cases, which this appears to be. This methodology appears to assume that the web servers are dumb, and don't know about external URLs. This premise is fine, except when it is necessary for the web server to perform some type of functionality that requires a complex redirect based on a user action (such as switching to https when a user logs in). TMG assumes that the redirect is internal in nature and blocks the redirect in favor of maintaining the original URL and same-protocol bridging (or more accurately not bridging). This appears to only be an issue when TMG is confused by using the external URL as the internal URL (same as listener and client requests). This shouldn't be an issue when you specify that TMG uses an IP address for the internal site, however it appears that MS has designed TMG to be "smarter" and "more helpful" by performing host header translation outbound, even when you request it no to do so...
Read more:
TMG 2010 rewriting original host headers when ... - Extropy
- DotNetNuke Skins - Home [Last Updated On: February 20th, 2017] [Originally Added On: February 20th, 2017]
- Greydon Square Extropy Lyrics | Genius Lyrics [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Extropy - Evernote User Forum [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Extropy SHIFT> [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Sabretooth Clan | Father Sebastiaan [Last Updated On: February 15th, 2018] [Originally Added On: February 15th, 2018]
- College of Arts and Humanities The central page for the ... [Last Updated On: May 11th, 2018] [Originally Added On: May 11th, 2018]
- Knights of Unicron (SG) - Transformers Wiki - TFWiki.net [Last Updated On: May 22nd, 2018] [Originally Added On: May 22nd, 2018]
- Unicron/Shattered Glass - Transformers Wiki [Last Updated On: July 6th, 2018] [Originally Added On: July 6th, 2018]
- Knights of Unicron (SG) - Transformers Wiki [Last Updated On: July 6th, 2018] [Originally Added On: July 6th, 2018]
- Removing Dead Exchange 2010 Servers | www.extropy.com [Last Updated On: July 6th, 2018] [Originally Added On: July 6th, 2018]
- Negentropy - Wikipedia [Last Updated On: September 6th, 2018] [Originally Added On: September 6th, 2018]
- Exchange 2010 - www.extropy.com [Last Updated On: November 11th, 2018] [Originally Added On: November 11th, 2018]
- Active Directory, NTP and VMware | www.extropy.com [Last Updated On: April 9th, 2019] [Originally Added On: April 9th, 2019]
- Markus Guentner: Extropy Album Review | Pitchfork [Last Updated On: December 27th, 2021] [Originally Added On: December 27th, 2021]
- Whatever Happened to the Transhumanists? - Gizmodo [Last Updated On: August 5th, 2022] [Originally Added On: August 5th, 2022]