Hi Tim, Try this: http://support.microsoft.com/kb/838708/en-us Or this: http://support.microsoft.com/kb/838368/en-us Or this: http://support.microsoft.com/kb/884505/en-us Next week, GMT Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > Sent: Tuesday, January 17, 2006 9:22 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Continued issues with particular site > > http://www.ISAserver.org > > RTFM? I did! Nowhere in there does it say "If you unbind > the Web Proxy > Filter from HTTP, the Configure HTTP interface dissapears. > However, the > HTTP Filter is still in place." That's just not in there. > But I guess > I'll trust you. > > And thank you. I'll also look for the KB. I'll also make > sure that I > submit some suggestions for ISA 2006, which I was invited to Beta for. > > t > > ----- > "I'll see your Llama and up you a Badger." > John T > > > > ----- Original Message ----- > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Tuesday, January 17, 2006 5:40 PM > Subject: [isalist] RE: Continued issues with particular site > > > http://www.ISAserver.org > > OK you, > > Anybody else, and I'd tell 'em to RTFM, but one day I may come to you > and ask a favor. > > When you unbind the Web proxy filter from the HTTP protocol, > it has the > untoward effect that you observed -- the HTTP security configuration > interface disappears. HOWEVER, that does NOT mean that its > not working. > All the settings you have created so far are still in effect for Web > proxy clients. > > However, machines that aren't explicitly configured as Web proxy > clients, will not be exposed to the Web proxy filter or the Web proxy > filter extension that is the HTTP security filter. When the Web proxy > filter is enabled, it automaticaly forwards the SecureNAT and Firewall > client connections to the Web proxy filter, so that even though they > aren't explicitly configured as Web proxy clients, they can still > benefit from the security and performance enhancments you get from the > Web proxy filter and its extensions. > > If you want to make changes to the HTTP security filter, go > to the HTTP > protocol and rebind the filter. You don't need to apply the changes to > the firewall policy. Then right click any rule that includes the HTTP > protocol and you'll see the Configure HTTP option again. Then make the > changes you want to the filter settings, then go back and > unbind the Web > proxy filter from the HTTP protocol. Apply the changes to the firewall > policy and you're good. > > There's another way to do this, but this is my way. :) There's a KB > article on an alternate approach if you want to take the highway. > > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > -----Original Message----- > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > Sent: Tuesday, January 17, 2006 5:19 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Continued issues with particular site > > > > http://www.ISAserver.org > > > > Unbinding the Web Proxy Filter from HTTP worked. However, I > > can no longer > > "Configure HTTP" anywhere, on any rule. I tried what Steve > > suggested, which > > is to create an allow rule for the site, but you can't unbind > > Web Proxy > > Filter from an individual rule - ( thanks for nuttin, > > Moffat!!! ;) all you > > can do is "Configure HTTP." Hell, I even tried a custom HTTP > > Protocol > > Definition (with no filtering at all) and it still doesn't work. > > > > While I could still access the web via clients specifically > > set to use a > > proxy, why would my HTTP filter configuration options go away > > because I > > unbound the Web Proxy Filter? > > > > Is there no other way to do this???? > > > > t > > > > ----- > > "I'll see your Llama and up you a Badger." > > John T > > > > > > > > ----- Original Message ----- > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Sent: Tuesday, January 17, 2006 2:07 PM > > Subject: [isalist] RE: Continued issues with particular site > > > > > > http://www.ISAserver.org > > > > The FWC will stuff use the Web proxy filter if the Web > proxy filter is > > still bound to the HTTP protocol. There are a number of > > workarounds, but > > the one I use because it's the easiest :) is to just unbind the Web > > proxy filter from the HTTP protocol and then configure the sites for > > Direct Access. > > > > This enables me to continue to benefit from the Web proxy > > filter and its > > HTTP security filter for Web proxy client connections > > (machines that are > > explicitly configured as Web proxy clients) and bypass the Web proxy > > filter for all SecureNAT (SecureNET) and FWC connections. > > > > Tom > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://spaces.msn.com/members/drisa/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > **Who is John Galt?** > > > > > > > > > -----Original Message----- > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > > Sent: Tuesday, January 17, 2006 3:59 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: Continued issues with particular site > > > > > > http://www.ISAserver.org > > > > > > That what I was saying to myself... the "Via" tells all. But > > > check it-- > > > I've got both the IP and the *.domain.com in the direct > > > access tab for the > > > source (listening) network config, I've got the firewall > > > client loaded and > > > refreshed, I've unchecked "use proxy" on the firewall client > > > config for the > > > network config, I've made sure the client is not set to use a > > > proxy in IE. > > > > > > Yet, the capture stills says "Via." > > > > > > WTF now? > > > > > > t > > > > > > ----- > > > "I'll see your Llama and up you a Badger." > > > John T > > > > > > > > > > > > ----- Original Message ----- > > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > > Sent: Tuesday, January 17, 2006 1:44 PM > > > Subject: [isalist] RE: Continued issues with particular site > > > > > > > > > http://www.ISAserver.org > > > > > > That's NOT a DIRECT ACCESS connection! > > > > > > Thomas W Shinder, M.D. > > > Site: www.isaserver.org > > > Blog: http://spaces.msn.com/members/drisa/ > > > Book: http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > > **Who is John Galt?** > > > > > > > > > > > > > -----Original Message----- > > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > > > Sent: Tuesday, January 17, 2006 3:41 PM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: Continued issues with particular site > > > > > > > > <p align=\"left\"><b><font face=\"Arial\" size=\"2\">GFI > > > > MailSecurity's HTML threat engine found HTML scripts in this > > > > email and has disabled > > them.</font></b></p>http://www.ISAserver.org > > > > > > > > So, I've basically honed it down to this. Here is what we > > > get on the > > > > external interface after the client issues the POST for the > > > > tracking number: > > > > > > > > HTTP/1.1.100.Continue..Server:.Microsoft-IIS/5.0..Date:.Tue,.1 > > > > 7.Jan.2006.21:03:46.GMT.... > > > > -then- > > > > HTTP/1.1.200.OK..Server:.Microsoft-IIS/5.0..Date:.Tue,.17.Jan. > > > 2006.21:03:46.GMT..Connection:.close..Content-> > > > Type:.text/html..............<HTML>......<HEAD>..........<META > > > > .http-equiv="Expires".content="0">..........<META.http-equiv=" > > > > Pragma".content="no-cache">..........<META.http-equiv="Cache-C > > > > ontrol".content="no-cache">.........<LINK.type="text/css".href > > > > ="include/master.css" > > > > .rel="stylesheet">..........<SCRIPT.type="text/javascript".src=" > > > > include/form_validation.js"></XCRIPT>..........<SCRIPT.type="tex > > > > t/javascript".src="include/multi_onload.js"></XCRIPT>..........< > > > > TITLE>IPT,.LLC.</TITLE>......</HEAD>......<BODY.leftmargin="0".m > > > > arginheight="0".marginwidth="0".topmargin="0">..............<TAB > > > > LE.width="100%".border="0".cellspacing="0".cellpadding="0">... > > > > ...........<TR> > > > > > > > > -- with the rest of the page following. > > > > > > > > But on the internal interface, this is what goes to the client: > > > > > > > > HTTP/1.1.100.Continue..Via:.1.1.ISA-VPN..Date:.Tue,.17.Jan.200 > > > > 6.21:25:31.GMT..Server:.Microsoft-IIS/5.0... > > > > . > > > > HTTP/1.1.200.OK..Via:.1.1.ISA-VPN..Connection:.close..Proxy-Co > > > nnection:.close..Date:.Tue,.17.Jan.2006.21:25:31.GMT..Content- > > > Type:.text > > > /html..Server:.Microsoft-> IIS/5.0.... > > > > > > > > > > > > And that's it. It dies. > > > > > > > > > > > > WTF? Anyone? Beuller? Anyone? > > > > > > > > t > > > > > > > > ----- > > > > "I'll see your Llama and up you a Badger." > > > > John T > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx> > > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > > > Sent: Tuesday, January 17, 2006 12:09 PM > > > > Subject: [isalist] RE: Continued issues with particular site > > > > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > That's my next step. I've compared captures from > > > > direct/ISA (which was a > > > > > waste of time) but now I'll have to see what I get in front > > > > and behind > > > > > ISA. Working on it now. > > > > > > > > > > t > > > > > > > > > > ----- > > > > > "I'll see your Llama and up you a Badger." > > > > > John T > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > From: "Jim Harrison" <Jim@xxxxxxxxxxxx> > > > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > > > > Sent: Tuesday, January 17, 2006 9:41 AM > > > > > Subject: [isalist] RE: Continued issues with particular site > > > > > > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > Got captures? > > > > > We can determine a *lot* from a two-sided capture... > > > > > > > > > > ------------------------------------------------------- > > > > > Jim Harrison > > > > > MCP(NT4, W2K), A+, Network+, PCG > > > > > http://isaserver.org/Jim_Harrison/ > > > > > http://isatools.org > > > > > Read the help / books / articles! > > > > > ------------------------------------------------------- > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > > > > Sent: Tuesday, January 17, 2006 09:06 > > > > > To: [ISAserver.org Discussion List] > > > > > Subject: [isalist] Continued issues with particular site > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > I've still not been able to solve the problem with this one > > > > particular > > > > > page on a site we must use to track service calls. My > > > > users can log on to > > > > > the site fine, and access parts of the site, but when we > > > go to this > > > > > particular page to track issues by number, it comes up with > > > > a blank page. > > > > > > > > > > "View Source" shows the right tags, <HTML> through </HTML>, > > > > but there is > > > > > no content. Accessing outside of ISA works fine. I've > > > > tried FW Client, > > > > > Proxy Client, changing authentication on both the rule and > > > > the network > > > > > proxy listener, entering "Direct Access," etc, removing the > > > > HTTP filter, > > > > > etc and nothing works. > > > > > > > > > > The logs show the site being accessed properly, though the > > > > page is blank. > > > > > > > > > > Where to turn? Is it PSS time? > > > > > > > > > > t > > > > > > > > > > > > > > > > > > > > > > > > > ----- > > > > > "I'll see your Llama and up you a Badger." > > > > > John T > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > > List Archives: > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > > ISA Server Newsletter: > > > http://www.isaserver.org/pages/newsletter.asp > > > > > ISA Server FAQ: > > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > > ------------------------------------------------------ > > > > > Visit TechGenix.com for more information about our > other sites: > > > > > http://www.techgenix.com > > > > > ------------------------------------------------------ > > > > > You are currently subscribed to this ISAserver.org > > > > Discussion List as: > > > > > jim@xxxxxxxxxxxx To unsubscribe visit > > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > > List Archives: > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > > ISA Server Newsletter: > > > http://www.isaserver.org/pages/newsletter.asp > > > > > ISA Server FAQ: > > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > > ------------------------------------------------------ > > > > > Visit TechGenix.com for more information about our > other sites: > > > > > http://www.techgenix.com > > > > > ------------------------------------------------------ > > > > > You are currently subscribed to this ISAserver.org > > > > Discussion List as: > > > > > thor@xxxxxxxxxxxxxxx > > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > > List Archives: > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > > ISA Server Newsletter: > > > http://www.isaserver.org/pages/newsletter.asp > > > > > ISA Server FAQ: > > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > > ------------------------------------------------------ > > > > > Visit TechGenix.com for more information about our > other sites: > > > > > http://www.techgenix.com > > > > > ------------------------------------------------------ > > > > > You are currently subscribed to this ISAserver.org > > > > Discussion List as: > > > > > thor@xxxxxxxxxxxxxxx > > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org Discussion > > > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion > > > List as: > > > thor@xxxxxxxxxxxxxxx > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion > > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > thor@xxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: > thor@xxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >