RE: Continued issues with particular site

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 17 Jan 2006 21:42:47 -0600

Hi Tim,

Try this:

http://support.microsoft.com/kb/838708/en-us

Or this:

http://support.microsoft.com/kb/838368/en-us

Or this:

http://support.microsoft.com/kb/884505/en-us

Next week,
GMT

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 

> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] 
> Sent: Tuesday, January 17, 2006 9:22 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Continued issues with particular site
> 
> http://www.ISAserver.org
> 
> RTFM?  I did!  Nowhere in there does it say "If you unbind 
> the Web Proxy 
> Filter from HTTP, the Configure HTTP interface dissapears.  
> However, the 
> HTTP Filter is still in place."  That's just not in there.   
> But I guess 
> I'll trust you.
> 
> And thank you.  I'll also look for the KB.  I'll also make 
> sure that I 
> submit some suggestions for ISA 2006, which I was invited to Beta for.
> 
> t
> 
> -----
> "I'll see your Llama and up you a Badger."
> John T
> 
> 
> 
> ----- Original Message ----- 
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Tuesday, January 17, 2006 5:40 PM
> Subject: [isalist] RE: Continued issues with particular site
> 
> 
> http://www.ISAserver.org
> 
> OK you,
> 
> Anybody else, and I'd tell 'em to RTFM, but one day I may come to you
> and ask a favor.
> 
> When you unbind the Web proxy filter from the HTTP protocol, 
> it has the
> untoward effect that you observed -- the HTTP security configuration
> interface disappears. HOWEVER, that does NOT mean that its 
> not working.
> All the settings you have created so far are still in effect for Web
> proxy clients.
> 
> However, machines that aren't explicitly configured as Web proxy
> clients, will not be exposed to the Web proxy filter or the Web proxy
> filter extension that is the HTTP security filter. When the Web proxy
> filter is enabled, it automaticaly forwards the SecureNAT and Firewall
> client connections to the Web proxy filter, so that even though they
> aren't explicitly configured as Web proxy clients, they can still
> benefit from the security and performance enhancments you get from the
> Web proxy filter and its extensions.
> 
> If you want to make changes to the HTTP security filter, go 
> to the HTTP
> protocol and rebind the filter. You don't need to apply the changes to
> the firewall policy. Then right click any rule that includes the HTTP
> protocol and you'll see the Configure HTTP option again. Then make the
> changes you want to the filter settings, then go back and 
> unbind the Web
> proxy filter from the HTTP protocol. Apply the changes to the firewall
> policy and you're good.
> 
> There's another way to do this, but this is my way. :)  There's a KB
> article on an alternate approach if you want to take the highway.
> 
> Tom
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
> 
> 
> 
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > Sent: Tuesday, January 17, 2006 5:19 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Continued issues with particular site
> >
> > http://www.ISAserver.org
> >
> > Unbinding the Web Proxy Filter from HTTP worked.  However, I
> > can no longer
> > "Configure HTTP" anywhere, on any rule.  I tried what Steve
> > suggested, which
> > is to create an allow rule for the site, but you can't unbind
> > Web Proxy
> > Filter from an individual rule - ( thanks for nuttin,
> > Moffat!!! ;)  all you
> > can do is "Configure HTTP."  Hell, I even tried a custom HTTP
> > Protocol
> > Definition (with no filtering at all) and it still doesn't work.
> >
> > While I could still access the web via clients specifically
> > set to use a
> > proxy, why would my HTTP filter configuration options go away
> > because I
> > unbound the Web Proxy Filter?
> >
> > Is there no other way to do this????
> >
> > t
> >
> > -----
> > "I'll see your Llama and up you a Badger."
> > John T
> >
> >
> >
> > ----- Original Message ----- 
> > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Tuesday, January 17, 2006 2:07 PM
> > Subject: [isalist] RE: Continued issues with particular site
> >
> >
> > http://www.ISAserver.org
> >
> > The FWC will stuff use the Web proxy filter if the Web 
> proxy filter is
> > still bound to the HTTP protocol. There are a number of
> > workarounds, but
> > the one I use because it's the easiest :)  is to just unbind the Web
> > proxy filter from the HTTP protocol and then configure the sites for
> > Direct Access.
> >
> > This enables me to continue to benefit from the Web proxy
> > filter and its
> > HTTP security filter for Web proxy client connections
> > (machines that are
> > explicitly configured as Web proxy clients) and bypass the Web proxy
> > filter for all SecureNAT (SecureNET) and FWC connections.
> >
> > Tom
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > **Who is John Galt?**
> >
> >
> >
> > > -----Original Message-----
> > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > Sent: Tuesday, January 17, 2006 3:59 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Continued issues with particular site
> > >
> > > http://www.ISAserver.org
> > >
> > > That what I was saying to myself... the "Via" tells all.  But
> > > check it--
> > > I've got both the IP and the *.domain.com in the direct
> > > access tab for the
> > > source (listening) network config, I've got the firewall
> > > client loaded and
> > > refreshed, I've unchecked "use proxy" on the firewall client
> > > config for the
> > > network config, I've made sure the client is not set to use a
> > > proxy in IE.
> > >
> > > Yet, the capture stills says "Via."
> > >
> > > WTF now?
> > >
> > > t
> > >
> > > -----
> > > "I'll see your Llama and up you a Badger."
> > > John T
> > >
> > >
> > >
> > > ----- Original Message ----- 
> > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Tuesday, January 17, 2006 1:44 PM
> > > Subject: [isalist] RE: Continued issues with particular site
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > That's NOT a DIRECT ACCESS connection!
> > >
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://spaces.msn.com/members/drisa/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > > **Who is John Galt?**
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > > Sent: Tuesday, January 17, 2006 3:41 PM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: Continued issues with particular site
> > > >
> > > > <p align=\"left\"><b><font face=\"Arial\" size=\"2\">GFI
> > > > MailSecurity's HTML threat engine found HTML scripts in this
> > > > email and has disabled
> > them.</font></b></p>http://www.ISAserver.org
> > > >
> > > > So, I've basically honed it down to this.  Here is what we
> > > get on the
> > > > external interface after the client issues the POST for the
> > > > tracking number:
> > > >
> > > > HTTP/1.1.100.Continue..Server:.Microsoft-IIS/5.0..Date:.Tue,.1
> > > > 7.Jan.2006.21:03:46.GMT....
> > > >  -then-
> > > > HTTP/1.1.200.OK..Server:.Microsoft-IIS/5.0..Date:.Tue,.17.Jan.
> > > 2006.21:03:46.GMT..Connection:.close..Content->
> > > Type:.text/html..............<HTML>......<HEAD>..........<META
> > > > .http-equiv="Expires".content="0">..........<META.http-equiv="
> > > > Pragma".content="no-cache">..........<META.http-equiv="Cache-C
> > > > ontrol".content="no-cache">.........<LINK.type="text/css".href
> > > > ="include/master.css"
> > > > .rel="stylesheet">..........<SCRIPT.type="text/javascript".src="
> > > > include/form_validation.js"></XCRIPT>..........<SCRIPT.type="tex
> > > > t/javascript".src="include/multi_onload.js"></XCRIPT>..........<
> > > > TITLE>IPT,.LLC.</TITLE>......</HEAD>......<BODY.leftmargin="0".m
> > > > arginheight="0".marginwidth="0".topmargin="0">..............<TAB
> > > > LE.width="100%".border="0".cellspacing="0".cellpadding="0">...
> > > > ...........<TR>
> > > >
> > > > -- with the rest of the page following.
> > > >
> > > > But on the internal interface, this is what goes to the client:
> > > >
> > > > HTTP/1.1.100.Continue..Via:.1.1.ISA-VPN..Date:.Tue,.17.Jan.200
> > > > 6.21:25:31.GMT..Server:.Microsoft-IIS/5.0...
> > > > .
> > > > HTTP/1.1.200.OK..Via:.1.1.ISA-VPN..Connection:.close..Proxy-Co
> > > nnection:.close..Date:.Tue,.17.Jan.2006.21:25:31.GMT..Content-
> > > Type:.text
> > > /html..Server:.Microsoft-> IIS/5.0....
> > > >
> > > >
> > > > And that's it.  It dies.
> > > >
> > > >
> > > > WTF?  Anyone?  Beuller?  Anyone?
> > > >
> > > > t
> > > >
> > > > -----
> > > > "I'll see your Llama and up you a Badger."
> > > > John T
> > > >
> > > >
> > > >
> > > > ----- Original Message ----- 
> > > > From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > Sent: Tuesday, January 17, 2006 12:09 PM
> > > > Subject: [isalist] RE: Continued issues with particular site
> > > >
> > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > That's my next step.  I've compared captures from
> > > > direct/ISA (which was a
> > > > > waste of time) but now I'll have to see what I get in front
> > > > and behind
> > > > > ISA. Working on it now.
> > > > >
> > > > > t
> > > > >
> > > > > -----
> > > > > "I'll see your Llama and up you a Badger."
> > > > > John T
> > > > >
> > > > >
> > > > >
> > > > > ----- Original Message ----- 
> > > > > From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
> > > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > > Sent: Tuesday, January 17, 2006 9:41 AM
> > > > > Subject: [isalist] RE: Continued issues with particular site
> > > > >
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > Got captures?
> > > > > We can determine a *lot* from a two-sided capture...
> > > > >
> > > > > -------------------------------------------------------
> > > > >   Jim Harrison
> > > > >   MCP(NT4, W2K), A+, Network+, PCG
> > > > >   http://isaserver.org/Jim_Harrison/
> > > > >   http://isatools.org
> > > > >   Read the help / books / articles!
> > > > > -------------------------------------------------------
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > > > Sent: Tuesday, January 17, 2006 09:06
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] Continued issues with particular site
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > I've still not been able to solve the problem with this one
> > > > particular
> > > > > page on a site we must use to track service calls.  My
> > > > users can log on to
> > > > > the site fine, and access parts of the site, but when we
> > > go to this
> > > > > particular page to track issues by number, it comes up with
> > > > a blank page.
> > > > >
> > > > > "View Source" shows the right tags, <HTML> through </HTML>,
> > > > but there is
> > > > > no content.  Accessing outside of ISA works fine.  I've
> > > > tried FW Client,
> > > > > Proxy Client, changing authentication on both the rule and
> > > > the network
> > > > > proxy listener, entering "Direct Access," etc, removing the
> > > > HTTP filter,
> > > > > etc and nothing works.
> > > > >
> > > > > The logs show the site being accessed properly, though the
> > > > page is blank.
> > > > >
> > > > > Where to turn?  Is it PSS time?
> > > > >
> > > > > t
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -----
> > > > > "I'll see your Llama and up you a Badger."
> > > > > John T
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ:
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our 
> other sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org
> > > > Discussion List as:
> > > > > jim@xxxxxxxxxxxx To unsubscribe visit
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > > > All mail to and from this domain is GFI-scanned.
> > > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ:
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our 
> other sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org
> > > > Discussion List as:
> > > > > thor@xxxxxxxxxxxxxxx
> > > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ:
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our 
> other sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org
> > > > Discussion List as:
> > > > > thor@xxxxxxxxxxxxxxx
> > > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > > >
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
> > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as:
> > > thor@xxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > thor@xxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: 
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

Other related posts:

• » Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site
• » RE: Continued issues with particular site

1. Home
2. isalist
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---