http://www.ISAserver.org ------------------------------------------------------- I read someone that application layer inspection firewalls are actually able to take information in the application layer headers and data and make intelligent decisions based on that data. Yes, I remember now, I wrote a 1000+ book about it and the solution is in there. Go to the Web Publishing chapter. You'll solve all these SSL problems and the current one. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English > Sent: Saturday, May 20, 2006 9:13 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Cert for OWA > > http://www.ISAserver.org > ------------------------------------------------------- > > Yes but if the request is for the following website is > www.autosoldnow.com how does it know under the web server publishing > rule that anything with /exchange goes to serverA while anything with > /ssapp/asn.html goes to serverB? > > Andrew > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Jim Harrison > Sent: Saturday, May 20, 2006 2:06 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Cert for OWA > > http://www.ISAserver.org > ------------------------------------------------------- > > You > Don't > > You create two separate rules, Andy. > > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Andrew English > Sent: Friday, May 19, 2006 20:49 > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Cert for OWA > > Uhm okay Jim so how to I tell ISA the following under one > server publish > website rule? > > > > https://www.autosoldnow.com/ssapp/asn.html goes to 192.168.1.10 > > https://www.autsoldnow.com/exchange goes to 192.168.1.2 > > > > Andrew > > > > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Jim Harrison > Sent: Friday, May 19, 2006 9:05 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Cert for OWA > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > ..so don't use the same listener for both sites. > > C'mon, Andy - take a moment to think it through. > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Andrew English > > Sent: Friday, May 19, 2006 4:38 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: Cert for OWA > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > > > The problem Jim is there web site doesn't use IIS it uses > Jboss which is > > a Java Application Server, normally Jboss sits on Tomcat but this time > > around there isn't any Tomcat running so I am not sure what the script > > kiddies have done. There is no Tomcat server running under > services.msc, > > there is no apache running anywhere, it all runs from one box. > > > > The second box of course runs Exchange 2003 on top of AD which doesn't > > want swing for me without telling me that the version of AD is not the > > same as the other 2003 server even though I raised the domain > and forest > > levels to 2003. > > > > Andrew > > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Jim Harrison > > Sent: Friday, May 19, 2006 5:59 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: Cert for OWA > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > This is called "redirect to HTTPS" and is supported in IIS. > > You can even do it with ISA if you use the isa_redirects package I > > built. > > > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Andrew English > > Sent: Friday, May 19, 2006 15:08 > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: Cert for OWA > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > > > As for OWA we are in the process of buying a separate cert > for that. As > > before what was happening is the had their Linux box flipping the HTTP > > to HTTPS for both the web and exchange site which both run on two > > different LAN servers. Since the dealers themselves are too computer > > illiterate to know what Internet Explorer is let alone where > the Address > > bar is located we had to keep the cert for the web site and > flip to HTTP > > so that portions of the site what stopped working when the cert was > > originally installed can function normally again. > > > > Andrew > > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Jim Harrison > > Sent: Friday, May 19, 2006 5:47 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: Cert for OWA > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > ..then the subject is irrelevant to the question? > > "Cert for OWA" seems to indicate to the rest of us that this was about > > OWA publishing. > > > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Andrew English > > Sent: Friday, May 19, 2006 14:49 > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: Cert for OWA > > > > Ah no. > > > > > > > > The username and passwords are only contained within the site itself, > > they are not associated to AD in anyway shape or form. So if someone > > wants to see what dealerA has sold on the network be my guess, but > > they're login name and password don't work where else but on the > > website. > > > > > > > > Andrew > > > > > > > > > > > > ________________________________ > > > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Mark Morgan > > Sent: Friday, May 19, 2006 5:18 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: Cert for OWA > > > > > > > > It really does not mater if there is not personal or confidential info > > on the site, if you pass the user id and password via http the user > > domain credentials can be compromised, which someone could then use to > > login to VPN etc. > > > > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx]On Behalf Of Andrew English > > Sent: Friday, May 19, 2006 12:56 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: RE: [isalist] Re: Cert for OWA > > > > Hi Gerald, > > > > > > > > Thanks for the bit of information as it never > crossed my mind > > that without SSL installed usernames and passwords are sent in clear > > text format. > > > > > > > > Actually the site is more broken with the SSL > enabled then it > is > > without it. So I am not too worried as it changing to a different > > front-end/back-end within the coming months which will switch back to > > using SSL. It's more important if people can access the site correctly > > now then to have them calling us everyday asking what's wrong, and yes > > we are aware the trade off it has, but since the site doesn't contain > > and personal or confidential information we are not too > worried about. > > > > > > > > Regards, > > > > Andrew > > > > > > > > > > ________________________________ > > > > > > From: isalist-bounce@xxxxxxxxxxxxx on behalf of > Young, Gerald > G > > Sent: Fri 19/05/2006 3:16 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: Cert for OWA > > > > How are you connecting then? > > > > > > > > https:// is for SSL. > > > > http:// does not use SSL or the certificate you just > installed. > > > > > > > > I hope you're not planning on authenticating users over just > an > > http connection: the username and password will be sent in clear text > > that anyone can grab should they be listening. > > > > Cordially yours, > > Jerry G. Young II > > MCSE (4.0/W2K) > > Atlanta EES Implementation Team Lead > > ECNS Microsoft Engineering > > Unisys > > > > 11493 Sunset Hills Rd. > > Reston, VA 20190 > > Office: 703-579-2727 > > Cell: 703-625-1468 > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > > PROPRIETARY MATERIAL and is thus for use only by the intended > recipient. > > If you received this in error, please contact the sender and > delete the > > e-mail and its attachments from all computers. > > > > > > ________________________________ > > > > > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English > > Sent: Friday, May 19, 2006 3:08 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: RE: [isalist] Re: Cert for OWA > > > > > > > > I figured it out.. After I exported the SSL cert to pfx on > IIS6 > > and imported it into ISA I was able to surf to the site, however I had > > enabled SSL on the webpage and for some reason it was telling me I had > > to https:// to the site which I was doing, as soon as I removed the > > (required SSL) from the web site I was able to access it. > Then I applied > > the html I had to redirect the site back to http. (grin) > > > > > > > > Thanks for those who helped I really do appreciate it! > > > > > > > > Regards, > > > > Andrew > > > > > > > > -- > > No virus found in this incoming message. > > Checked by AVG Free Edition. > > Version: 7.1.392 / Virus Database: 268.6.1/343 - > Release Date: > > 5/18/2006 > > > > > > -- > > No virus found in this outgoing message. > > Checked by AVG Free Edition. > > Version: 7.1.392 / Virus Database: 268.6.1/343 - Release > Date: 5/18/2006 > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > All mail to and from this domain is GFI-scanned. > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > All mail to and from this domain is GFI-scanned. > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx