Amateur -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Monday, August 01, 2005 2:15 AM To: ISA Mailing List Subject: [isalist] RE: Blocked by the HTTP Security filter: URL contains '.' in the path Oops! http://www.ISAserver.org Try again - isatools.org didn't have a .wsf mime type so it reported "not found". -----Original Message----- From: Ara Avvali [mailto:ara@xxxxxxxxxxxxx] Sent: Sunday, July 31, 2005 6:17 PM To: [ISAserver.org Discussion List] Subject: RE: Blocked by the HTTP Security filter: URL contains '.' in the path Oops! Jim, thank you for help. But I can't get the link work! ________________________________ From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Sun 7/31/2005 4:06 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Blocked by the HTTP Security filter: URL contains '.' in the path Oops! http://www.ISAserver.org Jeez, I hate web designers that operate this way. The HTTP Filter is acting properly - there should be no '.' in the path portion of a URL -this is a favorite attack method (Code Red, Nimda, etc., etc.). This: http://us.i1.yimg.com/us.yimg.com/i/ww/bt1/125.gif ..is a bogus URL as far as ISA and other intelligent beings are concerned. See if http://isatools.org/changeblockdotinpath.wsf helps. Run it as 'cscript changeblockdotinpath.wsf' to get instructions. It's not listed yet because it's not "full-featured" yet. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Ara Avvali [mailto:ara@xxxxxxxxxxxxx] Sent: Sunday, July 31, 2005 10:41 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Blocked by the HTTP Security filter: URL contains '.' in the path Oops! http://www.ISAserver.org Oops! I forgot to post my log files Service Destination Host Name Transport Filter Information Result Code HTTP Status Code Cache Information Error Information Log Record Type Log Time Destination IP Destination Port Protocol Action HTTP Method URL Proxy us.i1.yimg.com TCP Blocked by the HTTP Security filter: URL contains '.' in the path 12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator. 0x0 0x880 Web Proxy Filter 7/31/2005 10:22 192.168.0.254 8080 http Denied Connection GET http://us.i1.yimg.com/us.yimg.com/i/ww/bt1/125.gif Proxy us.i1.yimg.com TCP Blocked by the HTTP Security filter: URL contains '.' in the path 12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator. 0x0 0x880 Web Proxy Filter 7/31/2005 10:22 192.168.0.254 8080 http Denied Connection GET http://us.i1.yimg.com/us.yimg.com/i/ww/bt1/13441.gif Proxy us.i1.yimg.com TCP Blocked by the HTTP Security filter: URL contains '.' in the path 12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator. 0x0 0x880 Web Proxy Filter 7/31/2005 10:22 192.168.0.254 8080 http Denied Connection GET http://us.i1.yimg.com/us.yimg.com/i/ww/bt1/136.gif Proxy us.i1.yimg.com TCP Blocked by the HTTP Security filter: URL contains '.' in the path 12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator. 0x0 0x880 Web Proxy Filter 7/31/2005 10:22 192.168.0.254 8080 http Denied Connection GET http://us.i1.yimg.com/us.yimg.com/i/ww/bt1/ml.gif Proxy us.i1.yimg.com TCP Blocked by the HTTP Security filter: URL contains '.' in the path 12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator. 0x0 0x880 Web Proxy Filter 7/31/2005 10:22 192.168.0.254 8080 http Denied Connection GET http://us.i1.yimg.com/us.yimg.com/i/ww/bt1/my.gif Proxy us.i1.yimg.com TCP Blocked by the HTTP Security filter: URL contains '.' in the path 12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator. 0x0 0x880 Web Proxy Filter 7/31/2005 10:22 192.168.0.254 8080 http Denied Connection GET http://us.i1.yimg.com/us.yimg.com/i/ww/bt1/msg.gif Proxy us.i1.yimg.com TCP Blocked by the HTTP Security filter: URL contains '.' in the path 12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator. 0x0 0x880 Web Proxy Filter 7/31/2005 10:22 192.168.0.254 8080 http Denied Connection GET http://us.i1.yimg.com/us.yimg.com/i/ww/beta.gif Proxy us.i1.yimg.com TCP Blocked by the HTTP Security filter: URL contains '.' in the path 12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator. 0x0 0x880 Web Proxy Filter 7/31/2005 10:22 192.168.0.254 8080 http Denied Connection GET http://us.i1.yimg.com/us.yimg.com/i/ww/v5_mail_t.gif Proxy us.i1.yimg.com TCP Blocked by the HTTP Security filter: URL contains '.' in the path 12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator. 0x0 0x880 Web Proxy Filter 7/31/2005 10:22 192.168.0.254 8080 http Denied Connection GET http://us.i1.yimg.com/us.yimg.com/i/mntl/fin/05q3/hea_idtheft.gif Proxy us.i1.yimg.com TCP Blocked by the HTTP Security filter: URL contains '.' in the path 12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator. 0x0 0x880 Web Proxy Filter 7/31/2005 10:22 192.168.0.254 8080 http Denied Connection GET http://us.i1.yimg.com/us.yimg.com/i/mntl/fin/05q3/img_idtheft.jpg Proxy us.i1.yimg.com TCP Blocked by the HTTP Security filter: URL contains '.' in the path 12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator. 0x0 0x880 Web Proxy Filter 7/31/2005 10:22 192.168.0.254 8080 http Denied Connection GET http://us.i1.yimg.com/us.yimg.com/i/mo/blondes104b.jpg Proxy us.i1.yimg.com TCP Blocked by the HTTP Security filter: URL contains '.' in the path 12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator. 0x0 0x880 Web Proxy Filter 7/31/2005 10:22 192.168.0.254 8080 http Denied Connection GET http://us.i1.yimg.com/us.yimg.com/i/mntl/fin/05q3/tag_idtheft.gif Proxy us.i1.yimg.com TCP Blocked by the HTTP Security filter: URL contains '.' in the path 12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator. 0x0 0x880 Web Proxy Filter 7/31/2005 10:22 192.168.0.254 8080 http Denied Connection GET http://us.i1.yimg.com/us.yimg.com/i/buzz/2005/07/0729fried.jpg Proxy us.i1.yimg.com TCP Blocked by the HTTP Security filter: URL contains '.' in the path 12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator. 0x0 0x880 Web Proxy Filter 7/31/2005 10:22 192.168.0.254 8080 http Denied Connection GET http://us.i1.yimg.com/us.yimg.com/i/mntl/pers/05q2/img_cathy.jpg Proxy us.i1.yimg.com TCP Blocked by the HTTP Security filter: URL contains '.' in the path 12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator. 0x0 0x880 Web Proxy Filter 7/31/2005 10:22 192.168.0.254 8080 http Denied Connection GET http://us.i1.yimg.com/us.yimg.com/i/ww/trfc_bckt.gif Proxy us.a1.yimg.com TCP Blocked by the HTTP Security filter: URL contains '.' in the path 12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator. 0x0 0x880 Web Proxy Filter 7/31/2005 10:22 192.168.0.254 8080 http Denied Connection GET http://us.a1.yimg.com/us.yimg.com/a/1-/flash/promotions/classesusa/05050 5/70iltl.jpg Proxy us.a1.yimg.com TCP Blocked by the HTTP Security filter: URL contains '.' in the path 12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator. 0x0 0x880 Web Proxy Filter 7/31/2005 10:22 192.168.0.254 8080 http Denied Connection GET http://us.a1.yimg.com/us.yimg.com/a/am/amex/btn_84x28_6.gif -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Saturday, July 30, 2005 9:14 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Blocked by the HTTP Security filter: URL contains '.' in the path http://www.ISAserver.org There's a reason I asked for the "exact URL" - the domain part of the URL is irrelevant. In order to evaluate why the HTTP Filter is triggering, we need the *entire*, *exact* URL that triggered the filter. You can find this URL in the logs where the HTTP Filter triggered on the URL sent by the client to the ISA server that holds the HTTP Filter that triggered on the whole URL sent by the client to the ISA that recorded this request and resulting HTTP Trigger status message in the web proxy log on the ISA that recorded the exact, entire URL that caused the HTTP Filter to trigger. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ara@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx