Heh- I found them now that I know what to look for. You should get that
Google appliance to index your content so that searches are better. ;)
t
----- "I'll see your Llama and up you a Badger." John T
http://www.ISAserver.org
Hi Tim,
You bet! The Microsoft FM doesn't have that info -- only my FMs :)
I'm way ahead of you in the papers shoved in the suggestion box, but it'll be fantastic to get your submissions in there too. There's power and occasionally safety in numbers :)
Tom
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?**
-----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Tuesday, January 17, 2006 9:22 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Continued issues with particular site
http://www.ISAserver.org
RTFM? I did! Nowhere in there does it say "If you unbind the Web Proxy Filter from HTTP, the Configure HTTP interface dissapears. However, the HTTP Filter is still in place." That's just not in there. But I guess I'll trust you.
And thank you. I'll also look for the KB. I'll also make sure that I submit some suggestions for ISA 2006, which I was invited to Beta for.
t
----- "I'll see your Llama and up you a Badger." John T
----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, January 17, 2006 5:40 PM
Subject: [isalist] RE: Continued issues with particular site
http://www.ISAserver.org
OK you,
Anybody else, and I'd tell 'em to RTFM, but one day I may come to you and ask a favor.
When you unbind the Web proxy filter from the HTTP protocol, it has the untoward effect that you observed -- the HTTP security configuration interface disappears. HOWEVER, that does NOT mean that its not working. All the settings you have created so far are still in effect for Web proxy clients.
However, machines that aren't explicitly configured as Web proxy clients, will not be exposed to the Web proxy filter or the Web proxy filter extension that is the HTTP security filter. When the Web proxy filter is enabled, it automaticaly forwards the SecureNAT and Firewall client connections to the Web proxy filter, so that even though they aren't explicitly configured as Web proxy clients, they can still benefit from the security and performance enhancments you get from the Web proxy filter and its extensions.
If you want to make changes to the HTTP security filter, go to the HTTP protocol and rebind the filter. You don't need to apply the changes to the firewall policy. Then right click any rule that includes the HTTP protocol and you'll see the Configure HTTP option again. Then make the changes you want to the filter settings, then go back and unbind the Web proxy filter from the HTTP protocol. Apply the changes to the firewall policy and you're good.
There's another way to do this, but this is my way. :) There's a KB article on an alternate approach if you want to take the highway.
Tom
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?**
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> Sent: Tuesday, January 17, 2006 5:19 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Continued issues with particular site
>
> http://www.ISAserver.org
>
> Unbinding the Web Proxy Filter from HTTP worked. However, I
> can no longer
> "Configure HTTP" anywhere, on any rule. I tried what Steve
> suggested, which
> is to create an allow rule for the site, but you can't unbind
> Web Proxy
> Filter from an individual rule - ( thanks for nuttin,
> Moffat!!! ;) all you
> can do is "Configure HTTP." Hell, I even tried a custom HTTP
> Protocol
> Definition (with no filtering at all) and it still doesn't work.
>
> While I could still access the web via clients specifically
> set to use a
> proxy, why would my HTTP filter configuration options go away
> because I
> unbound the Web Proxy Filter?
>
> Is there no other way to do this????
>
> t
>
> -----
> "I'll see your Llama and up you a Badger."
> John T
>
>
>
> ----- Original Message ----- > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Tuesday, January 17, 2006 2:07 PM
> Subject: [isalist] RE: Continued issues with particular site
>
>
> http://www.ISAserver.org
>
> The FWC will stuff use the Web proxy filter if the Web
proxy filter is
> still bound to the HTTP protocol. There are a number of
> workarounds, but
> the one I use because it's the easiest :) is to just unbind the Web
> proxy filter from the HTTP protocol and then configure the sites for
> Direct Access.
>
> This enables me to continue to benefit from the Web proxy
> filter and its
> HTTP security filter for Web proxy client connections
> (machines that are
> explicitly configured as Web proxy clients) and bypass the Web proxy
> filter for all SecureNAT (SecureNET) and FWC connections.
>
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > Sent: Tuesday, January 17, 2006 3:59 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Continued issues with particular site
> >
> > http://www.ISAserver.org
> >
> > That what I was saying to myself... the "Via" tells all. But
> > check it--
> > I've got both the IP and the *.domain.com in the direct
> > access tab for the
> > source (listening) network config, I've got the firewall
> > client loaded and
> > refreshed, I've unchecked "use proxy" on the firewall client
> > config for the
> > network config, I've made sure the client is not set to use a
> > proxy in IE.
> >
> > Yet, the capture stills says "Via."
> >
> > WTF now?
> >
> > t
> >
> > -----
> > "I'll see your Llama and up you a Badger."
> > John T
> >
> >
> >
> > ----- Original Message ----- > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Tuesday, January 17, 2006 1:44 PM
> > Subject: [isalist] RE: Continued issues with particular site
> >
> >
> > http://www.ISAserver.org
> >
> > That's NOT a DIRECT ACCESS connection!
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > **Who is John Galt?**
> >
> >
> >
> > > -----Original Message-----
> > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > Sent: Tuesday, January 17, 2006 3:41 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Continued issues with particular site
> > >
> > > <p align=\"left\"><b><font face=\"Arial\" size=\"2\">GFI
> > > MailSecurity's HTML threat engine found HTML scripts in this
> > > email and has disabled
> them.</font></b></p>http://www.ISAserver.org
> > >
> > > So, I've basically honed it down to this. Here is what we
> > get on the
> > > external interface after the client issues the POST for the
> > > tracking number:
> > >
> > > HTTP/1.1.100.Continue..Server:.Microsoft-IIS/5.0..Date:.Tue,.1
> > > 7.Jan.2006.21:03:46.GMT....
> > > -then-
> > > HTTP/1.1.200.OK..Server:.Microsoft-IIS/5.0..Date:.Tue,.17.Jan.
> > 2006.21:03:46.GMT..Connection:.close..Content->
> > Type:.text/html..............<HTML>......<HEAD>..........<META
> > > .http-equiv="Expires".content="0">..........<META.http-equiv="
> > > Pragma".content="no-cache">..........<META.http-equiv="Cache-C
> > > ontrol".content="no-cache">.........<LINK.type="text/css".href
> > > ="include/master.css"
> > > .rel="stylesheet">..........<SCRIPT.type="text/javascript".src="
> > > include/form_validation.js"></XCRIPT>..........<SCRIPT.type="tex
> > > t/javascript".src="include/multi_onload.js"></XCRIPT>..........<
> > > TITLE>IPT,.LLC.</TITLE>......</HEAD>......<BODY.leftmargin="0".m
> > > arginheight="0".marginwidth="0".topmargin="0">..............<TAB
> > > LE.width="100%".border="0".cellspacing="0".cellpadding="0">...
> > > ...........<TR>
> > >
> > > -- with the rest of the page following.
> > >
> > > But on the internal interface, this is what goes to the client:
> > >
> > > HTTP/1.1.100.Continue..Via:.1.1.ISA-VPN..Date:.Tue,.17.Jan.200
> > > 6.21:25:31.GMT..Server:.Microsoft-IIS/5.0...
> > > .
> > > HTTP/1.1.200.OK..Via:.1.1.ISA-VPN..Connection:.close..Proxy-Co
> > nnection:.close..Date:.Tue,.17.Jan.2006.21:25:31.GMT..Content-
> > Type:.text
> > /html..Server:.Microsoft-> IIS/5.0....
> > >
> > >
> > > And that's it. It dies.
> > >
> > >
> > > WTF? Anyone? Beuller? Anyone?
> > >
> > > t
> > >
> > > -----
> > > "I'll see your Llama and up you a Badger."
> > > John T
> > >
> > >
> > >
> > > ----- Original Message ----- > > > From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Tuesday, January 17, 2006 12:09 PM
> > > Subject: [isalist] RE: Continued issues with particular site
> > >
> > >
> > > > http://www.ISAserver.org
> > > >
> > > > That's my next step. I've compared captures from
> > > direct/ISA (which was a
> > > > waste of time) but now I'll have to see what I get in front
> > > and behind
> > > > ISA. Working on it now.
> > > >
> > > > t
> > > >
> > > > -----
> > > > "I'll see your Llama and up you a Badger."
> > > > John T
> > > >
> > > >
> > > >
> > > > ----- Original Message ----- > > > > From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > Sent: Tuesday, January 17, 2006 9:41 AM
> > > > Subject: [isalist] RE: Continued issues with particular site
> > > >
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Got captures?
> > > > We can determine a *lot* from a two-sided capture...
> > > >
> > > > -------------------------------------------------------
> > > > Jim Harrison
> > > > MCP(NT4, W2K), A+, Network+, PCG
> > > > http://isaserver.org/Jim_Harrison/
> > > > http://isatools.org
> > > > Read the help / books / articles!
> > > > -------------------------------------------------------
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > > Sent: Tuesday, January 17, 2006 09:06
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] Continued issues with particular site
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > I've still not been able to solve the problem with this one
> > > particular
> > > > page on a site we must use to track service calls. My
> > > users can log on to
> > > > the site fine, and access parts of the site, but when we
> > go to this
> > > > particular page to track issues by number, it comes up with
> > > a blank page.
> > > >
> > > > "View Source" shows the right tags, <HTML> through </HTML>,
> > > but there is
> > > > no content. Accessing outside of ISA works fine. I've
> > > tried FW Client,
> > > > Proxy Client, changing authentication on both the rule and
> > > the network
> > > > proxy listener, entering "Direct Access," etc, removing the
> > > HTTP filter,
> > > > etc and nothing works.
> > > >
> > > > The logs show the site being accessed properly, though the
> > > page is blank.
> > > >
> > > > Where to turn? Is it PSS time?
> > > >
> > > > t
> > > >
> > > >
> > > >
> > > >
> > > > -----
> > > > "I'll see your Llama and up you a Badger."
> > > > John T
> > > >
> > > >
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our
other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org
> > > Discussion List as:
> > > > jim@xxxxxxxxxxxx To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > > All mail to and from this domain is GFI-scanned.
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our
other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org
> > > Discussion List as:
> > > > thor@xxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our
other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org
> > > Discussion List as:
> > > > thor@xxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as:
> > thor@xxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org
Discussion List as:
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx