http://www.ISAserver.org ------------------------------------------------------- For inbound connections, there are only Web Publishing Rules and Server Publishing Rules There is no "mail server publishing rule" although there might be a Mail Server Publishing Wizard. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English > Sent: Saturday, May 20, 2006 10:55 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Cert for OWA > > http://www.ISAserver.org > ------------------------------------------------------- > > > The OWA site is a mail publishing rule. It use have FBA. The > other site > I agree is not a mail publishing rule thus would require the > web server > publishing rule but can both be run off the same URL, > different servers > with different paths? > > Andrew > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Jim Harrison > Sent: Saturday, May 20, 2006 11:31 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Cert for OWA > > http://www.ISAserver.org > ------------------------------------------------------- > > Must using different path in each rule. > Don't use the mail server publishing rule for non-mail websites. > Create a new rule and specify only the app pat in that rule. > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Andrew English > Sent: Saturday, May 20, 2006 8:05 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Cert for OWA > > http://www.ISAserver.org > ------------------------------------------------------- > > If I create the website publishing rule for the website, am I able to > create an Mail server publishing rule for OWA using the same cert? > > Andrew > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Thomas W Shinder > Sent: Saturday, May 20, 2006 10:11 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Cert for OWA > > http://www.ISAserver.org > ------------------------------------------------------- > > I read someone that application layer inspection firewalls > are actually > able to take information in the application layer headers and data and > make intelligent decisions based on that data. Yes, I remember now, I > wrote a 1000+ book about it and the solution is in there. Go > to the Web > Publishing chapter. You'll solve all these SSL problems and > the current > one. > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English > > Sent: Saturday, May 20, 2006 9:13 AM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: Cert for OWA > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > Yes but if the request is for the following website is > > www.autosoldnow.com how does it know under the web server publishing > > rule that anything with /exchange goes to serverA while > anything with > > /ssapp/asn.html goes to serverB? > > > > Andrew > > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Jim Harrison > > Sent: Saturday, May 20, 2006 2:06 AM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: Cert for OWA > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > You > > Don't > > > > You create two separate rules, Andy. > > > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Andrew English > > Sent: Friday, May 19, 2006 20:49 > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: Cert for OWA > > > > Uhm okay Jim so how to I tell ISA the following under one > > server publish > > website rule? > > > > > > > > https://www.autosoldnow.com/ssapp/asn.html goes to 192.168.1.10 > > > > https://www.autsoldnow.com/exchange goes to 192.168.1.2 > > > > > > > > Andrew > > > > > > > > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Jim Harrison > > Sent: Friday, May 19, 2006 9:05 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: Cert for OWA > > > > > > > > http://www.ISAserver.org > > > > ------------------------------------------------------- > > > > > > > > ..so don't use the same listener for both sites. > > > > C'mon, Andy - take a moment to think it through. > > > > > > > > -----Original Message----- > > > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > > > On Behalf Of Andrew English > > > > Sent: Friday, May 19, 2006 4:38 PM > > > > To: isalist@xxxxxxxxxxxxx > > > > Subject: [isalist] Re: Cert for OWA > > > > > > > > http://www.ISAserver.org > > > > ------------------------------------------------------- > > > > > > > > > > > > The problem Jim is there web site doesn't use IIS it uses > > Jboss which is > > > > a Java Application Server, normally Jboss sits on Tomcat > but this time > > > > around there isn't any Tomcat running so I am not sure what > the script > > > > kiddies have done. There is no Tomcat server running under > > services.msc, > > > > there is no apache running anywhere, it all runs from one box. > > > > > > > > The second box of course runs Exchange 2003 on top of AD > which doesn't > > > > want swing for me without telling me that the version of AD > is not the > > > > same as the other 2003 server even though I raised the domain > > and forest > > > > levels to 2003. > > > > > > > > Andrew > > > > > > > > > > > > -----Original Message----- > > > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > > > On Behalf Of Jim Harrison > > > > Sent: Friday, May 19, 2006 5:59 PM > > > > To: isalist@xxxxxxxxxxxxx > > > > Subject: [isalist] Re: Cert for OWA > > > > > > > > http://www.ISAserver.org > > > > ------------------------------------------------------- > > > > > > > > This is called "redirect to HTTPS" and is supported in IIS. > > > > You can even do it with ISA if you use the isa_redirects package I > > > > built. > > > > > > > > > > > > ------------------------------------------------------- > > > > Jim Harrison > > > > MCP(NT4, W2K), A+, Network+, PCG > > > > http://isaserver.org/Jim_Harrison/ > > > > http://isatools.org > > > > Read the help / books / articles! > > > > ------------------------------------------------------- > > > > > > > > > > > > -----Original Message----- > > > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > > > On Behalf Of Andrew English > > > > Sent: Friday, May 19, 2006 15:08 > > > > To: isalist@xxxxxxxxxxxxx > > > > Subject: [isalist] Re: Cert for OWA > > > > > > > > http://www.ISAserver.org > > > > ------------------------------------------------------- > > > > > > > > > > > > As for OWA we are in the process of buying a separate cert > > for that. As > > > > before what was happening is the had their Linux box > flipping the HTTP > > > > to HTTPS for both the web and exchange site which both run on two > > > > different LAN servers. Since the dealers themselves are too computer > > > > illiterate to know what Internet Explorer is let alone where > > the Address > > > > bar is located we had to keep the cert for the web site and > > flip to HTTP > > > > so that portions of the site what stopped working when the cert was > > > > originally installed can function normally again. > > > > > > > > Andrew > > > > > > > > > > > > -----Original Message----- > > > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > > > On Behalf Of Jim Harrison > > > > Sent: Friday, May 19, 2006 5:47 PM > > > > To: isalist@xxxxxxxxxxxxx > > > > Subject: [isalist] Re: Cert for OWA > > > > > > > > http://www.ISAserver.org > > > > ------------------------------------------------------- > > > > > > > > ..then the subject is irrelevant to the question? > > > > "Cert for OWA" seems to indicate to the rest of us that > this was about > > > > OWA publishing. > > > > > > > > > > > > ------------------------------------------------------- > > > > Jim Harrison > > > > MCP(NT4, W2K), A+, Network+, PCG > > > > http://isaserver.org/Jim_Harrison/ > > > > http://isatools.org > > > > Read the help / books / articles! > > > > ------------------------------------------------------- > > > > > > > > > > > > -----Original Message----- > > > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > > > On Behalf Of Andrew English > > > > Sent: Friday, May 19, 2006 14:49 > > > > To: isalist@xxxxxxxxxxxxx > > > > Subject: [isalist] Re: Cert for OWA > > > > > > > > Ah no. > > > > > > > > > > > > > > > > The username and passwords are only contained within the > site itself, > > > > they are not associated to AD in anyway shape or form. So if someone > > > > wants to see what dealerA has sold on the network be my guess, but > > > > they're login name and password don't work where else but on the > > > > website. > > > > > > > > > > > > > > > > Andrew > > > > > > > > > > > > > > > > > > > > > > > > ________________________________ > > > > > > > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > > > On Behalf Of Mark Morgan > > > > Sent: Friday, May 19, 2006 5:18 PM > > > > To: isalist@xxxxxxxxxxxxx > > > > Subject: [isalist] Re: Cert for OWA > > > > > > > > > > > > > > > > It really does not mater if there is not personal or > confidential info > > > > on the site, if you pass the user id and password via http the user > > > > domain credentials can be compromised, which someone could > then use to > > > > login to VPN etc. > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: isalist-bounce@xxxxxxxxxxxxx > > > > [mailto:isalist-bounce@xxxxxxxxxxxxx]On Behalf Of Andrew English > > > > Sent: Friday, May 19, 2006 12:56 PM > > > > To: isalist@xxxxxxxxxxxxx > > > > Subject: RE: [isalist] Re: Cert for OWA > > > > > > > > Hi Gerald, > > > > > > > > > > > > > > > > Thanks for the bit of information as it never > > crossed my mind > > > > that without SSL installed usernames and passwords are sent in clear > > > > text format. > > > > > > > > > > > > > > > > Actually the site is more broken with the SSL > > enabled then it > > is > > > > without it. So I am not too worried as it changing to a different > > > > front-end/back-end within the coming months which will > switch back to > > > > using SSL. It's more important if people can access the > site correctly > > > > now then to have them calling us everyday asking what's > wrong, and yes > > > > we are aware the trade off it has, but since the site > doesn't contain > > > > and personal or confidential information we are not too > > worried about. > > > > > > > > > > > > > > > > Regards, > > > > > > > > Andrew > > > > > > > > > > > > > > > > > > > > ________________________________ > > > > > > > > > > > > From: isalist-bounce@xxxxxxxxxxxxx on behalf of > > Young, Gerald > > G > > > > Sent: Fri 19/05/2006 3:16 PM > > > > To: isalist@xxxxxxxxxxxxx > > > > Subject: [isalist] Re: Cert for OWA > > > > > > > > How are you connecting then? > > > > > > > > > > > > > > > > https:// is for SSL. > > > > > > > > http:// does not use SSL or the certificate you just > > installed. > > > > > > > > > > > > > > > > I hope you're not planning on authenticating > users over just > > an > > > > http connection: the username and password will be sent in > clear text > > > > that anyone can grab should they be listening. > > > > > > > > Cordially yours, > > > > Jerry G. Young II > > > > MCSE (4.0/W2K) > > > > Atlanta EES Implementation Team Lead > > > > ECNS Microsoft Engineering > > > > Unisys > > > > > > > > 11493 Sunset Hills Rd. > > > > Reston, VA 20190 > > > > Office: 703-579-2727 > > > > Cell: 703-625-1468 > > > > > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL > AND/OR OTHERWISE > > > > PROPRIETARY MATERIAL and is thus for use only by the intended > > recipient. > > > > If you received this in error, please contact the sender and > > delete the > > > > e-mail and its attachments from all computers. > > > > > > > > > > > > ________________________________ > > > > > > > > > > > > From: isalist-bounce@xxxxxxxxxxxxx > > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English > > > > Sent: Friday, May 19, 2006 3:08 PM > > > > To: isalist@xxxxxxxxxxxxx > > > > Subject: RE: [isalist] Re: Cert for OWA > > > > > > > > > > > > > > > > I figured it out.. After I exported the SSL cert to pfx on > > IIS6 > > > > and imported it into ISA I was able to surf to the site, > however I had > > > > enabled SSL on the webpage and for some reason it was > telling me I had > > > > to https:// to the site which I was doing, as soon as I removed the > > > > (required SSL) from the web site I was able to access it. > > Then I applied > > > > the html I had to redirect the site back to http. (grin) > > > > > > > > > > > > > > > > Thanks for those who helped I really do appreciate it! > > > > > > > > > > > > > > > > Regards, > > > > > > > > Andrew > > > > > > > > > > > > > > > > -- > > > > No virus found in this incoming message. > > > > Checked by AVG Free Edition. > > > > Version: 7.1.392 / Virus Database: 268.6.1/343 - > > Release Date: > > > > 5/18/2006 > > > > > > > > > > > > -- > > > > No virus found in this outgoing message. > > > > Checked by AVG Free Edition. > > > > Version: 7.1.392 / Virus Database: 268.6.1/343 - Release > > Date: 5/18/2006 > > > > > > > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > ------------------------------------------------------ > > > > List Archives: //www.freelists.org/archives/isalist/ > > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server Articles and Tutorials: > > > > http://www.isaserver.org/articles_tutorials/ > > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > ------------------------------------------------------ > > > > List Archives: //www.freelists.org/archives/isalist/ > > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server Articles and Tutorials: > > > > http://www.isaserver.org/articles_tutorials/ > > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > ------------------------------------------------------ > > > > List Archives: //www.freelists.org/archives/isalist/ > > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server Articles and Tutorials: > > > > http://www.isaserver.org/articles_tutorials/ > > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > ------------------------------------------------------ > > > > List Archives: //www.freelists.org/archives/isalist/ > > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server Articles and Tutorials: > > > > http://www.isaserver.org/articles_tutorials/ > > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > ------------------------------------------------------ > > > > List Archives: //www.freelists.org/archives/isalist/ > > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx