Hi Jim, Bingo, Bango, BONGO! Bright lights are now shining between my ears. :) Thanks! Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Sunday, January 29, 2006 12:30 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Web Client Requests > > http://www.ISAserver.org > > You are absolutely correct. > IE == WinINET > OL2k3 == WinHTTP > WinMedia == WinHTTP for the wpad script only; internal code > for the rest > > Note that non-MS browsers on Windows are likely using > WinInet; I haven't > tested them this deeply, though so it's just a guess. > -------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! ecause ISA will log those denied anonymous requests. > > > > > > > > What you can't tell from the logs is what happens after that > > > > in detail. > > > > This requires a bit of Netmon (or Ethereal, if you swing that > > > > way) sleuthing. > > > > > > > > Here's the bouncing ball: > > > > > > > > ** Client, he say: > > > > GET http://www.isaserver.org/ HTTP/1.1 > > > > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, > > > > application/x-shockwave-flash, application/vnd.ms-excel, > > > > application/vnd.ms-powerpoint, application/msword, */* > > > > Accept-Language: en-us > > > > Accept-Encoding: gzip, deflate > > > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT > > > > 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) > > > > Host: www.isaserver.org > > > > Proxy-Connection: Keep-Alive > > > > > > > > ** ISA, she say: > > > > HTTP/1.1 407 Proxy Authentication Required ( The ISA Server > > > > requires authorization to fulfill the request. Access to the > > > > Web Proxy service is denied. ) > > > > Via: 1.1 HEARTOFGOLD > > > > Proxy-Authenticate: Negotiate > > > > Proxy-Authenticate: Kerberos > > > > Proxy-Authenticate: NTLM > > > > Connection: Keep-Alive > > > > Proxy-Connection: Keep-Alive > > > > Pragma: no-cache > > > > Cache-Control: no-cache > > > > Content-Type: text/html > > > > Content-Length: 4113 > > > > > > > > ..note - the ISA in this case (as in yours, probably) logged > > > > this request as anonymous and responded saying that it > > > > allowed three authentication methods: Negotiate, Kerberos and > > > > NTLM. These are the default auth methods for any ISA > > > > installation (including SBS). > > > > > > > > ** Client, he say: > > > > GET http://www.isaserver.org/ HTTP/1.1 > > > > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, > > > > application/x-shockwave-flash, application/vnd.ms-excel, > > > > application/vnd.ms-powerpoint, application/msword, */* > > > > Accept-Language: en-us > > > > Accept-Encoding: gzip, deflate > > > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT > > > > 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) > > > > Host: www.isaserver.org > > > > Proxy-Connection: Keep-Alive > > > > Proxy-Authorization: NTLM > > > > TlRMTVNTUAABAAAAB7IIogQABAAzAAAACwALACgAAAAFASgKAAAAD0ZPUkRQUk > > > > VGRUNUSE9N > > > > RQ== > > > > > > > > Note that the client chose NTLM auth and passed the first > > > > part of the handshake in Base-64 encoding. Not to worry, > > > > this isn't like Basic, which is base-64 encoded plain text; > > > > this is base-64 encoded encrypted information. ISA also logs > > > > this request as anonymous. > > > > > > > > ** ISA, she say: > > > > HTTP/1.1 407 Proxy Authentication Required ( Access is > denied. ) > > > > Via: 1.1 HEARTOFGOLD > > > > Proxy-Authenticate: NTLM > > > > TlRMTVNTUAACAAAACAAIADgAAAAFgomiWWcfZe6QNCsAAAAAAAAAALQAtABAAA > > > > AABQLODgAA > > > > AA9IAE8ATQBFAAIACABIAE8ATQBFAAEAFgBIAEUAQQBSAFQATwBGAEcATwBMAE > > > > QABAAiAGgA > > > > bwBtAGUALgBqAGEAbABvAGoAYQBzAGgALgBvAHIAZwADADoAaABlAGEAcgB0AG > > > > 8AZgBnAG8A > > > > bABkAC4AaABvAG0AZQAuAGoAYQBsAG8AagBhAHMAaAAuAG8AcgBnAAUAIgBoAG > > > > 8AbQBlAC4A > > > > agBhAGwAbwBqAGEAcwBoAC4AbwByAGcAAAAAAA== > > > > Connection: Keep-Alive > > > > Proxy-Connection: Keep-Alive > > > > Pragma: no-cache > > > > Cache-Control: no-cache > > > > Content-Type: text/html > > > > Content-Length: 0 > > > > > > > > Note that ISA also passed some NTLM data back to the client - > > > > this is part and parcel to NTLM authentication even > > outside of HTTP > > > > > > > > ** Client, he say: > > > > GET http://www.isaserver.org/ HTTP/1.1 > > > > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, > > > > application/x-shockwave-flash, application/vnd.ms-excel, > > > > application/vnd.ms-powerpoint, application/msword, */* > > > > Accept-Language: en-us > > > > Accept-Encoding: gzip, deflate > > > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT > > > > 5.1; SV1;.NET CLR 1.1.4322; InfoPath.1) > > > > Host: www.isaserver.org > > > > Proxy-Connection: Keep-Alive > > > > Proxy-Authorization: NTLM > > > > TlRMTVNTUAADAAAAGAAYAG4AAAAYABgAhgAAAAgACABIAAAACAAIAFAAAAAWAB > > > > YAWAAAAAAA > > > > AACeAAAABYKIogUBKAoAAAAPSABPAE0ARQBKAGkAbQBIAEYATwBSAEQAUABSAE > > > > UARgBFAEMA > > > > > > VABunrbKxTfLxwAAAAAAAAAAAAAAAAAAAABNhP8BkKK3ZR1MXfC2h14+Q4IQaVlWRH8= > > > > > > > > > > > > Note that the client passes the remaining part of the NTLM > > > > handshake - if ISA can resolve the credentials passed by the > > > > client during this process, all will be FD&H. > > > > > > > > ** ISA, she say: > > > > HTTP/1.1 200 OK > > > > Proxy-Connection: Keep-Alive > > > > Connection: Keep-Alive > > > > Content-Length: 40936 > > > > Via: 1.1 HEARTOFGOLD > > > > Date: Fri, 27 Jan 2006 05:49:15 GMT > > > > Content-Type: text/html > > > > Server: Microsoft-IIS/6.0 > > > > X-Powered-By: ASP.NET > > > > Set-Cookie: > ASPSESSIONIDCCRRSRBC=EIBLFICAIMCPFBFCEKFFKBEA; path=/ > > > > Cache-control: private > > > > > > > > This is where access is allowed (200 response). > > > > > > > > You should note that I haven't included anything that may > > > > have been passed in the HTTP body - it's not important to > > > > this discussion and only makes for an unweildy thread. > > > > > > > > -------------------------------------------- > > > > Jim Harrison > > > > MCP(NT4, W2K), A+, Network+, PCG > > > > http://isaserver.org/Jim_Harrison/ > > > > http://isatools.org > > > > Read the help / books / articles! > > > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > jim@xxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > jim@xxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > jim@xxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > jim@xxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org Discussion > > > > List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > -- > > > > No virus found in this incoming message. > > > > Checked by AVG Free Edition. > > > > Version: 7.1.375 / Virus Database: 267.14.23/243 - Release > > > > Date: 1/27/2006 > > > > > > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > > Discussion List as: > > > jim@xxxxxxxxxxxx > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion > > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > -- > > > No virus found in this incoming message. > > > Checked by AVG Free Edition. > > > Version: 7.1.375 / Virus Database: 267.14.23/243 - Release > > > Date: 1/27/2006 > > > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > jim@xxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >