Caching with link translation
In some configurations, an additional proxy server may reside on the Internet, between ISA Server and the client requesting the published resources. In these configurations, ISA Server returns responses to the upstream proxy server, which passes the response on to the client that originally requested the object.
In this scenario, you can enable caching responses both on ISA Server and on the upstream proxy server. However, on the upstream proxy server, cached responses that include translated links may potentially pose a security risk.
To help prevent this security risk, carefully define destination sets on ISA Server, limiting the Web publishing rule to the specific destination sets. For example, when creating the destination set, do not use wild characters in server names (for example, .microsoft.com). Instead, list all server names that are mapped to the external IP address on ISA Server (for example, www.microsoft.com and mail.microsoft.com).
When you prevent caching of responses on external proxy servers, the following headers are added to the response returned to the upstream proxy server:
| • | Cache-control: no-cache; |
| • | Pragma: no-cache; |
To enable caching of responses on external proxy servers
1. | In the console tree of ISA Management, click Internet Security and Acceleration Server, click Servers and Arrays, click the applicable array, click Publishing, and then click Web Publishing Rules. |
2. | In the details pane, right-click the applicable Web publishing rule and then click Properties. |
3. | On the Link Translation tab, select Perform link translation. |
4. | Verify that Prevent caching of responses on external proxy servers is not selected. |
