[isalist] Re: ISA Server 2004 Web Proxy

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Wed, 12 Apr 2006 19:58:19 -0500

You can turn off the Web listener, though.
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 


________________________________

        From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Young, Gerald G
        Sent: Wednesday, April 12, 2006 1:37 PM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] ISA Server 2004 Web Proxy
        
        

        In our current set up we are only using ISA Server 2004 to
handle incoming requests for published OWA servers.  Inbound traffic to
the published OWA servers is controlled as desired.

        What we have found, however, is that ISA Server 2004 is
listening on port 8080 and you can configure the IE options on other
servers within the environment to use the proxy listening on that port
at the IP address of the ISA server.  We do not need this functionality.

        From what I have been able to glean from the help file, you
cannot disable the Web Proxy Filter but you can unbind it from specific
protocols, in this case HTTP, and the ISA server shouldn't respond to
proxy requests any longer.

        However, it appears as if it continues to do so, even after
restarting the Firewall service.

        I say this because when I look at the monitoring tab, I see the
traffic being passed via the Web Proxy Filter.

        Ultimately, this isn't a big deal because we'll prevent outbound
HTTP traffic at a different firewall further up in the network fabric.
The real reason this is an issue is because a Nessus Scan flags the fact
that the ISA server is listening on port 8080 and accepts proxy
requests.

        Is there anyway to configure ISA server so that a Nessus Scan
won't flag the availability of a proxy?  Aside from denying access to
the IP address that the Nessus Scan is executed from, anyway. :-)

        Cordially yours,

        Jerry G. Young II

          MCSE (4.0/W2K)

        Atlanta EES Implementation Team Lead

        HHS Engineering

        Unisys

         

        11493 Sunset Hills Rd.

        Reston, VA 20190

        Office: 703-579-2727

        Cell: 703-625-1468

        THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
PROPRIETARY MATERIAL and is thus for use only by the intended recipient.
If you received this in error, please contact the sender and delete the
e-mail and its attachments from all computers.

        

Other related posts:

• » [isalist] ISA Server 2004 Web Proxy
• » [isalist] Re: ISA Server 2004 Web Proxy
• » [isalist] Re: ISA Server 2004 Web Proxy
• » [isalist] Re: ISA Server 2004 Web Proxy
• » [isalist] Re: ISA Server 2004 Web Proxy
• » [isalist] Re: ISA Server 2004 Web Proxy

1. Home
2. isalist
3. Archive
4. 04-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---