http://www.ISAserver.org ------------------------------------------------------- Okay, thanks, I think that answers the questions I had. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, March 30, 2006 9:13 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Interesting question... http://www.ISAserver.org ------------------------------------------------------- What "information" are you referring to? The original client IP is a goner either way and most of the client headers are not guaranteed across each hop. Redirection (when the client is even aware) is a client-side operation. The server sends a 30x response and the client does what it feels like with it. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ball, Dan Sent: Thursday, March 30, 2006 18:07 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Interesting question... http://www.ISAserver.org ------------------------------------------------------- But assuming that it NATs through the ISA, then hits an upstream filter which then redirects it to another webserver, is the original information still left when it hits that last server? -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat Sent: Thursday, March 30, 2006 8:53 PM To: ISA Mailing List Subject: [isalist] Re: Interesting question... http://www.ISAserver.org ------------------------------------------------------- Showing my ignorance again...:(..I always thought NAT supplied the external IP to hide your internals...oh well, one learns something new every day about tcp stuff..... S -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, March 30, 2006 9:51 PM To: ISA Mailing List Subject: [isalist] Re: Interesting question... http://www.ISAserver.org ------------------------------------------------------- Nope - it's not. NAT doesn't break the TCP connection; proxy does. This is CERN proxy behavior; the upstream server is blissfully ignorant of the "real" client IP. It *may * have access to such niceties as user-agent, but those are not guaranteed. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat Sent: Thursday, March 30, 2006 17:31 To: ISA Mailing List Subject: [isalist] Re: Interesting question... You are correct, It's doing NAT. S ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ball, Dan Sent: Thursday, March 30, 2006 8:26 PM To: ISA Mailing List Subject: [isalist] Interesting question... I was trying to assist someone with logging traffic, and this is the explanation I got... ----------Quote---------- Our network consists of a single Internet filter on the outisde (Screendoor) with several ISA 2000 and 2004 servers behind it. The client computer makes a request to a web site that will be blocked by screen door, it passes out the ISA server to Screendoor, Screendoor blocks it and the client ends up with a page could not be displayed message. Of course Screendoor in that example doesn't know what private ip address that request came from only the ISA server does, in my case the ISA 2004 server is configured in firewall/cache mode. Because of the problem we had been having with screendoor allowing the bad site to load if the user refreshed enough times we told screendoor to redirect the user to another site instead of just blocking them. The redirected site will be on our local web server. What I was asking is if we could embed a script of some sort on that local web site that would collect their private ip address as well as the local nds/ad username and store it in a log file. I'm trying to avoid requiring the users to login to the Internet separately from logging into the network and because the Internet filter is outside the firewall integrating it with nds/ad isn't really an option either. We're ultimately moving to a Dansguardian solution anyway and possibly several of them (inside each firewall and one possibly outside the firwall where Screendoor currently sits) so it will become a mute point eventually anyway. ----------End Quote---------- Am I correct to assume that all traffic coming out of the ISA server would be stripped of all identifying information, and the server it was redirected to would only show the IP of the screendoor/ISA server? All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx