RE: 403 Forbidden

• From: "Clayton Doige" <clayton.doige@xxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 13 Oct 2005 23:19:31 +0100

Thanks for the pdq response.

 

The config is an interesting one. I have a watchguard x1000 firewall on a
test internet connection, so no registered domain name for this. The ISA
Server is connected to the DMZ segment of the x1000. I also have another
machine on the dmz segment. Whether I come at it through the x1000, or from
the machine in the dmz, I get the same response. The firewall takes all http
requests and pushes them at the isa using static nat.

 

The rule settings for the publishing rule are below, and since posing that,
I tried putting in the external ip address of the ISA (ip of the dmz link),
but that did not work, then I tried that in conjunction with changing where
the request comes from etc, and none of those seemed to make much of a
difference.

 

I should not think this is the directory browsing issue as the error is:

 

Error Code: 403 Forbidden. The server denied the specified Uniform Resource
Locator (URL). Contact the server administrator. (12202)

 

So the link I posted in my last mail I am hoping to use to try and put the
correct settings in place together. Whether I use the IP Address of the ISA,
or the internal dns name of the tsfarm in the publics address page it seems
to make no difference, and I even began with having it set to listen for
all, so am a but confused on this one, especially as I have had simple http
listeners work on different ISA 2K4 SP1 boxes in the past.

 

To save scrolling:

 

The rule I have set on the ISA Server has the following properties:

 

Action Tab: Set to allow

From Tab: set to External

To Tab: netbios name of the network loadbalancer, with 'Request appear to
come from ISA' selected

Traffic Tab: HTTP only

Listener Tab: Listener I created listens on port 80 only and uses integrated
authentication

Public Name Tab: currently set to all requests

Paths Tab: set to /tsweb (as per the documentation for TSWEB)

Bridging Tab: Web server is selected with redirect http to port 80

Users Tab: is currently all users

Schedule Tab: always

Link Translation Tab: nothing configured

 

 

Thanks

 

Clayton

All mail to and from this domain is GFI-scanned.

Other related posts:

• » 403 Forbidden
• » RE: 403 Forbidden
• » RE: 403 Forbidden
• » RE: 403 Forbidden
• » RE: 403 Forbidden
• » RE: 403 Forbidden
• » RE: 403 Forbidden
• » RE: 403 Forbidden
• » RE: 403 Forbidden
• » RE: 403 Forbidden
• » RE: 403 Forbidden
• » RE: 403 Forbidden
• » RE: 403 Forbidden
• » RE: 403 Forbidden
• » RE: 403 Forbidden
• » RE: 403 Forbidden

1. Home
2. isalist
3. Archive
4. 10-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---