Category Archives: Microsoft TMG or Microsoft ISA 2006 Tips

Let TMG (ISA) redirect the user from https to http

This is an issue I’ve had twice in my life so I thought I should write about it.

The Problem

This applies to Microsoft ISA Server 2006 and TMG.

On our website we have logic that detects whether a page is HTTPS worthy.  If the page is deemed worthy (like a form), then the user is redirected to the same page but on https.
E.g. redirects to
However, if the page is not HTTPS worthy, like a plain content page, the opposite happens.  If HTTPS redirect to HTTP.
E.g. redirects to

So, this all works great with no ISA or TMG involved.  However, ISA/TMG does not like to fallback to HTTP if it is already serving the user on HTTPS.
In fact, ISA/TMG will actually rewrite the content in the 301/302 redirect message  to be in HTTPS if the client is already viewing the website in HTTPS, even if the web server is saying “please redirect to HTTP”.

To be clear, I’ll break it down.

  1. Request comes in for,
  2. We have decided that it doesn’t need to be HTTPS, so we will send a redirect command (aka response.redirect, 301 or 302) to the client: go to
  3. ISA/TMG being the proxy, decides that all content coming back to the client should still be HTTPS and therefore rewrites the 301/302 message as  Doh! Stupid ISA.
  4. Client receives the redirect message back to the exact same page that they were already on.
  5. Possible infinite redirect loop.  YAY!

The Solution

In your web publishing rule in ISA/TMG create a content rewrite rule for translating to
That’s not a typo. It’s the same URL twice in the URL translation.  If you add this to your rule ISA/TMG will leave your web server references alone and NOT try rewrite them.

I hope this also saves you some pain one day.