RE: HTTP Redirector

• From: Christian.Schramm@xxxxxxxxxxxxxx
• To: isalist@xxxxxxxxxxxxx
• Date: Thu, 10 Apr 2003 17:53:30 +0200

Hi ...

Well, I think you need to creat a protocol rule and allow this one for your
client. Furthermore you have to configure the http redirector to reject http
requests from firewall and secure nat clients (make sure your clients are
set as web proxy clients for http access) to prevent users from bypassing
the web proxy (as mentioned in below article)...

http://www.isaserver.org/tutorials/Preventing_SecureNAT_and_Firewall_Clients
_from_Bypassing_the_Web_Proxy_Service_andHow_to_Give_Yourself_a_Headache_wit
h_the_HT.html

Greets...


> -----Ursprüngliche Nachricht-----
> Von: Bob Wolff [mailto:bobw@xxxxxxxxxxxxxxxxxxxxxx] 
> Gesendet: Donnerstag, 10. April 2003 17:05
> An: [ISAserver.org Discussion List]
> Betreff: [isalist] HTTP Redirector
> 
> 
> http://www.ISAserver.org
> 
> 
> Hello!
> 
> Does anyone out there know how I should attempt to tackle 
> this one? I have a user that needs to use Persona Thin Term 
> client.  It uses port 1916 TCP.  If I disable the HTTP 
> redirector it works correctly.  If I enable it, it stops 
> working.  I need to enable this because I want all firewall 
> and secure nat clients to be redirected to the web proxy 
> service so that their browsing data gets logged by superscout 
> web filter.  Also for some reason when I disable it people 
> are able to bypass the proxy server and get right out to the 
> internet.  I have a protocol rule allowing HTTP and HTTPS 
> only to user groups only.  That should be stopping them from 
> getting out shouldn't it?  There is no other default gateway 
> out and when I disable the external int on the ISA server 
> then they of course cannot get out.  So what am I missing?  
> Why can they get out with out using the proxy service when 
> the HTTP redirector is disabled?  The protocol rule that only 
> allows user groups should be stopping them correct?  If you 
> can explain this to me it would be greatly appreciated.  I 
> don't know of a way to allow only persona client traffic from 
> being redirected?  Let me know if you can help me with this!
> 
> Thanks,
> Bob
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/ 
> Windows Security Resource Site: 
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions: 
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: christian.schramm@xxxxxxxxxxxxxx To unsubscribe send 
> a blank email to $subst('Email.Unsub')
> 

Other related posts:

• » HTTP Redirector
• » RE: HTTP Redirector
• » RE: HTTP Redirector
• » HTTP Redirector
• » RE: HTTP Redirector
• » RE: HTTP Redirector
• » Re: HTTP Redirector
• » HTTP Redirector
• » Re: HTTP Redirector
• » Re: HTTP Redirector

1. Home
2. isalist
3. Archive
4. 04-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---