Someone buggered the streaming content on the whyy site. When you click the whyy link, your browser makes a request for "http://www.whyy.org/91FM/whyy_hd.asx";, for which the Crapache server produces the following response: - Http: Response, HTTP/1.1, Status: Ok, URL: http://www.whyy.org/91FM/whyy.asx ProtocolVersion: HTTP/1.1 StatusCode: 200, Ok Reason: OK Via: 1.1 HEARTOFGOLD-01 Connection: Keep-Alive ProxyConnection: Keep-Alive ContentLength: 24 Date: Mon, 17 May 2010 16:33:20 GMT Age: 0 + ContentType: video/x-ms-asf ETag: "55d284-18-e8d90480" Server: Apache/2.0.52 (CentOS) Accept-Ranges: bytes Last-Modified: Thu, 20 Jan 2005 20:52:18 GMT HeaderEnd: CRLF payload: HttpContentType = video/x-ms-asf - ASF: Advanced Systems Format http://207.245.67.204:80 WinMedia forgives the lack of XML formatting in the response and attempts to reach the specified location, which then responds with - Http: HTTP Payload, URL: / - payload: HttpContentType = NetmonNull HTTPPayloadLine: ICY 200 OK HTTPPayloadLine: icy-notice1:<BR>This stream requires <a href="http://www.winamp.com/";>Winamp</a><BR> HTTPPayloadLine: icy-notice2:SHOUTcast Distributed Network Audio Server/win32 v1.9.5<BR> ..followed by 305 bytes of more noise. The reason TMG rejects this response is because the it isn't formed properly: 1. There is no separation between the header fields and the response body 2. The response includes no indication of response-body size, yet it include a total of 408 bytes (apparently an mpeg file). 3. The response-body includes ill-formed HTML IOW, WHYY steaming media admins have borked the content. Jim From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Monday, May 17, 2010 8:45 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Accessing live media streams over TMG No thoughts on this one folks? Or will I need to call PSS? Thanks, Rob From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Friday, May 14, 2010 11:08 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Accessing live media streams over TMG OK, now another question. A user in our External Affairs department (deals with media) needs to listen to the live stream for our local public radio station. She goes to www.whyy.org<http://www.whyy.org> and clicks on the Listen Live link. On the "Listen Live" page, she clicks on the "Listen with Windows Media Player link. When we were on ISA 2006, this worked. On TMG it fails. I'll post the TMG error at the bottom of my message. If I turn off Malware Inspection, the live stream works. I tried turning Malware Inspection back on but putting *.whyy.org into the Destination Exceptions list (in Malware Inspection). That didn't help. Just for kicks, I tried listening to the live stream from www.wnyc.org<http://www.wnyc.org>. Both streams are in the asx format. The one from wnyc.org works. Offhand, I can't think of why one asx stream works and another one doesn't. The computers in question are all SecureNAT clients. Any thoughts about what's going on? Here's the error I'm getting: Client Agent Authenticated Client Service Referring Server Destination Host Name Transport HTTP Method Filter Information MIME Type Object Source Cache Information Error Information Source Port Session Type Bidirectional Network Interface Raw IP Header Raw Payload Processing Time Bytes Sent Bytes Received Original Client IP GMT Log Time Authentication Server UAG Array Id UAG Version UAG Module Id UAG Id UAG Severity UAG Type UAG Event Name UAG Session Id UAG Trunk Name UAG Service Name UAG Error Code Internal Service Info Log Field Client Application SHA1 Hash Client Application Trust State Client Application Internal Name Client Application Product Name Client Application Product Version Client Application File Version Client Application Original File Name Client FQDN URL Categorization Reason Forefront TMG Client Version URL Destination Host Name Log Time Client IP Destination IP Destination Port Protocol Action NIS Scan Result NIS Signature NIS Application Protocol Rule Result Code HTTP Status Code Client Username Source Network Destination Network URL Server Name URL Category Log Record Type Malware Inspection Action Malware Inspection Result Threat Name Threat Level Content Delivery Method Malware Inspection Duration (msec) NAT Address Client Application Path NSPlayer/11.0.5721.5251 Yes Proxy 207.245.67.204 TCP GET Req ID: 04105d1a; Compression: client=No, server=Yes, compress rate=0% decompress rate=0% Internet 0x40000004 0x400 1566 SecureNAT - - - 109 21883 556 - 5/14/2010 2:42:41 PM 0 0 0 0 - - - - - - - Not in database - 207.245.67.204 5/14/2010 10:42:41 AM 172.17.201.86 207.245.67.204 80 http Failed Connection Attempt Inspected Allow Web Access for All Users 12210 An Internet Server API (ISAPI) filter has finished handling the request. Contact your system administrator. anonymous Internal External http://207.245.67.204/ PHL-TMG1 Unknown Web Proxy Filter Blocked Response with Unsupported Format Received 0 209.120.230.99 - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rob Moore Network Manager 215-241-7870 Helpdesk: 800-500-AFSC