Unbinding the Web Proxy Filter from HTTP worked. However, I can no longer
"Configure HTTP" anywhere, on any rule. I tried what Steve suggested, which
is to create an allow rule for the site, but you can't unbind Web Proxy
Filter from an individual rule - ( thanks for nuttin, Moffat!!! ;) all you
can do is "Configure HTTP." Hell, I even tried a custom HTTP Protocol
Definition (with no filtering at all) and it still doesn't work.
While I could still access the web via clients specifically set to use a
proxy, why would my HTTP filter configuration options go away because I
unbound the Web Proxy Filter?
Is there no other way to do this????
t
----- "I'll see your Llama and up you a Badger." John T
http://www.ISAserver.org
The FWC will stuff use the Web proxy filter if the Web proxy filter is still bound to the HTTP protocol. There are a number of workarounds, but the one I use because it's the easiest :) is to just unbind the Web proxy filter from the HTTP protocol and then configure the sites for Direct Access.
This enables me to continue to benefit from the Web proxy filter and its HTTP security filter for Web proxy client connections (machines that are explicitly configured as Web proxy clients) and bypass the Web proxy filter for all SecureNAT (SecureNET) and FWC connections.
Tom
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?**
-----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Tuesday, January 17, 2006 3:59 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Continued issues with particular site
http://www.ISAserver.org
That what I was saying to myself... the "Via" tells all. But check it-- I've got both the IP and the *.domain.com in the direct access tab for the source (listening) network config, I've got the firewall client loaded and refreshed, I've unchecked "use proxy" on the firewall client config for the network config, I've made sure the client is not set to use a proxy in IE.
Yet, the capture stills says "Via."
WTF now?
t
----- "I'll see your Llama and up you a Badger." John T
----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, January 17, 2006 1:44 PM
Subject: [isalist] RE: Continued issues with particular site
http://www.ISAserver.org
That's NOT a DIRECT ACCESS connection!
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?**
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> Sent: Tuesday, January 17, 2006 3:41 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Continued issues with particular site
>
> <p align=\"left\"><b><font face=\"Arial\" size=\"2\">GFI
> MailSecurity's HTML threat engine found HTML scripts in this
> email and has disabled them.</font></b></p>http://www.ISAserver.org
>
> So, I've basically honed it down to this. Here is what we
get on the
> external interface after the client issues the POST for the
> tracking number:
>
> HTTP/1.1.100.Continue..Server:.Microsoft-IIS/5.0..Date:.Tue,.1
> 7.Jan.2006.21:03:46.GMT....
> -then-
> HTTP/1.1.200.OK..Server:.Microsoft-IIS/5.0..Date:.Tue,.17.Jan.
2006.21:03:46.GMT..Connection:.close..Content->
Type:.text/html..............<HTML>......<HEAD>..........<META
> .http-equiv="Expires".content="0">..........<META.http-equiv="
> Pragma".content="no-cache">..........<META.http-equiv="Cache-C
> ontrol".content="no-cache">.........<LINK.type="text/css".href
> ="include/master.css"
> .rel="stylesheet">..........<SCRIPT.type="text/javascript".src="
> include/form_validation.js"></XCRIPT>..........<SCRIPT.type="tex
> t/javascript".src="include/multi_onload.js"></XCRIPT>..........<
> TITLE>IPT,.LLC.</TITLE>......</HEAD>......<BODY.leftmargin="0".m
> arginheight="0".marginwidth="0".topmargin="0">..............<TAB
> LE.width="100%".border="0".cellspacing="0".cellpadding="0">...
> ...........<TR>
>
> -- with the rest of the page following.
>
> But on the internal interface, this is what goes to the client:
>
> HTTP/1.1.100.Continue..Via:.1.1.ISA-VPN..Date:.Tue,.17.Jan.200
> 6.21:25:31.GMT..Server:.Microsoft-IIS/5.0...
> .
> HTTP/1.1.200.OK..Via:.1.1.ISA-VPN..Connection:.close..Proxy-Co
nnection:.close..Date:.Tue,.17.Jan.2006.21:25:31.GMT..Content-
Type:.text
/html..Server:.Microsoft-> IIS/5.0....
>
>
> And that's it. It dies.
>
>
> WTF? Anyone? Beuller? Anyone?
>
> t
>
> -----
> "I'll see your Llama and up you a Badger."
> John T
>
>
>
> ----- Original Message ----- > From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Tuesday, January 17, 2006 12:09 PM
> Subject: [isalist] RE: Continued issues with particular site
>
>
> > http://www.ISAserver.org
> >
> > That's my next step. I've compared captures from
> direct/ISA (which was a
> > waste of time) but now I'll have to see what I get in front
> and behind
> > ISA. Working on it now.
> >
> > t
> >
> > -----
> > "I'll see your Llama and up you a Badger."
> > John T
> >
> >
> >
> > ----- Original Message ----- > > From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Tuesday, January 17, 2006 9:41 AM
> > Subject: [isalist] RE: Continued issues with particular site
> >
> >
> > http://www.ISAserver.org
> >
> > Got captures?
> > We can determine a *lot* from a two-sided capture...
> >
> > -------------------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > -------------------------------------------------------
> >
> >
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > Sent: Tuesday, January 17, 2006 09:06
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Continued issues with particular site
> >
> > http://www.ISAserver.org
> >
> > I've still not been able to solve the problem with this one
> particular
> > page on a site we must use to track service calls. My
> users can log on to
> > the site fine, and access parts of the site, but when we
go to this
> > particular page to track issues by number, it comes up with
> a blank page.
> >
> > "View Source" shows the right tags, <HTML> through </HTML>,
> but there is
> > no content. Accessing outside of ISA works fine. I've
> tried FW Client,
> > Proxy Client, changing authentication on both the rule and
> the network
> > proxy listener, entering "Direct Access," etc, removing the
> HTTP filter,
> > etc and nothing works.
> >
> > The logs show the site being accessed properly, though the
> page is blank.
> >
> > Where to turn? Is it PSS time?
> >
> > t
> >
> >
> >
> >
> > -----
> > "I'll see your Llama and up you a Badger."
> > John T
> >
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > jim@xxxxxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > thor@xxxxxxxxxxxxxxx
> > To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > thor@xxxxxxxxxxxxxxx
> > To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
