RE: TCP/IP HTTP fault tolerant connection ending via ISA server

Web proxy traffic is not a "TCP path through ISA" in the same way that 
SecureNET traffic is,  Therefore it's not reasonable (or sane) to expect a "TCP 
mirror effect" at both ends.

If (as you describe) the client continues to send traffic on a half-closed 
connection, then the problem is at the client; not the proxy.

-----Original Message-----
From: Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx] 
Sent: Thursday, March 02, 2006 6:42 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: TCP/IP HTTP fault tolerant connection ending via ISA 
server

http://www.ISAserver.org

I'd like to corroborate, I observed this behaviour as well.

-----Message d'origine-----
De : David Farinic [mailto:davidfa@xxxxxxx] 
Envoyé : 2 mars 2006 09:29
À : [ISAserver.org Discussion List]
Objet : [isalist] TCP/IP HTTP fault tolerant connection ending via ISA server

http://www.ISAserver.org


[WebServer] http connection-> Reset(RST) [ISA] ->FIN! [Web Client]

Observed consequences:

-When posting to web forums with HTTP POST and reply from webserver is
for     some internet spaghetti reason broken, ISA gets tcp ip http
connection      ending with RST ISA translates it to web client behind
it as FIN ...   which leads to web clients believing they got data
correctly       completely!

        On web forums this results in double posting (as users don't see
their   reply). 

-AV updating services might not update their signature databases on
time.

This might cause potential problem with web-services and other
communication utilizing HTTP protocol.

REASON: Web applications reports wrong data retrieval only if TCP/IP
carrying http ends with Reset(RST) packet.

WORKAROUND: adding data integrity checking into data/sub-protocol
utilizing http carrier.

Tested on ISA2k4 and ISA2k:

With Kind Regards David Farinic.

  
This mail was checked for viruses by GFI MailSecurity. 
GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI 
FAXmaker), and network security and management software (GFI LANguard) - 
www.gfi.com 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
gauthiera@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.



Other related posts: