You can turn off the Web listener, though. Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Young, Gerald G Sent: Wednesday, April 12, 2006 1:37 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] ISA Server 2004 Web Proxy In our current set up we are only using ISA Server 2004 to handle incoming requests for published OWA servers. Inbound traffic to the published OWA servers is controlled as desired. What we have found, however, is that ISA Server 2004 is listening on port 8080 and you can configure the IE options on other servers within the environment to use the proxy listening on that port at the IP address of the ISA server. We do not need this functionality. From what I have been able to glean from the help file, you cannot disable the Web Proxy Filter but you can unbind it from specific protocols, in this case HTTP, and the ISA server shouldn't respond to proxy requests any longer. However, it appears as if it continues to do so, even after restarting the Firewall service. I say this because when I look at the monitoring tab, I see the traffic being passed via the Web Proxy Filter. Ultimately, this isn't a big deal because we'll prevent outbound HTTP traffic at a different firewall further up in the network fabric. The real reason this is an issue is because a Nessus Scan flags the fact that the ISA server is listening on port 8080 and accepts proxy requests. Is there anyway to configure ISA server so that a Nessus Scan won't flag the availability of a proxy? Aside from denying access to the IP address that the Nessus Scan is executed from, anyway. :-) Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.