RE: Creating a custom HTTP protocol
- From: "Rob Moore" <RMoore@xxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 13 Dec 2005 09:00:45 -0500
Not as far as I know--I've never bought anything off their website.
When I try to go to www.staples.com, the site doesn't load (with the
error as originally described below). If I try a second time from the
same IE window, though, it does load.
One perhaps interesting thing: When I first go to www.staples.com, the
URL of the page that tries to load is actually
http://www.staples.com/webapp/wcs/stores/servlet/home?storeId=10001&lang
Id=-1&krypto=mfxq1nTSMWh0shUQOLdqekZxx8aozrkWIFqse0LeL0zGl%2FNNJmka%2F2N
a9ddBYs0O.
When I try getting there a second time, the page that actually loads is
just plain old www.staples.com.
Rob
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Monday, December 12, 2005 9:55 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Creating a custom HTTP protocol
http://www.ISAserver.org
Hi Rob,
What part of the Staples site doesn't work? I can get there with no
problems. Do I have to buy something?
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Rob Moore [mailto:RMoore@xxxxxxxx]
Sent: Monday, December 12, 2005 9:30 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Creating a custom HTTP protocol
http://www.ISAserver.org
Between snow days and other stuff, it's taken me a while to get
this fully tested. Now I'm getting access to the Staples website to
work, but in a rather quirky way. In addition to the four steps I
originally mentioned below, I've now also configured the site for direct
access. (To do this I opened the Internal network, went to the Web
Browser tab, and made an entry for Staples--*.staples.com--in the
"Directly access these servers or domains" section.)
I've configured my computer to use the autoconfig script. I've
tried accessing the Staples website both with and without the Firewall
Client software installed. Behavior is the same either way.
What happens now is when I try to access the Staples website I
get the usual error (actually, it's slightly different--now instead of
getting the official ISA orange/yellow one that had more detail, now I
get a much more generic-looking one, but with the same essential error:
"Error Code: 500 Internal Server Error. The request was rejected by the
HTTP filter"). If I then put the address back into the address bar, I
connect to the Staples website no problem.
When I look at the logs, all the entries for my attempted access
go through my generic "access to the Internet" rule--the one that allows
most web traffic to most people. None of the traffic is being looked at
by my new "access to Staples" rule, which is above the generic rule. I
do get a few "Access Denied" entries (Blocked by the HTTP security
filter: the response content is encoded and cannot be scanned).
Any thoughts about what might be going on now?
Thanks,
Rob
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, December 07, 2005 11:27 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Creating a custom HTTP protocol
http://www.ISAserver.org
Hi Rob,
You also have to configure the site for Direct Access, since Web
proxy clients will always be Web proxy filter clients. The Direct Access
config will bypass the Web proxy client config and enable the Firewall
client to handle the connection. And since the Web proxy filter is
unbound from the HTTP protocol, the Firewall client connection won't be
passed up to the filter.
Remember that you need to configure the client to use the
autoconfig script if you want the direct access settings configured on
the ISA firewall to be applied.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Rob Moore [mailto:RMoore@xxxxxxxx]
Sent: Wednesday, December 07, 2005 10:18 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Creating a custom HTTP protocol
http://www.ISAserver.org
Hello all--
I'm trying to allow traffic to a particular website
that's getting blocked by the HTTP filter. To do this, sometime ago I
got advice on this list to "create a custom HTTP protocol def, and not
bind it to the Web Proxy filter, then make sure that allows access only
to the site that uses that protocol." I've tried doing that with no
luck. I'm assuming I've not done it correctly. These are the steps I've
taken:
1. Created a user-defined protocol (HTTP Staples) for
outbound traffic on Port 80.
2. Did not check the Web Proxy application filter for
this protocol (I have a feeling this is my error).
3. Created a URL set for the website
(http://www.staples.com/* <http://www.staples.com/*> ).
4. Created an access rule above the regular "access to
external network" rule, that uses the custom protocol, and allows
traffic from All Protected Networks to the Staples URL set for all
users.
It doesn't work. I still get the same error, "Blocked by
the HTTP security filter: the response content is encoded and cannot be
scanned". Where did I go wrong?
Thanks,
Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rob Moore
Network Manager
215-241-7870
Help Desk: 800-500-AFSC
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other
sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: rmoore@xxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rmoore@xxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
