RE: Web Client Requests
- From: "Ball, Dan" <DBall@xxxxxxxxxxx>
- To: "Ball, Dan" <DBall@xxxxxxxxxxx>, "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 29 Jan 2006 21:55:25 -0500
Damn, you're good... I didn't even have to ask!
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Sunday, January 29, 2006 12:16 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Web Client Requests
http://www.ISAserver.org
I wish it were that simple...
It depends on how the app is configured and coded.
For instance, while I was preparing my updated "ISA clients"
presentation for Black Hat (thanx for the invite, Tim!) last year, I
discovered that of all the "proxy-aware" browsers, only IE, FF and NS
actually requested *and* used the script properly.
Windows Media Player for instance, makes a wpad request as:
GET /wpad.dat?Type=WMT
Needless to say, ISA dislikes this request and tells WMP to bugger off.
The second wpad request is more proper, but its clear from the list
comments that it doesn't always play in the user-auth game properly (no
Dan; I still don't have a good answer from them).
The only way to know for certain what's happening is to:
1. use ISA active log queries
2. crack open your fav net cap tool
..and watch the conversation
..but you're right; if it "gets" proxy auth at all, many apps don't
"get" anything more than Basic or Digest if you're *really* lucky.
--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------
Other related posts:
