RE: Additional HTTP ports

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 20 Sep 2005 12:40:21 -0500

That's pretty low-brow :)

Actually, ports bear a passing relationship to protocols, but there are
no hardwired dependencies.

The point is that the when Web proxy clients remote a HTTP request to
the Web proxy filter on the ISA firewall, the Web proxy filter accepts
it as an HTTP request, regardless of what the destination port is. Some
people didn't like this, some people do like it. I like it because
you're controlling destination protocol access, not port access. If you
give permission to use HTTP, what the destination server port is remain
unimportant.

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: tim.altena@xxxxxxxxxxxxxx [mailto:tim.altena@xxxxxxxxxxxxxx] 
> Sent: Tuesday, September 20, 2005 12:29 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Additional HTTP ports
> 
> http://www.ISAserver.org
> 
> I'm trying to move up but I can't see past my forehead. :)
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> Sent: Tuesday, September 20, 2005 12:23 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Additional HTTP ports
> 
> http://www.ISAserver.org
> 
> HTTP is a protocol. Ports have nothing to do with protocols. You're
> thinking like a "hardware" firewall admin (they think in 
> terms of ports,
> not protocols). ISA is a move up the evolutionary chain.  :-)
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
>  
> 
> > -----Original Message-----
> > From: tim.altena@xxxxxxxxxxxxxx [mailto:tim.altena@xxxxxxxxxxxxxx] 
> > Sent: Tuesday, September 20, 2005 12:16 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Additional HTTP ports
> > 
> > http://www.ISAserver.org
> > 
> > Are web proxy clients still not bound to the firewall the 
> > policy.  If my
> > policy is to allow Users in the XYZ group access from internal to
> > external networks using HTTP.  And http is defined to port 
> > 80, are they
> > not limited to only port 80 traffic?
> > 
> > Maybe I am missing something.  I hope you can help.
> > 
> > Tim
> > 
> > 
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> > Sent: Tuesday, September 20, 2005 10:41 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Additional HTTP ports
> > 
> > http://www.ISAserver.org
> > 
> > Configure the clients as Web proxy clients.
> > 
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > 
> >  
> > 
> > > -----Original Message-----
> > > From: tim.altena@xxxxxxxxxxxxxx 
> [mailto:tim.altena@xxxxxxxxxxxxxx] 
> > > Sent: Tuesday, September 20, 2005 10:30 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] Additional HTTP ports
> > > 
> > > http://www.ISAserver.org
> > > 
> > > What is normal procedure for opening additional ports for 
> > > HTTP traffic.
> > > For instance a web site that uses port 8080 for some of its 
> > > content.  I
> > > would still like the traffic to be monitored at http traffic 
> > > would be I
> > > need the additional port opened.  Can you define HTTP to 
> additional
> > > ports or do I need to create a "new" protocol for it?
> > > 
> > > TIA
> > > Tim
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion 
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit 
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > 
> > > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > tim.altena@xxxxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion 
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tim.altena@xxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

Other related posts:

• » Additional HTTP ports
• » RE: Additional HTTP ports
• » RE: Additional HTTP ports
• » RE: Additional HTTP ports
• » RE: Additional HTTP ports
• » RE: Additional HTTP ports
• » RE: Additional HTTP ports
• » RE: Additional HTTP ports
• » RE: Additional HTTP ports
• » RE: Additional HTTP ports
• » RE: Additional HTTP ports
• » RE: Additional HTTP ports
• » RE: Additional HTTP ports
• » RE: Additional HTTP ports
• » RE: Additional HTTP ports
• » RE: Additional HTTP ports
• » RE: Additional HTTP ports

1. Home
2. isalist
3. Archive
4. 09-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---