Sure, I'll try to do that tonight when the traffic is lighter. -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Sunday, October 30, 2005 8:28 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Complex URLs? http://www.ISAserver.org Odd - it shows "allowed" and "403" in the same log entry. Any chance of getting a crapture of this? -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Saturday, October 29, 2005 8:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Complex URLs? http://www.ISAserver.org Here is the information from the ISA logs: Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL 0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MAPSIE; .NET CLR 1.1.4322) Yes Proxy GATEWAY 0-firstsearch.oclc.org.elibrary.mel.org TCP Internet - - - - - - 0 78 194 823 403 0x40000000 0x480 Web Proxy Filter 10/29/2005 10:57:04 PM 136.181.125.166 80 http Allowed Connection Web Access 10.20.3.69 MAPSNET\dball Internal - LAN Network External - Charter & Merit Networks GET http://0-firstsearch.oclc.org.elibrary.mel.org/FSIP?dbname=ArticleFirst&; done=referer It's the only entry I can find related to this, the link comes from http://www.mel.org/screens/databasesubjects.html, any of the links that say "Login Required" will cause that error. The rule that is allowing it through the ISA server is the same rule we use for almost all Web Access. -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Friday, October 28, 2005 8:29 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Complex URLs? http://www.ISAserver.org Yes, there is more data. What's the URL in the ISA logs? What rule is quoted for the 403 response? They use IP-access controls?!? <snicker><chortle><chuckle><GUFFAW> Yeh -that's the ticket - everybody behind your ISA is now seen as a single-freakin'-user! ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Friday, October 28, 2005 10:30 To: [ISAserver.org Discussion List] Subject: [isalist] Complex URLs? http://www.ISAserver.org Can someone please help me with this? We've been struggling with getting access to some state databases for a couple of months now, but have been unsuccessful. I've checked the ISA logs, and all I see is an HTTP GET request going out, and the response is a 403 Forbidden. There are no other packets to analyze... Finally, we got a response from their tech center, only by chance, in the e-mail forwarding shuffle. Here is what they said: --------------------------------- Can you check with the library that is trying to connect to see if they are behind a firewall that might be limiting their access? The following are the lines from the error log where the IP you sent tried to access the GRGM resource: 1012101716:23196:28201:GET /itweb/lom_accessmich?db=GRGM:24.213.58.250:80:web:pu blic:0:1 1012101727:23196:28308:GET /ips/start.do?userGroupName=lom_accessmich&prodId=IPS &DB=SPN.SP01_SPN.SP02_HRCA_GRGM_CDB_EAIM_GBFM_ITOF_LT_STOJ_STOM_SPJ.SP05 _GVRL-0: 24.213.58.250:80:web:public:0:1 --------------------------------- The strange part is that I see nothing in our logs about these URLs. They are using a new "gateway" system now, where it checks your IP against their list. If your IP is authorized, they let you through, if it isn't on the list, it is supposed to prompt you for your drivers license number instead. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dball@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dball@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx