RE: Continued issues with particular site

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 17 Jan 2006 16:07:48 -0600

The FWC will stuff use the Web proxy filter if the Web proxy filter is
still bound to the HTTP protocol. There are a number of workarounds, but
the one I use because it's the easiest :)  is to just unbind the Web
proxy filter from the HTTP protocol and then configure the sites for
Direct Access. 

This enables me to continue to benefit from the Web proxy filter and its
HTTP security filter for Web proxy client connections (machines that are
explicitly configured as Web proxy clients) and bypass the Web proxy
filter for all SecureNAT (SecureNET) and FWC connections.

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 

> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] 
> Sent: Tuesday, January 17, 2006 3:59 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Continued issues with particular site
> 
> http://www.ISAserver.org
> 
> That what I was saying to myself... the "Via" tells all.  But 
> check it--  
> I've got both the IP and the *.domain.com in the direct 
> access tab for the 
> source (listening) network config, I've got the firewall 
> client loaded and 
> refreshed, I've unchecked "use proxy" on the firewall client 
> config for the 
> network config, I've made sure the client is not set to use a 
> proxy in IE.
> 
> Yet, the capture stills says "Via."
> 
> WTF now?
> 
> t
> 
> -----
> "I'll see your Llama and up you a Badger."
> John T
> 
> 
> 
> ----- Original Message ----- 
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Tuesday, January 17, 2006 1:44 PM
> Subject: [isalist] RE: Continued issues with particular site
> 
> 
> http://www.ISAserver.org
> 
> That's NOT a DIRECT ACCESS connection!
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
> 
> 
> 
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > Sent: Tuesday, January 17, 2006 3:41 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Continued issues with particular site
> >
> > <p align=\"left\"><b><font face=\"Arial\" size=\"2\">GFI
> > MailSecurity's HTML threat engine found HTML scripts in this
> > email and has disabled them.</font></b></p>http://www.ISAserver.org
> >
> > So, I've basically honed it down to this.  Here is what we 
> get on the
> > external interface after the client issues the POST for the
> > tracking number:
> >
> > HTTP/1.1.100.Continue..Server:.Microsoft-IIS/5.0..Date:.Tue,.1
> > 7.Jan.2006.21:03:46.GMT....
> >  -then-
> > HTTP/1.1.200.OK..Server:.Microsoft-IIS/5.0..Date:.Tue,.17.Jan.
> 2006.21:03:46.GMT..Connection:.close..Content->
> Type:.text/html..............<HTML>......<HEAD>..........<META
> > .http-equiv="Expires".content="0">..........<META.http-equiv="
> > Pragma".content="no-cache">..........<META.http-equiv="Cache-C
> > ontrol".content="no-cache">.........<LINK.type="text/css".href
> > ="include/master.css"
> > .rel="stylesheet">..........<SCRIPT.type="text/javascript".src="
> > include/form_validation.js"></XCRIPT>..........<SCRIPT.type="tex
> > t/javascript".src="include/multi_onload.js"></XCRIPT>..........<
> > TITLE>IPT,.LLC.</TITLE>......</HEAD>......<BODY.leftmargin="0".m
> > arginheight="0".marginwidth="0".topmargin="0">..............<TAB
> > LE.width="100%".border="0".cellspacing="0".cellpadding="0">...
> > ...........<TR>
> >
> > -- with the rest of the page following.
> >
> > But on the internal interface, this is what goes to the client:
> >
> > HTTP/1.1.100.Continue..Via:.1.1.ISA-VPN..Date:.Tue,.17.Jan.200
> > 6.21:25:31.GMT..Server:.Microsoft-IIS/5.0...
> > .
> > HTTP/1.1.200.OK..Via:.1.1.ISA-VPN..Connection:.close..Proxy-Co
> nnection:.close..Date:.Tue,.17.Jan.2006.21:25:31.GMT..Content-
> Type:.text
> /html..Server:.Microsoft-> IIS/5.0....
> >
> >
> > And that's it.  It dies.
> >
> >
> > WTF?  Anyone?  Beuller?  Anyone?
> >
> > t
> >
> > -----
> > "I'll see your Llama and up you a Badger."
> > John T
> >
> >
> >
> > ----- Original Message ----- 
> > From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Tuesday, January 17, 2006 12:09 PM
> > Subject: [isalist] RE: Continued issues with particular site
> >
> >
> > > http://www.ISAserver.org
> > >
> > > That's my next step.  I've compared captures from
> > direct/ISA (which was a
> > > waste of time) but now I'll have to see what I get in front
> > and behind
> > > ISA. Working on it now.
> > >
> > > t
> > >
> > > -----
> > > "I'll see your Llama and up you a Badger."
> > > John T
> > >
> > >
> > >
> > > ----- Original Message ----- 
> > > From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Tuesday, January 17, 2006 9:41 AM
> > > Subject: [isalist] RE: Continued issues with particular site
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > Got captures?
> > > We can determine a *lot* from a two-sided capture...
> > >
> > > -------------------------------------------------------
> > >   Jim Harrison
> > >   MCP(NT4, W2K), A+, Network+, PCG
> > >   http://isaserver.org/Jim_Harrison/
> > >   http://isatools.org
> > >   Read the help / books / articles!
> > > -------------------------------------------------------
> > >
> > >
> > > -----Original Message-----
> > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > Sent: Tuesday, January 17, 2006 09:06
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] Continued issues with particular site
> > >
> > > http://www.ISAserver.org
> > >
> > > I've still not been able to solve the problem with this one
> > particular
> > > page on a site we must use to track service calls.  My
> > users can log on to
> > > the site fine, and access parts of the site, but when we 
> go to this
> > > particular page to track issues by number, it comes up with
> > a blank page.
> > >
> > > "View Source" shows the right tags, <HTML> through </HTML>,
> > but there is
> > > no content.  Accessing outside of ISA works fine.  I've
> > tried FW Client,
> > > Proxy Client, changing authentication on both the rule and
> > the network
> > > proxy listener, entering "Direct Access," etc, removing the
> > HTTP filter,
> > > etc and nothing works.
> > >
> > > The logs show the site being accessed properly, though the
> > page is blank.
> > >
> > > Where to turn?  Is it PSS time?
> > >
> > > t
> > >
> > >
> > >
> > >
> > > -----
> > > "I'll see your Llama and up you a Badger."
> > > John T
> > >
> > >
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > jim@xxxxxxxxxxxx To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > All mail to and from this domain is GFI-scanned.
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > thor@xxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > thor@xxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: 
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
>

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 01-2006