RE: Complex URLs?

• From: "Ball, Dan" <DBall@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sun, 30 Oct 2005 20:38:44 -0500

Sure, I'll try to do that tonight when the traffic is lighter.

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Sunday, October 30, 2005 8:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Complex URLs?

http://www.ISAserver.org

Odd - it shows "allowed" and "403" in the same log entry.
Any chance of getting a crapture of this?

-----Original Message-----
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] 
Sent: Saturday, October 29, 2005 8:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Complex URLs?

http://www.ISAserver.org

Here is the information from the ISA logs:

Original Client IP      Client Agent    Authenticated Client    Service
Server Name     Referring Server        Destination Host Name
Transport       MIME Type       Object Source   Source Proxy
Destination Proxy       Bidirectional   Client Host Name        Filter
Information     Network Interface       Raw IP Header   Raw Payload
Source Port     Processing Time Bytes Sent      Bytes Received  Result
Code    HTTP Status Code        Cache Information       Error
Information     Log Record Type Log Time        Destination IP
Destination Port        Protocol        Action  Rule    Client IP
Client Username Source Network  Destination Network     HTTP Method
URL
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MAPSIE;
.NET CLR 1.1.4322)      Yes     Proxy   GATEWAY
0-firstsearch.oclc.org.elibrary.mel.org TCP             Internet
-       -               -               -       -       -       0
78      194     823             403     0x40000000      0x480   Web
Proxy Filter    10/29/2005 10:57:04 PM  136.181.125.166 80      http
Allowed Connection      Web Access      10.20.3.69      MAPSNET\dball
Internal - LAN Network  External - Charter & Merit Networks     GET
http://0-firstsearch.oclc.org.elibrary.mel.org/FSIP?dbname=ArticleFirst&;
done=referer

It's the only entry I can find related to this, the link comes from
http://www.mel.org/screens/databasesubjects.html, any of the links that
say "Login Required" will cause that error.  The rule that is allowing
it through the ISA server is the same rule we use for almost all Web
Access.


-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Friday, October 28, 2005 8:29 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Complex URLs?

http://www.ISAserver.org

Yes, there is more data.
What's the URL in the ISA logs?
What rule is quoted for the 403 response?

They use IP-access controls?!?
<snicker><chortle><chuckle><GUFFAW>
Yeh -that's the ticket - everybody behind your ISA is now seen as a
single-freakin'-user!

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] 
Sent: Friday, October 28, 2005 10:30
To: [ISAserver.org Discussion List]
Subject: [isalist] Complex URLs?

http://www.ISAserver.org

Can someone please help me with this? 

We've been struggling with getting access to some state databases for a
couple of months now, but have been unsuccessful.  I've checked the ISA
logs, and all I see is an HTTP GET request going out, and the response
is a 403 Forbidden.  There are no other packets to analyze... 

Finally, we got a response from their tech center, only by chance, in
the e-mail forwarding shuffle.  Here is what they said:

---------------------------------
Can you check with the library that is trying to connect to see if they
are behind a firewall that might be limiting their access?

The following are the lines from the error log where the IP you sent
tried to access the GRGM resource:
1012101716:23196:28201:GET
/itweb/lom_accessmich?db=GRGM:24.213.58.250:80:web:pu
blic:0:1
1012101727:23196:28308:GET
/ips/start.do?userGroupName=lom_accessmich&prodId=IPS
&DB=SPN.SP01_SPN.SP02_HRCA_GRGM_CDB_EAIM_GBFM_ITOF_LT_STOJ_STOM_SPJ.SP05
_GVRL-0:

24.213.58.250:80:web:public:0:1
---------------------------------

The strange part is that I see nothing in our logs about these URLs.
They are using a new "gateway" system now, where it checks your IP
against their list.  If your IP is authorized, they let you through, if
it isn't on the list, it is supposed to prompt you for your drivers
license number instead.



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
dball@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
dball@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Complex URLs?
• » RE: Complex URLs?
• » RE: Complex URLs?
• » RE: Complex URLs?
• » RE: Complex URLs?

1. Home
2. isalist
3. Archive
4. 10-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---