RE: Continued issues with particular site
- From: "Thor \(Hammer of God\)" <thor@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 18 Jan 2006 17:52:30 -0800
That's what I meant, you titsicle. I didn't disable the whole thing...
"Unbound" "Disbound" "Unbinded" "Cleared the mf checkbox from the mf
protocol." Whatever you want to call it.
"Unbinding" the Web Proxy Filter from HTTP kills the HTTP filter.
F* it. I'll just call PSS tomorrow.
t
-----
"I'll see your Llama and up you a Badger."
John T
----- Original Message -----
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, January 18, 2006 5:42 PM
Subject: [isalist] RE: Continued issues with particular site
http://www.ISAserver.org
I said to UNBIND the filter from the protocol, NOT disable the Web proxy
filter. You will want the Web proxy filter to work for the Web proxy
client connections.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
Sent: Wednesday, January 18, 2006 6:25 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Continued issues with particular site
http://www.ISAserver.org
YOU DID!! THE KB DID!!
>When you unbind the Web proxy filter from the HTTP protocol,
it has the
>untoward effect that you observed -- the HTTP security configuration
>interface disappears. HOWEVER, that does NOT mean that its
not working.
>All the settings you have created so far are still in effect for Web
>proxy clients.
That's the only thing bound to the damn protocol! Why are
you doing this to
me? What did I ever do to you (that you found out about)?????
FFS!
t
-----
"I'll see your Llama and up you a Badger."
John T
----- Original Message -----
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, January 18, 2006 3:24 PM
Subject: [isalist] RE: Continued issues with particular site
http://www.ISAserver.org
DUDE,
Who said to disable the Web proxy filter?????
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> Sent: Wednesday, January 18, 2006 3:17 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Continued issues with particular site
>
> http://www.ISAserver.org
>
> OK- some of you guys may be tired of this, but this is
> important stuff and
> has ISA-Server wide configuration consequences.
>
> According to http://support.microsoft.com/kb/838368/en-us
> disabling the Web
> Proxy Filter *does indeed* disable the HTTP filter:
>
> <snip>
> Click the Parameters tab, click to clear the Web Proxy Filter
> check box
> under Application Filters, and then click OK.
>
> Important If you disable the Web Proxy Filter, ISA Server
> 2004 no longer
> performs HTTP content inspection.
> </snip>
>
> Not knowing who to believe, I tested it myself. I configured
> the HTTP
> filter on my outbound web rule to only allow GET requests. I
> tested a POST,
> and it failed appropriately. I then unbound the Web Proxy
> Filter from HTTP
> (and applied). Without refreshing the Firewall client, I
> immediately tried
> again. The POST still failed, leading one to think that the
> HTTP filter was
> still being applied. However, upon refreshing the Firewall
> client, the
> request went right through, even in the presence of the
> rule's HTTP Filter
> configured to only allow GET.
>
> Unbinding the Web Proxy Filter from HTTP *disables* the
HTTP Filter /
> content filtering. That blows.
>
> This whole business brings into question the Direct Access
> functionality for
> external sites altogether. While I see the value for
internal sites,
> reading KB's on how to set up Direct Access for FWC's states
> nowhere that
> for it to work you have to unbind the Web Proxy Filter from
> HTTP. Yet it
> is clear in packet traces that leaving it bound to HTTP makes
> ISA proxy the
> connection anyway.
>
> Further, setting up a custom HTTP rule works for establishing the
> connection, but once ISA determines that the content is HTTP,
> it still
> applies the filter to it. So you can't leave the Web Proxy
> Filter bound to
> HTTP and make a custom rule above your normal rule for a
> particular site and
> have it work. It even shows in the log that "HTTP (Custom)" is the
> initialized rule, but "http" (note the lower case) is used
> for the "Outbound
> HTTP" rule.
>
> What are the other "work arounds" mentioned? Jim, you've
> been strangely
> silent on this one-- anything to offer here? Typically when
> you don't get
> involved it's 'cause you've got the super-secret info.
>
> t
>
>
>
>
>
>
> -----
> "I'll see your Llama and up you a Badger."
> John T
>
>
>
> ----- Original Message -----
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Tuesday, January 17, 2006 5:40 PM
> Subject: [isalist] RE: Continued issues with particular site
>
>
> http://www.ISAserver.org
>
> OK you,
>
> Anybody else, and I'd tell 'em to RTFM, but one day I may
come to you
> and ask a favor.
>
> When you unbind the Web proxy filter from the HTTP protocol,
> it has the
> untoward effect that you observed -- the HTTP security configuration
> interface disappears. HOWEVER, that does NOT mean that its
> not working.
> All the settings you have created so far are still in effect for Web
> proxy clients.
>
> However, machines that aren't explicitly configured as Web proxy
> clients, will not be exposed to the Web proxy filter or the
Web proxy
> filter extension that is the HTTP security filter. When the
Web proxy
> filter is enabled, it automaticaly forwards the SecureNAT
and Firewall
> client connections to the Web proxy filter, so that even though they
> aren't explicitly configured as Web proxy clients, they can still
> benefit from the security and performance enhancments you
get from the
> Web proxy filter and its extensions.
>
> If you want to make changes to the HTTP security filter, go
> to the HTTP
> protocol and rebind the filter. You don't need to apply the
changes to
> the firewall policy. Then right click any rule that
includes the HTTP
> protocol and you'll see the Configure HTTP option again.
Then make the
> changes you want to the filter settings, then go back and
> unbind the Web
> proxy filter from the HTTP protocol. Apply the changes to
the firewall
> policy and you're good.
>
> There's another way to do this, but this is my way. :) There's a KB
> article on an alternate approach if you want to take the highway.
>
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > Sent: Tuesday, January 17, 2006 5:19 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Continued issues with particular site
> >
> > http://www.ISAserver.org
> >
> > Unbinding the Web Proxy Filter from HTTP worked. However, I
> > can no longer
> > "Configure HTTP" anywhere, on any rule. I tried what Steve
> > suggested, which
> > is to create an allow rule for the site, but you can't unbind
> > Web Proxy
> > Filter from an individual rule - ( thanks for nuttin,
> > Moffat!!! ;) all you
> > can do is "Configure HTTP." Hell, I even tried a custom HTTP
> > Protocol
> > Definition (with no filtering at all) and it still doesn't work.
> >
> > While I could still access the web via clients specifically
> > set to use a
> > proxy, why would my HTTP filter configuration options go away
> > because I
> > unbound the Web Proxy Filter?
> >
> > Is there no other way to do this????
> >
> > t
> >
> > -----
> > "I'll see your Llama and up you a Badger."
> > John T
> >
> >
> >
> > ----- Original Message -----
> > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Tuesday, January 17, 2006 2:07 PM
> > Subject: [isalist] RE: Continued issues with particular site
> >
> >
> > http://www.ISAserver.org
> >
> > The FWC will stuff use the Web proxy filter if the Web
> proxy filter is
> > still bound to the HTTP protocol. There are a number of
> > workarounds, but
> > the one I use because it's the easiest :) is to just
unbind the Web
> > proxy filter from the HTTP protocol and then configure
the sites for
> > Direct Access.
> >
> > This enables me to continue to benefit from the Web proxy
> > filter and its
> > HTTP security filter for Web proxy client connections
> > (machines that are
> > explicitly configured as Web proxy clients) and bypass
the Web proxy
> > filter for all SecureNAT (SecureNET) and FWC connections.
> >
> > Tom
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > **Who is John Galt?**
> >
> >
> >
> > > -----Original Message-----
> > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > Sent: Tuesday, January 17, 2006 3:59 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Continued issues with particular site
> > >
> > > http://www.ISAserver.org
> > >
> > > That what I was saying to myself... the "Via" tells all. But
> > > check it--
> > > I've got both the IP and the *.domain.com in the direct
> > > access tab for the
> > > source (listening) network config, I've got the firewall
> > > client loaded and
> > > refreshed, I've unchecked "use proxy" on the firewall client
> > > config for the
> > > network config, I've made sure the client is not set to use a
> > > proxy in IE.
> > >
> > > Yet, the capture stills says "Via."
> > >
> > > WTF now?
> > >
> > > t
> > >
> > > -----
> > > "I'll see your Llama and up you a Badger."
> > > John T
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Tuesday, January 17, 2006 1:44 PM
> > > Subject: [isalist] RE: Continued issues with particular site
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > That's NOT a DIRECT ACCESS connection!
> > >
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://spaces.msn.com/members/drisa/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > > **Who is John Galt?**
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > > Sent: Tuesday, January 17, 2006 3:41 PM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: Continued issues with particular site
> > > >
> > > > <p align=\"left\"><b><font face=\"Arial\" size=\"2\">GFI
> > > > MailSecurity's HTML threat engine found HTML scripts in this
> > > > email and has disabled
> > them.</font></b></p>http://www.ISAserver.org
> > > >
> > > > So, I've basically honed it down to this. Here is what we
> > > get on the
> > > > external interface after the client issues the POST for the
> > > > tracking number:
> > > >
> > > > HTTP/1.1.100.Continue..Server:.Microsoft-IIS/5.0..Date:.Tue,.1
> > > > 7.Jan.2006.21:03:46.GMT....
> > > > -then-
> > > > HTTP/1.1.200.OK..Server:.Microsoft-IIS/5.0..Date:.Tue,.17.Jan.
> > > 2006.21:03:46.GMT..Connection:.close..Content->
> > > Type:.text/html..............<HTML>......<HEAD>..........<META
> > > > .http-equiv="Expires".content="0">..........<META.http-equiv="
> > > > Pragma".content="no-cache">..........<META.http-equiv="Cache-C
> > > > ontrol".content="no-cache">.........<LINK.type="text/css".href
> > > > ="include/master.css"
> > > >
.rel="stylesheet">..........<SCRIPT.type="text/javascript".src="
> > > >
include/form_validation.js"></XCRIPT>..........<SCRIPT.type="tex
> > > >
t/javascript".src="include/multi_onload.js"></XCRIPT>..........<
> > > >
TITLE>IPT,.LLC.</TITLE>......</HEAD>......<BODY.leftmargin="0".m
> > > >
arginheight="0".marginwidth="0".topmargin="0">..............<TAB
> > > > LE.width="100%".border="0".cellspacing="0".cellpadding="0">...
> > > > ...........<TR>
> > > >
> > > > -- with the rest of the page following.
> > > >
> > > > But on the internal interface, this is what goes to
the client:
> > > >
> > > > HTTP/1.1.100.Continue..Via:.1.1.ISA-VPN..Date:.Tue,.17.Jan.200
> > > > 6.21:25:31.GMT..Server:.Microsoft-IIS/5.0...
> > > > .
> > > > HTTP/1.1.200.OK..Via:.1.1.ISA-VPN..Connection:.close..Proxy-Co
> > > nnection:.close..Date:.Tue,.17.Jan.2006.21:25:31.GMT..Content-
> > > Type:.text
> > > /html..Server:.Microsoft-> IIS/5.0....
> > > >
> > > >
> > > > And that's it. It dies.
> > > >
> > > >
> > > > WTF? Anyone? Beuller? Anyone?
> > > >
> > > > t
> > > >
> > > > -----
> > > > "I'll see your Llama and up you a Badger."
> > > > John T
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > Sent: Tuesday, January 17, 2006 12:09 PM
> > > > Subject: [isalist] RE: Continued issues with particular site
> > > >
> > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > That's my next step. I've compared captures from
> > > > direct/ISA (which was a
> > > > > waste of time) but now I'll have to see what I get in front
> > > > and behind
> > > > > ISA. Working on it now.
> > > > >
> > > > > t
> > > > >
> > > > > -----
> > > > > "I'll see your Llama and up you a Badger."
> > > > > John T
> > > > >
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
> > > > > To: "[ISAserver.org Discussion List]"
<isalist@xxxxxxxxxxxxx>
> > > > > Sent: Tuesday, January 17, 2006 9:41 AM
> > > > > Subject: [isalist] RE: Continued issues with particular site
> > > > >
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > Got captures?
> > > > > We can determine a *lot* from a two-sided capture...
> > > > >
> > > > > -------------------------------------------------------
> > > > > Jim Harrison
> > > > > MCP(NT4, W2K), A+, Network+, PCG
> > > > > http://isaserver.org/Jim_Harrison/
> > > > > http://isatools.org
> > > > > Read the help / books / articles!
> > > > > -------------------------------------------------------
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > > > Sent: Tuesday, January 17, 2006 09:06
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] Continued issues with particular site
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > I've still not been able to solve the problem with this one
> > > > particular
> > > > > page on a site we must use to track service calls. My
> > > > users can log on to
> > > > > the site fine, and access parts of the site, but when we
> > > go to this
> > > > > particular page to track issues by number, it comes up with
> > > > a blank page.
> > > > >
> > > > > "View Source" shows the right tags, <HTML> through </HTML>,
> > > > but there is
> > > > > no content. Accessing outside of ISA works fine. I've
> > > > tried FW Client,
> > > > > Proxy Client, changing authentication on both the rule and
> > > > the network
> > > > > proxy listener, entering "Direct Access," etc, removing the
> > > > HTTP filter,
> > > > > etc and nothing works.
> > > > >
> > > > > The logs show the site being accessed properly, though the
> > > > page is blank.
> > > > >
> > > > > Where to turn? Is it PSS time?
> > > > >
> > > > > t
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -----
> > > > > "I'll see your Llama and up you a Badger."
> > > > > John T
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ:
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our
> other sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org
> > > > Discussion List as:
> > > > > jim@xxxxxxxxxxxx To unsubscribe visit
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > > > All mail to and from this domain is GFI-scanned.
> > > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ:
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our
> other sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org
> > > > Discussion List as:
> > > > > thor@xxxxxxxxxxxxxxx
> > > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ:
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our
> other sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org
> > > > Discussion List as:
> > > > > thor@xxxxxxxxxxxxxxx
> > > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > > >
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our
other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
> > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > >
> > > ------------------------------------------------------
> > > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as:
> > > thor@xxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > thor@xxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as:
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as:
thor@xxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
- » Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
- » RE: Continued issues with particular site
----- "I'll see your Llama and up you a Badger." John T
http://www.ISAserver.org
-----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Wednesday, January 18, 2006 6:25 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Continued issues with particular site
http://www.ISAserver.org
YOU DID!! THE KB DID!!
>When you unbind the Web proxy filter from the HTTP protocol, it has the >untoward effect that you observed -- the HTTP security configuration >interface disappears. HOWEVER, that does NOT mean that its not working. >All the settings you have created so far are still in effect for Web >proxy clients.
That's the only thing bound to the damn protocol! Why are you doing this to me? What did I ever do to you (that you found out about)?????
FFS!
t
----- "I'll see your Llama and up you a Badger." John T
----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, January 18, 2006 3:24 PM
Subject: [isalist] RE: Continued issues with particular site
http://www.ISAserver.org
DUDE,
Who said to disable the Web proxy filter?????
Tom
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?**
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> Sent: Wednesday, January 18, 2006 3:17 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Continued issues with particular site
>
> http://www.ISAserver.org
>
> OK- some of you guys may be tired of this, but this is
> important stuff and
> has ISA-Server wide configuration consequences.
>
> According to http://support.microsoft.com/kb/838368/en-us
> disabling the Web
> Proxy Filter *does indeed* disable the HTTP filter:
>
> <snip>
> Click the Parameters tab, click to clear the Web Proxy Filter
> check box
> under Application Filters, and then click OK.
>
> Important If you disable the Web Proxy Filter, ISA Server
> 2004 no longer
> performs HTTP content inspection.
> </snip>
>
> Not knowing who to believe, I tested it myself. I configured
> the HTTP
> filter on my outbound web rule to only allow GET requests. I
> tested a POST,
> and it failed appropriately. I then unbound the Web Proxy
> Filter from HTTP
> (and applied). Without refreshing the Firewall client, I
> immediately tried
> again. The POST still failed, leading one to think that the
> HTTP filter was
> still being applied. However, upon refreshing the Firewall
> client, the
> request went right through, even in the presence of the
> rule's HTTP Filter
> configured to only allow GET.
>
> Unbinding the Web Proxy Filter from HTTP *disables* the
HTTP Filter /
> content filtering. That blows.
>
> This whole business brings into question the Direct Access
> functionality for
> external sites altogether. While I see the value for
internal sites,
> reading KB's on how to set up Direct Access for FWC's states
> nowhere that
> for it to work you have to unbind the Web Proxy Filter from
> HTTP. Yet it
> is clear in packet traces that leaving it bound to HTTP makes
> ISA proxy the
> connection anyway.
>
> Further, setting up a custom HTTP rule works for establishing the
> connection, but once ISA determines that the content is HTTP,
> it still
> applies the filter to it. So you can't leave the Web Proxy
> Filter bound to
> HTTP and make a custom rule above your normal rule for a
> particular site and
> have it work. It even shows in the log that "HTTP (Custom)" is the
> initialized rule, but "http" (note the lower case) is used
> for the "Outbound
> HTTP" rule.
>
> What are the other "work arounds" mentioned? Jim, you've
> been strangely
> silent on this one-- anything to offer here? Typically when
> you don't get
> involved it's 'cause you've got the super-secret info.
>
> t
>
>
>
>
>
>
> -----
> "I'll see your Llama and up you a Badger."
> John T
>
>
>
> ----- Original Message ----- > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Tuesday, January 17, 2006 5:40 PM
> Subject: [isalist] RE: Continued issues with particular site
>
>
> http://www.ISAserver.org
>
> OK you,
>
> Anybody else, and I'd tell 'em to RTFM, but one day I may
come to you
> and ask a favor.
>
> When you unbind the Web proxy filter from the HTTP protocol,
> it has the
> untoward effect that you observed -- the HTTP security configuration
> interface disappears. HOWEVER, that does NOT mean that its
> not working.
> All the settings you have created so far are still in effect for Web
> proxy clients.
>
> However, machines that aren't explicitly configured as Web proxy
> clients, will not be exposed to the Web proxy filter or the
Web proxy
> filter extension that is the HTTP security filter. When the
Web proxy
> filter is enabled, it automaticaly forwards the SecureNAT
and Firewall
> client connections to the Web proxy filter, so that even though they
> aren't explicitly configured as Web proxy clients, they can still
> benefit from the security and performance enhancments you
get from the
> Web proxy filter and its extensions.
>
> If you want to make changes to the HTTP security filter, go
> to the HTTP
> protocol and rebind the filter. You don't need to apply the
changes to
> the firewall policy. Then right click any rule that
includes the HTTP
> protocol and you'll see the Configure HTTP option again.
Then make the
> changes you want to the filter settings, then go back and
> unbind the Web
> proxy filter from the HTTP protocol. Apply the changes to
the firewall
> policy and you're good.
>
> There's another way to do this, but this is my way. :) There's a KB
> article on an alternate approach if you want to take the highway.
>
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > Sent: Tuesday, January 17, 2006 5:19 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Continued issues with particular site
> >
> > http://www.ISAserver.org
> >
> > Unbinding the Web Proxy Filter from HTTP worked. However, I
> > can no longer
> > "Configure HTTP" anywhere, on any rule. I tried what Steve
> > suggested, which
> > is to create an allow rule for the site, but you can't unbind
> > Web Proxy
> > Filter from an individual rule - ( thanks for nuttin,
> > Moffat!!! ;) all you
> > can do is "Configure HTTP." Hell, I even tried a custom HTTP
> > Protocol
> > Definition (with no filtering at all) and it still doesn't work.
> >
> > While I could still access the web via clients specifically
> > set to use a
> > proxy, why would my HTTP filter configuration options go away
> > because I
> > unbound the Web Proxy Filter?
> >
> > Is there no other way to do this????
> >
> > t
> >
> > -----
> > "I'll see your Llama and up you a Badger."
> > John T
> >
> >
> >
> > ----- Original Message ----- > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Tuesday, January 17, 2006 2:07 PM
> > Subject: [isalist] RE: Continued issues with particular site
> >
> >
> > http://www.ISAserver.org
> >
> > The FWC will stuff use the Web proxy filter if the Web
> proxy filter is
> > still bound to the HTTP protocol. There are a number of
> > workarounds, but
> > the one I use because it's the easiest :) is to just
unbind the Web
> > proxy filter from the HTTP protocol and then configure
the sites for
> > Direct Access.
> >
> > This enables me to continue to benefit from the Web proxy
> > filter and its
> > HTTP security filter for Web proxy client connections
> > (machines that are
> > explicitly configured as Web proxy clients) and bypass
the Web proxy
> > filter for all SecureNAT (SecureNET) and FWC connections.
> >
> > Tom
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > **Who is John Galt?**
> >
> >
> >
> > > -----Original Message-----
> > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > Sent: Tuesday, January 17, 2006 3:59 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Continued issues with particular site
> > >
> > > http://www.ISAserver.org
> > >
> > > That what I was saying to myself... the "Via" tells all. But
> > > check it--
> > > I've got both the IP and the *.domain.com in the direct
> > > access tab for the
> > > source (listening) network config, I've got the firewall
> > > client loaded and
> > > refreshed, I've unchecked "use proxy" on the firewall client
> > > config for the
> > > network config, I've made sure the client is not set to use a
> > > proxy in IE.
> > >
> > > Yet, the capture stills says "Via."
> > >
> > > WTF now?
> > >
> > > t
> > >
> > > -----
> > > "I'll see your Llama and up you a Badger."
> > > John T
> > >
> > >
> > >
> > > ----- Original Message ----- > > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Tuesday, January 17, 2006 1:44 PM
> > > Subject: [isalist] RE: Continued issues with particular site
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > That's NOT a DIRECT ACCESS connection!
> > >
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://spaces.msn.com/members/drisa/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > > **Who is John Galt?**
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > > Sent: Tuesday, January 17, 2006 3:41 PM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: Continued issues with particular site
> > > >
> > > > <p align=\"left\"><b><font face=\"Arial\" size=\"2\">GFI
> > > > MailSecurity's HTML threat engine found HTML scripts in this
> > > > email and has disabled
> > them.</font></b></p>http://www.ISAserver.org
> > > >
> > > > So, I've basically honed it down to this. Here is what we
> > > get on the
> > > > external interface after the client issues the POST for the
> > > > tracking number:
> > > >
> > > > HTTP/1.1.100.Continue..Server:.Microsoft-IIS/5.0..Date:.Tue,.1
> > > > 7.Jan.2006.21:03:46.GMT....
> > > > -then-
> > > > HTTP/1.1.200.OK..Server:.Microsoft-IIS/5.0..Date:.Tue,.17.Jan.
> > > 2006.21:03:46.GMT..Connection:.close..Content->
> > > Type:.text/html..............<HTML>......<HEAD>..........<META
> > > > .http-equiv="Expires".content="0">..........<META.http-equiv="
> > > > Pragma".content="no-cache">..........<META.http-equiv="Cache-C
> > > > ontrol".content="no-cache">.........<LINK.type="text/css".href
> > > > ="include/master.css"
> > > >
.rel="stylesheet">..........<SCRIPT.type="text/javascript".src="
> > > >
include/form_validation.js"></XCRIPT>..........<SCRIPT.type="tex
> > > >
t/javascript".src="include/multi_onload.js"></XCRIPT>..........<
> > > >
TITLE>IPT,.LLC.</TITLE>......</HEAD>......<BODY.leftmargin="0".m
> > > >
arginheight="0".marginwidth="0".topmargin="0">..............<TAB
> > > > LE.width="100%".border="0".cellspacing="0".cellpadding="0">...
> > > > ...........<TR>
> > > >
> > > > -- with the rest of the page following.
> > > >
> > > > But on the internal interface, this is what goes to
the client:
> > > >
> > > > HTTP/1.1.100.Continue..Via:.1.1.ISA-VPN..Date:.Tue,.17.Jan.200
> > > > 6.21:25:31.GMT..Server:.Microsoft-IIS/5.0...
> > > > .
> > > > HTTP/1.1.200.OK..Via:.1.1.ISA-VPN..Connection:.close..Proxy-Co
> > > nnection:.close..Date:.Tue,.17.Jan.2006.21:25:31.GMT..Content-
> > > Type:.text
> > > /html..Server:.Microsoft-> IIS/5.0....
> > > >
> > > >
> > > > And that's it. It dies.
> > > >
> > > >
> > > > WTF? Anyone? Beuller? Anyone?
> > > >
> > > > t
> > > >
> > > > -----
> > > > "I'll see your Llama and up you a Badger."
> > > > John T
> > > >
> > > >
> > > >
> > > > ----- Original Message ----- > > > > From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > Sent: Tuesday, January 17, 2006 12:09 PM
> > > > Subject: [isalist] RE: Continued issues with particular site
> > > >
> > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > That's my next step. I've compared captures from
> > > > direct/ISA (which was a
> > > > > waste of time) but now I'll have to see what I get in front
> > > > and behind
> > > > > ISA. Working on it now.
> > > > >
> > > > > t
> > > > >
> > > > > -----
> > > > > "I'll see your Llama and up you a Badger."
> > > > > John T
> > > > >
> > > > >
> > > > >
> > > > > ----- Original Message ----- > > > > > From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
> > > > > To: "[ISAserver.org Discussion List]"
<isalist@xxxxxxxxxxxxx>
> > > > > Sent: Tuesday, January 17, 2006 9:41 AM
> > > > > Subject: [isalist] RE: Continued issues with particular site
> > > > >
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > Got captures?
> > > > > We can determine a *lot* from a two-sided capture...
> > > > >
> > > > > -------------------------------------------------------
> > > > > Jim Harrison
> > > > > MCP(NT4, W2K), A+, Network+, PCG
> > > > > http://isaserver.org/Jim_Harrison/
> > > > > http://isatools.org
> > > > > Read the help / books / articles!
> > > > > -------------------------------------------------------
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > > > Sent: Tuesday, January 17, 2006 09:06
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] Continued issues with particular site
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > I've still not been able to solve the problem with this one
> > > > particular
> > > > > page on a site we must use to track service calls. My
> > > > users can log on to
> > > > > the site fine, and access parts of the site, but when we
> > > go to this
> > > > > particular page to track issues by number, it comes up with
> > > > a blank page.
> > > > >
> > > > > "View Source" shows the right tags, <HTML> through </HTML>,
> > > > but there is
> > > > > no content. Accessing outside of ISA works fine. I've
> > > > tried FW Client,
> > > > > Proxy Client, changing authentication on both the rule and
> > > > the network
> > > > > proxy listener, entering "Direct Access," etc, removing the
> > > > HTTP filter,
> > > > > etc and nothing works.
> > > > >
> > > > > The logs show the site being accessed properly, though the
> > > > page is blank.
> > > > >
> > > > > Where to turn? Is it PSS time?
> > > > >
> > > > > t
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -----
> > > > > "I'll see your Llama and up you a Badger."
> > > > > John T
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ:
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our
> other sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org
> > > > Discussion List as:
> > > > > jim@xxxxxxxxxxxx To unsubscribe visit
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > > > All mail to and from this domain is GFI-scanned.
> > > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ:
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our
> other sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org
> > > > Discussion List as:
> > > > > thor@xxxxxxxxxxxxxxx
> > > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ:
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our
> other sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org
> > > > Discussion List as:
> > > > > thor@xxxxxxxxxxxxxxx
> > > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > > >
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our
other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
> > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > >
> > > ------------------------------------------------------
> > > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as:
> > > thor@xxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > thor@xxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as:
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx