RE: Javascript through ISA 2004...

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 22 Feb 2005 19:34:02 -0600

Hi Ted,

Good news. If configured as Web proxy client. All Web requests that use
the Web proxy client config will be used first, unless excluded by the
Direct Access list.

HTH,
Tom 

-----Original Message-----
From: Ted Doholis [mailto:tdoholis@xxxxxxxxxxxxx] 
Sent: Tuesday, February 22, 2005 6:34 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Javascript through ISA 2004...

http://www.ISAserver.org

Thanks a lot for this Tom. I have one more question though. 

Is there a hierarchy or order of use then? Ie does the client first try
the FWC and then web proxy then secure nat. 

I understand that if the web proxy filter is unbound from the HTTP
protocol and you are using the FWC, you can not make use of the cache.
If this is the case and I implement the solution below and the FWC is
the first choice for connections, then I will not be using the cache for
nearly all traffic except for those that make use of the web proxy
client type.

I guess the short of it is, if the computers with all 3 connection types
use the web proxy client type first, then I'm ok. 

Ted 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, February 22, 2005 7:20 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Javascript through ISA 2004...

http://www.ISAserver.org

Hi Ted,

That's correct. The Web proxy filter enables SecureNAT and Firewall
clients to benefit form the Web proxy component of the ISA firewall. The
Web proxy component is still enabled through, since we didn't disable
the filter, we just unbound it from the HTTP protocol.

So, connections sent directly from Web proxy clients to the Web proxy
listener will always be sent to the Web proxy filter, since they are
directly "remoted" from the Web proxy client to the listener.

In contrast, the connections from the SecureNAT and Firewall client
machines will not be passed to the filter, because we unhooked it from
the HTTP protocol. You can use the same principles for other protocols
that are assocated with an app filter if you ever need to.

The only time when the Web proxy clients will not use the Web proxy
filter is when you've configured sites for Direct Access and the Web
proxy clients are configured to autodiscover or are otherwise assigned
the autoconfig script. The script tells them "hey, Ted says not to act
as a Web proxy client when we go to these sites" and the Web proxy
component disavows any responsibly for the connection to a site on the
Direct Access list.

At this point, the only options left are to leveage some other method to
connect to the site. If the machine is also configured as a Firewall
client, then the machine will leverage its Firewall client config,
without being exposed to the Web proxy filter. The nice thing about this
is that you can still authenticate your outgoing requests to the Direct
Access sites. 

If the client is not confiugred as a Firewall client, then it will have
to hope it can depend on a SecureNAT config to sent the request.

HTH,
Tom 

-----Original Message-----
From: Ted Doholis [mailto:tdoholis@xxxxxxxxxxxxx]
Sent: Tuesday, February 22, 2005 6:11 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Javascript through ISA 2004...

http://www.ISAserver.org


So if I understand correctly, if I unbind the web proxy filter from the
HTTP protocol, the FWC will not use it for connections but the web proxy
clients will unless the direct access rule is invoked?

Ted 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, February 22, 2005 7:05 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Javascript through ISA 2004...

http://www.ISAserver.org

Hi Ted,

No! Not true. Web proxy clients will always use the Web proxy filter
unless you exclude sites using Direct Access.

That's why you should always configure clients as Web proxy clients and
Firewall clients (server's in general aren't clients, so you don't
install the Firewall client on them).

HHT<
Tom 

-----Original Message-----
From: Ted D [mailto:tdoholis@xxxxxxxxxxxxx]
Sent: Tuesday, February 22, 2005 2:05 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Javascript through ISA 2004...

http://www.ISAserver.org

Hi Tom, 

Thanks for the explanation. This is an extremely drastic move (remove
the web proxy filter) from the HTTP protocol! It works but isnt there a
way to exclude it for certain connections or something? this solution
basically lobotomizes ISA  and its features....

Thanks
TD

> Hi Ted,
> 
> My bad. :)
> 
> That's the part of the Direct Access piece you need to do to make sure

> you completely bypass the Web proxy.=20
> 
> Direct Access configuration is aimed at completely bypassing the Web 
> proxy. The autoconfig script informs the Web proxy clients configured 
> to use it to not remote the Web connection to the Web proxy filter via

> an HTTP tunneled request to TCP 8080 on the clients local Web proxy 
> listener.
> 
> However, if the HTTP protocol is bound to the Web proxy filter, 
> Firewall clients, and even the lowly, low security SecureNAT client 
> will be pushed up to the filter. So, in order to get the functionality

> you had with the old HTTP Redirectory Filter, you need to unbind the 
> filter from the protocol.
> 
> Note that this also disables the HTTP Security Filter interface, but 
> it does not disable the Web proxy filter or the HTTP filter for 
> clients configured as Web proxy clients.
> 
> HTH,=20
> 
> 
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
> 
> -----Original Message-----
> From: Ted D [mailto:tdoholis@xxxxxxxxxxxxx]=20
> Sent: Tuesday, February 22, 2005 1:11 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Javascript through ISA 2004...
> 
> http://www.ISAserver.org
> 
> Hi Tom,=20
> 
> You hit the nail on the head. If I unbind the web proxy filter from 
> HTTP, everything works perfect.....but what does that mean really?? ;)
> 
> Thanks
> TD
> 
> > Hi Ted,
> >=20
> > OK, try one more thing just to "make sure" its not the ISA firewall.
> > Unbind the Web proxy filter from the HTTP protocol and (for some
> reason
> > I can't think of right now), remove authentication requirements for

