Sorry, it looks like the original post had some columns cut off. Here is the full version: Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload GMT Log Time Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type Authentication Server Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL 0.0.0.0 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; MAPSIE; InfoPath.2; MAPSIE) Yes Reverse Proxy GATEWAY www.mapsnet.org TCP - - - Req ID: 13fae90a - - - 1/31/2007 3:18:58 AM 0 1 2293 392 12241 The page must be viewed over a secure channel (Secure Sockets Layer (SSL)). Contact the server administrator. 0x0 0x0 Web Proxy Filter 1/30/2007 10:18:58 PM 24.213.58.250 80 http Failed Connection Attempt Web Server 75.128.225.6 anonymous External GET http://www.mapsnet.org/ 75.128.225.6 GATEWAY - TCP - - 1/31/2007 3:18:58 AM 51603 12000 644 2505 0x80074e20 FWX_E_GRACEFUL_SHUTDOWN 0x0 0x0 Firewall - 1/30/2007 10:18:58 PM 24.213.58.250 80 HTTP Closed Connection 75.128.225.6 External Local Host - - 75.128.225.6 GATEWAY - TCP - - 1/31/2007 3:18:58 AM 51604 0 0 0 0x0 ERROR_SUCCESS 0x0 0x0 Firewall - 1/30/2007 10:18:58 PM 24.213.58.250 80 HTTP Initiated Connection 75.128.225.6 External Local Host - - Actually, the first line is a failure message... ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Gerald G. Young Sent: Thursday, February 01, 2007 8:48 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Publishing in ISA2006 Dan, Check the web server/site configuration (in IIS if a Windows box). It does sound like the SSL requirement is set there. "The page must be viewed over a secure channel (Secure Sockets Layer (SSL))" I also see the first line of the log below saying that the attempt to connect over 80 failed but it went through ISA just fine. Cordially yours, Jerry G. Young II Application Engineer, Platform Engineering and Architecture NTT America, an NTT Communications Company 22451 Shaw Rd. Sterling, VA 20166 Office: 571-434-1319 Fax: 703-333-6749 Email: g.young@xxxxxxxx From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ball, Dan Sent: Thursday, February 01, 2007 8:32 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Publishing in ISA2006 Okay, so it is rule-based, that narrows down the troubleshooting significantly... When I ditch the "must use HTTPS" option in the listener (I cannot do it in the rule), I get this these three log entries when trying to access the website: HTTP Status Code Cache Information Error Information Log Record Type Authentication Server Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL 12241 The page must be viewed over a secure channel (Secure Sockets Layer (SSL)). Contact the server administrator. 0x0 0x0 Web Proxy Filter 1/30/2007 10:18:58 PM 24.213.58.250 80 http Failed Connection Attempt Web Server 75.128.225.6 anonymous External GET http://www.mapsnet.org/ 0x0 0x0 Firewall - 1/30/2007 10:18:58 PM 24.213.58.250 80 HTTP Closed Connection 75.128.225.6 External Local Host - - 0x0 0x0 Firewall - 1/30/2007 10:18:58 PM 24.213.58.250 80 HTTP Initiated Connection 75.128.225.6 External Local Host - - And when I say I cannot disable the option in the rule, this is why: I've recreated this rule many times, and the web publishing wizard always grays out the options that seem to be relevant... ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, February 01, 2007 12:32 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Publishing in ISA2006 The rule, not the website is returning that result. 12211 is an ISA; not an IIS response code. You get this in your ISA logs because your rule is configured this way. Your rule reacts this way because you told it to. Users get a 403 because their request doesn't match ISA policy requirements. Ditch the "must use HTTPS" option in the rule and troubleshoot the rule-based denial. All mail to and from this domain is GFI-scanned.