Re: HTTP Redirector that rejects all HTTP traffic
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 17 Dec 2002 13:34:02 -0800
Sorry, Rick; I misspoke; I meant SmartFilter.
Either way. it's the same; client requests need to come directly to the Web
Proxy service or they can't be authenticated to it.
Citrix is a non-Web-Proxy protocol, so the HTTP Redirector shouldn't affect
it.
Disabling the Redirector is not the same as having it enabled with "Reject".
Disabling it causes all unauthenticated web requests from FW/SecureNAT
clients to use any existing "allow" protocol rules that fit the request.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/pages/author_index.asp?aut=3
http://isatools.org
Read the help / books / articles!
----- Original Message -----
From: "Kincer, Rick" <Rick_Kincer@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, December 17, 2002 11:58 AM
Subject: [isalist] Re: HTTP Redirector that rejects all HTTP traffic
http://www.ISAserver.org
Jim,
We not using SurfControl, we are using SmartFilter for web content
filtering. Everything else is controlled through Site and Content Rules,
Protocol Rules and Packet Filters. We keep Internet access pretty tight.
Sorry if I gave the wrong impression.
What do you think might be the problem with the Citrix ICA clients not
working if I turn on the Redirector? I have a Protocol rule which allows ICA
to enable it to work with the Redirector turned off. Also the ICA clients
are using the Firewall client. Do you think It might be authentication that
the ICA clients are having trouble with?
I was understanding that having the Redirector disabled was the same as
having the redirector active and Reject HTTP Traffic turned on? I am
assuming that may not be the case?
Thanks for the quick response!
Rick
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, December 17, 2002 2:04 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: HTTP Redirector that rejects all HTTP traffic
http://www.ISAserver.org
Since you're using user/group-based rules with SurfControl on ISA, the best
choice is "Reject", IMHO.
That way, no one who can't auth to the ISA will get access.
Then, SC can filter to it's heart's content.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/pages/author_index.asp?aut=3
http://isatools.org
Read the help / books / articles!
----- Original Message -----
From: "Kincer, Rick" <Rick_Kincer@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, December 17, 2002 10:50 AM
Subject: [isalist] HTTP Redirector that rejects all HTTP traffic
http://www.ISAserver.org
Hello,
We have ISA Enterprise edition in Integrated mode in an NT environment being
load balanced with RainWall.
I have the HTTP Redirector disabled because I want to monitor, log and
control Internet access, but in doing so I noticed that the Firewall clients
can still access HTTP, I want to force them to be Web Clients and allow
firewall clients to be used for FTP, RA and other apps. There is a setting
in the HTTP Redirector that rejects all HTTP traffic,
My question is: If I enable the Redirector and select the Reject HTTP
selection will I still be able to log, monitor and using Site and Content
Rules control the access of those using the Firewall Client?
Will enabling this bypass the control?
Won't they be forced to be a Web Client and the Firewall client will only be
used for other apps?
I enabled the Redirector once before and our Citrix ICA clients stopped
working.
Thanks for all your help!
Rick
List Sponsored by Aspelle
Aspelle's Microsoft-centric, Aspelle Everywhere, leverages ISA server and
the Internet to quickly and cost-effectively manage and deliver secure,
client-less access to all corporate applications (Web, Unix, Windows and
legacy systems), for all users.
More info at http://www.aspelle.com/info
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
List Sponsored by Aspelle
Aspelle's Microsoft-centric, Aspelle Everywhere, leverages ISA server and
the Internet to quickly and cost-effectively manage and deliver secure,
client-less access to all corporate applications (Web, Unix, Windows and
legacy systems), for all users.
More info at http://www.aspelle.com/info
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rick_kincer@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
List Sponsored by Aspelle
Aspelle's Microsoft-centric, Aspelle Everywhere, leverages ISA server and
the Internet to quickly and cost-effectively manage and deliver secure,
client-less access to all corporate applications (Web, Unix, Windows and
legacy systems), for all users.
More info at http://www.aspelle.com/info
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