> >access that site.
> >=20
> > This is sounding like a MIME registration issue to me now. ? 
> >:-\=3D20 =20 =20  Tom  www.isaserver.org/shinder  Tom and Deb 
> >Shinder's Configuring ISA Server 2004
> > http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >=20
> >=20
> > -----Original Message-----
> > From: Ted D [mailto:tdoholis@xxxxxxxxxxxxx]=3D20
> > Sent: Tuesday, February 22, 2005 10:49 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Javascript through ISA 2004...
> >=20
> > http://www.ISAserver.org
> >=20
> > Hi Tom,=3D20
> >=20
> > I have now got the whole range in the direct access rule and
> everything
> > shows an IP rather than a URL. I still have the same problem though

> >where  most times you click on the link, you are prompted to open or 
> >save the  jsp  file rather than it linking to another page. BTW this 
> >is ISA 2004,  clients  are XP with all 3 connection methods.
> >=20
> > Thanks
> > TD
> >=20
> > > Hi Ted,
> > >=3D20
> > > I can't test directly, because I don't have a log on. However, if
> > you're
> > > seeing IP addresses and URLs, that indicates the the IP addresses
> are
> > > the ones most likely using Direct Access, and the URLs are not,
> since
> > > only the Web proxy client will show URLs in the log. So, double
> check
> > > that the URL sites are also configured for Direct Access.
> > >=3D20
> > > You *might* have to restart the client computer in order to get 
> > >the
> > new
> > > autoconfig script pulled down from the firewall.=3D3D20 =3D20 
> > >=3D20  Tom  www.isaserver.org/shinder  Tom and Deb Shinder's 
> > >Configuring ISA Server 2004
> > > http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > >=3D20
> > >=3D20
> > > -----Original Message-----
> > > From: Ted D [mailto:tdoholis@xxxxxxxxxxxxx]=3D3D20
> > > Sent: Tuesday, February 22, 2005 9:51 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Javascript through ISA 2004...
> > >=3D20
> > > http://www.ISAserver.org
> > >=3D20
> > > Hi Tom,
> > >=3D20
> > > The site is ingrammicro.com. when you are logged in and have done 
> > >a  search  on a product, you can click on the item for real time 
> > >price and
> avail.
> > > detail and this is the jsp link. I can see that the content comes
> from
> > > multiple places and sometimes they are identified by IP rather 
> > > than
> > the
> > > DNS name etc. but dont really know how to identify what the exact

> > >problem  is as the url never changes so all you ever see in IE is 
> > >http://ca.ingrammicro.com/.....
> > >=3D20
> > > Thanks
> > > TD
> > >=3D20
> > > > Hi Ted,
> > > >=3D3D20
> > > > I forgot number 5 on  my list:
> > > >=3D3D20
> > > > 5. What specific sites don't work =3D3D20
> > > > :-)
> > > >=3D3D20
> > > > Really, its impossible to tell what's wrong without being able 
> > > >to
> > > check
> > > > out the actual site. The ISA firewall has no problem with
> > Javascript,
> > > > it's the specific site that's problematic, or the client
> > > configuration.
> > > >=3D3D20
> > > > HTH,=3D3D3D20
> > > >=3D3D20
> > > >=3D3D20
> > > > Tom
> > > > www.isaserver.org/shinder
> > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > http://tinyurl.com/3xqb7
> > > > MVP -- ISA Firewalls
> > > >=3D3D20
> > > >=3D3D20
> > > > -----Original Message-----
> > > > From: Ted D [mailto:tdoholis@xxxxxxxxxxxxx]=3D3D3D20
> > > > Sent: Tuesday, February 22, 2005 9:42 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] Javascript through ISA 2004...
> > > >=3D3D20
> > > > http://www.ISAserver.org
> > > >=3D3D20
> > > > I am having trouble getting javascript to work correctly through
> ISA
> > > > 2004.
> > > > FWC is installed and I have a direct access rule for the site. I
> see
> > > > that
> > > > the traffic is identified by the rule and it is allowed but 
> > > > about
> > 90%
> > > of
> > > > the time you get a pop up asking you if you want to open or save
> the
> > > jsp
> > > > file. even stranger is the other 10% of the time that it 
> > > > actually
> > > opens
> > > > the correct page.
> > > >=3D3D20
> > > > Has anyone had this problem? How did you solve it?
> > > >=3D3D20
> > > > ------------------------------------------------------
> > > > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist
> > > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: =3D3D
> > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3D3DFAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com 
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org 
> > > > Windows Security Resource Site: http://www.windowsecurity.com/ 
> > > > Network Security Library: http://www.secinf.net/ Windows 2000/NT

> > > > Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion 
> > > > List
> > as:
> > > > tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit =3D3D3D
> > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >=3D20
> > > ------------------------------------------------------
> > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist
> > > ISA Server Newsletter: 
> > > http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: =3D
> > http://www.isaserver.org/pages/larticle.asp?type=3D3D3DFAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: http://www.windowsnetworking.com 
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org 
> > > Windows Security Resource Site: http://www.windowsecurity.com/ 
> > > Network Security Library: http://www.secinf.net/ Windows 2000/NT 
> > > Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
> as:
> > > tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit =3D3D
> > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> >=20
> > ------------------------------------------------------
> > List Archives: 
> >http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: =
> http://www.isaserver.org/pages/larticle.asp?type=3D3DFAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com 
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org 
> > Windows Security Resource Site: http://www.windowsecurity.com/ 
> > Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax

> > Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
> > tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit =3D
> > http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading 
> Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows 
> Security Resource Site: http://www.windowsecurity.com/ Network 
> Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit =
> http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tdoholis@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tdoholis@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...

1. Home
2. isalist
3. Archive
4. 02-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---