RE: Web Client Requests

From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Sun, 29 Jan 2006 12:35:14 -0600
Hi Jim,

Bingo, Bango, BONGO!

Bright lights are now shining between my ears.

:)

Thanks!
Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 

> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
> Sent: Sunday, January 29, 2006 12:30 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Web Client Requests
> 
> http://www.ISAserver.org
> 
> You are absolutely correct.
> IE == WinINET
> OL2k3 == WinHTTP
> WinMedia == WinHTTP for the wpad script only; internal code 
> for the rest
> 
> Note that non-MS browsers on Windows are likely using 
> WinInet; I haven't
> tested them this deeply, though so it's just a guess.
> --------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
ecause ISA will log those denied anonymous requests.
> > > > 
> > > > What you can't tell from the logs is what happens after that 
> > > > in detail.
> > > > This requires a bit of Netmon (or Ethereal, if you swing that 
> > > > way) sleuthing.
> > > > 
> > > > Here's the bouncing ball:
> > > > 
> > > > ** Client, he say:
> > > > GET http://www.isaserver.org/ HTTP/1.1
> > > > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, 
> > > > application/x-shockwave-flash, application/vnd.ms-excel, 
> > > > application/vnd.ms-powerpoint, application/msword, */*
> > > > Accept-Language: en-us
> > > > Accept-Encoding: gzip, deflate
> > > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 
> > > > 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1)
> > > > Host: www.isaserver.org
> > > > Proxy-Connection: Keep-Alive
> > > > 
> > > > ** ISA, she say:
> > > > HTTP/1.1 407 Proxy Authentication Required ( The ISA Server 
> > > > requires authorization to fulfill the request. Access to the 
> > > > Web Proxy service is denied.  )
> > > > Via: 1.1 HEARTOFGOLD
> > > > Proxy-Authenticate: Negotiate
> > > > Proxy-Authenticate: Kerberos
> > > > Proxy-Authenticate: NTLM
> > > > Connection: Keep-Alive
> > > > Proxy-Connection: Keep-Alive
> > > > Pragma: no-cache
> > > > Cache-Control: no-cache
> > > > Content-Type: text/html
> > > > Content-Length: 4113 
> > > > 
> > > > ..note - the ISA in this case (as in yours, probably) logged 
> > > > this request as anonymous and responded saying that it 
> > > > allowed three authentication methods: Negotiate, Kerberos and 
> > > > NTLM.  These are the default auth methods for any ISA 
> > > > installation (including SBS).
> > > > 
> > > > ** Client, he say:
> > > > GET http://www.isaserver.org/ HTTP/1.1
> > > > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, 
> > > > application/x-shockwave-flash, application/vnd.ms-excel, 
> > > > application/vnd.ms-powerpoint, application/msword, */*
> > > > Accept-Language: en-us
> > > > Accept-Encoding: gzip, deflate
> > > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 
> > > > 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1)
> > > > Host: www.isaserver.org
> > > > Proxy-Connection: Keep-Alive
> > > > Proxy-Authorization: NTLM
> > > > TlRMTVNTUAABAAAAB7IIogQABAAzAAAACwALACgAAAAFASgKAAAAD0ZPUkRQUk
> > > > VGRUNUSE9N
> > > > RQ==
> > > > 
> > > > Note that the client chose NTLM auth and passed the first 
> > > > part of the handshake in Base-64 encoding.  Not to worry, 
> > > > this isn't like Basic, which is base-64 encoded plain text; 
> > > > this is base-64 encoded encrypted information.  ISA also logs 
> > > > this request as anonymous.
> > > > 
> > > > ** ISA, she say:
> > > > HTTP/1.1 407 Proxy Authentication Required ( Access is 
> denied.  )
> > > > Via: 1.1 HEARTOFGOLD
> > > > Proxy-Authenticate: NTLM
> > > > TlRMTVNTUAACAAAACAAIADgAAAAFgomiWWcfZe6QNCsAAAAAAAAAALQAtABAAA
> > > > AABQLODgAA
> > > > AA9IAE8ATQBFAAIACABIAE8ATQBFAAEAFgBIAEUAQQBSAFQATwBGAEcATwBMAE
> > > > QABAAiAGgA
> > > > bwBtAGUALgBqAGEAbABvAGoAYQBzAGgALgBvAHIAZwADADoAaABlAGEAcgB0AG
> > > > 8AZgBnAG8A
> > > > bABkAC4AaABvAG0AZQAuAGoAYQBsAG8AagBhAHMAaAAuAG8AcgBnAAUAIgBoAG
> > > > 8AbQBlAC4A
> > > > agBhAGwAbwBqAGEAcwBoAC4AbwByAGcAAAAAAA==
> > > > Connection: Keep-Alive
> > > > Proxy-Connection: Keep-Alive
> > > > Pragma: no-cache
> > > > Cache-Control: no-cache
> > > > Content-Type: text/html
> > > > Content-Length: 0  
> > > > 
> > > > Note that ISA also passed some NTLM data back to the client - 
> > > > this is part and parcel to NTLM authentication even 
> > outside of HTTP
> > > > 
> > > > ** Client, he say:
> > > > GET http://www.isaserver.org/ HTTP/1.1
> > > > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, 
> > > > application/x-shockwave-flash, application/vnd.ms-excel, 
> > > > application/vnd.ms-powerpoint, application/msword, */*
> > > > Accept-Language: en-us
> > > > Accept-Encoding: gzip, deflate
> > > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 
> > > > 5.1; SV1;.NET CLR 1.1.4322; InfoPath.1)
> > > > Host: www.isaserver.org
> > > > Proxy-Connection: Keep-Alive
> > > > Proxy-Authorization: NTLM
> > > > TlRMTVNTUAADAAAAGAAYAG4AAAAYABgAhgAAAAgACABIAAAACAAIAFAAAAAWAB
> > > > YAWAAAAAAA
> > > > AACeAAAABYKIogUBKAoAAAAPSABPAE0ARQBKAGkAbQBIAEYATwBSAEQAUABSAE
> > > > UARgBFAEMA
> > > > 
> > VABunrbKxTfLxwAAAAAAAAAAAAAAAAAAAABNhP8BkKK3ZR1MXfC2h14+Q4IQaVlWRH8=
> > > > 
> > > > 
> > > > Note that the client passes the remaining part of the NTLM 
> > > > handshake - if ISA can resolve the credentials passed by the 
> > > > client during this process, all will be FD&H.
> > > > 
> > > > ** ISA, she say:
> > > > HTTP/1.1 200 OK
> > > > Proxy-Connection: Keep-Alive
> > > > Connection: Keep-Alive
> > > > Content-Length: 40936
> > > > Via: 1.1 HEARTOFGOLD
> > > > Date: Fri, 27 Jan 2006 05:49:15 GMT
> > > > Content-Type: text/html
> > > > Server: Microsoft-IIS/6.0
> > > > X-Powered-By: ASP.NET
> > > > Set-Cookie: 
> ASPSESSIONIDCCRRSRBC=EIBLFICAIMCPFBFCEKFFKBEA; path=/
> > > > Cache-control: private
> > > > 
> > > > This is where access is allowed (200 response).
> > > > 
> > > > You should note that I haven't included anything that may 
> > > > have been passed in the HTTP body - it's not important to 
> > > > this discussion and only makes for an unweildy thread.
> > > > 
> > > > --------------------------------------------
> > > > Jim Harrison
> > > > MCP(NT4, W2K), A+, Network+, PCG
> > > > http://isaserver.org/Jim_Harrison/
> > > > http://isatools.org
> > > > Read the help / books / articles!
> > > > 
> > > > 
> > > > All mail to and from this domain is GFI-scanned.
> > > > 
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org 
> > > Discussion List as:
> > > > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit 
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org 
> > > Discussion List as:
> > > > jim@xxxxxxxxxxxx
> > > > To unsubscribe visit 
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > All mail to and from this domain is GFI-scanned.
> > > > 
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org 
> > > Discussion List as:
> > > > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit 
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org 
> > > Discussion List as:
> > > > jim@xxxxxxxxxxxx
> > > > To unsubscribe visit 
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > All mail to and from this domain is GFI-scanned.
> > > > 
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org 
> > > Discussion List as:
> > > > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit 
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org 
> > > Discussion List as:
> > > > jim@xxxxxxxxxxxx
> > > > To unsubscribe visit 
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > All mail to and from this domain is GFI-scanned.
> > > > 
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org 
> > > Discussion List as:
> > > > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit 
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org 
> > > Discussion List as:
> > > > jim@xxxxxxxxxxxx
> > > > To unsubscribe visit 
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > All mail to and from this domain is GFI-scanned.
> > > > 
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion 
> > > > List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > 
> > > > --
> > > > No virus found in this incoming message.
> > > > Checked by AVG Free Edition.
> > > > Version: 7.1.375 / Virus Database: 267.14.23/243 - Release 
> > > > Date: 1/27/2006
> > > >  
> > > > 
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org 
> > Discussion List as:
> > > jim@xxxxxxxxxxxx
> > > To unsubscribe visit 
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > 
> > > All mail to and from this domain is GFI-scanned.
> > > 
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion 
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit 
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > 
> > > 
> > > -- 
> > > No virus found in this incoming message.
> > > Checked by AVG Free Edition.
> > > Version: 7.1.375 / Virus Database: 267.14.23/243 - Release 
> > > Date: 1/27/2006
> > >  
> > > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > All mail to and from this domain is GFI-scanned.
> > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion 
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> All mail to and from this domain is GFI-scanned.
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
>
RE: Web Client Requests

Other related posts:
