[isalist] Re: Publishing in ISA2006

  • From: "Ball, Dan" <DBall@xxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 1 Feb 2007 09:16:06 -0500

Sorry, it looks like the original post had some columns cut off.  Here
is the full version:

 

Original Client IP            Client Agent      Authenticated Client
Service  Server Name      Referring Server Destination Host Name
Transport           MIME Type        Object Source   Source Proxy
Destination Proxy          Bidirectional      Client Host Name    Filter
Information            Network Interface           Raw IP Header   Raw
Payload     GMT Log Time   Source Port            Processing Time
Bytes Sent        Bytes Received  Result Code      HTTP Status Code
Cache Information            Error Information            Log Record
Type            Authentication Server     Log Time           Destination
IP    Destination Port      Protocol            Action   Rule
Client IP            Client Username            Source Network
Destination Network            HTTP Method    URL

0.0.0.0  Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET
CLR 2.0.50727; .NET CLR 3.0.04506; MAPSIE; InfoPath.2; MAPSIE)      Yes
Reverse Proxy   GATEWAY                    www.mapsnet.org          TCP
-            -                       -           Req ID: 13fae90a
-           -           -           1/31/2007 3:18:58 AM    0          1
2293            392                   12241 The page must be viewed over
a secure channel (Secure Sockets Layer (SSL)). Contact the server
administrator.       0x0       0x0       Web Proxy Filter
1/30/2007 10:18:58 PM  24.213.58.250    80         http
Failed Connection Attempt          Web Server       75.128.225.6
anonymous       External                        GET
http://www.mapsnet.org/

75.128.225.6                                         GATEWAY        -
TCP      -
-                                               1/31/2007 3:18:58 AM
51603   12000   644       2505     0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
0x0       0x0       Firewall -           1/30/2007 10:18:58 PM
24.213.58.250    80            HTTP    Closed Connection
75.128.225.6                 External            Local Host         -
-

75.128.225.6                                         GATEWAY        -
TCP      -
-                                               1/31/2007 3:18:58 AM
51604   0          0          0          0x0 ERROR_SUCCESS
0x0       0x0       Firewall -           1/30/2007 10:18:58 PM
24.213.58.250    80         HTTP    Initiated Connection
75.128.225.6                 External            Local Host         -
-

 

 

Actually, the first line is a failure message...

 

 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Gerald G. Young
Sent: Thursday, February 01, 2007 8:48 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Publishing in ISA2006

 

Dan,

 

Check the web server/site configuration (in IIS if a Windows box).  It
does sound like the SSL requirement is set there.

 

"The page must be viewed over a secure channel (Secure Sockets Layer
(SSL))"

 

I also see the first line of the log below saying that the attempt to
connect over 80 failed but it went through ISA just fine.

 

Cordially yours,

Jerry G. Young II

Application Engineer, Platform Engineering and Architecture

NTT America, an NTT Communications Company

 

22451 Shaw Rd.

Sterling, VA 20166

 

Office: 571-434-1319

Fax: 703-333-6749

Email: g.young@xxxxxxxx

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Ball, Dan
Sent: Thursday, February 01, 2007 8:32 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Publishing in ISA2006

 

Okay, so it is rule-based, that narrows down the troubleshooting
significantly...

 

When I ditch the "must use HTTPS" option in the listener (I cannot do it
in the rule), I get this these three log entries when trying to access
the website:

HTTP Status Code

Cache Information

Error Information

Log Record Type

Authentication Server

Log Time

Destination IP

Destination Port

Protocol

Action

Rule

Client IP

Client Username

Source Network

Destination Network

HTTP Method

URL

12241 The page must be viewed over a secure channel (Secure Sockets
Layer (SSL)). Contact the server administrator. 

0x0

0x0

Web Proxy Filter

 

1/30/2007 10:18:58 PM

24.213.58.250

80

http

Failed Connection Attempt

Web Server

75.128.225.6

anonymous

External

 

GET

http://www.mapsnet.org/

 

0x0

0x0

Firewall

-

1/30/2007 10:18:58 PM

24.213.58.250

80

HTTP

Closed Connection

 

75.128.225.6

 

External

Local Host

-

-

 

0x0

0x0

Firewall

-

1/30/2007 10:18:58 PM

24.213.58.250

80

HTTP

Initiated Connection

 

75.128.225.6

 

External

Local Host

-

-

 

 

And when I say I cannot disable the option in the rule, this is why:

 

 

I've recreated this rule many times, and the web publishing wizard
always grays out the options that seem to be relevant...

 

 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Thursday, February 01, 2007 12:32 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Publishing in ISA2006

 

The rule, not the website is returning that result.

12211 is an ISA; not an IIS response code.

You get this in your ISA logs because your rule is configured this way.

Your rule reacts this way because you told it to.

 

Users get a 403 because their request doesn't match ISA policy
requirements.

Ditch the "must use HTTPS" option in the rule and troubleshoot the
rule-based denial.

 

All mail to and from this domain is GFI-scanned.

JPEG image

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 02-2007