RE: ISAserver.org - Review of SurfControl Web Filter 5.0 for ISA Server 2004
- From: "David Farinic" <davidf@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 17 Mar 2005 17:30:03 +0100
Hi Tom,
Yes ISAPI ISA PROXY plugins from ISA2000 will not work properly on
ISA2004 for SNAT clients (if they check URL).
These plugins have to be slightly re-coded.
In ~ july 2004 you tested WebMonitor for ISA server and reported that
on ISA2004 you saw partial URLs and not full URLs for SNAT clients.
I retested it and I found out that for SNAT clients on ISA2004 my
"GetUrl" function calls to PROXY returns me just partial URL instead of
usual full URL.
I fixed it by simply constructing URL based on client request and not
relying on PROXY helper functions. Since then WebMonitor works fine for
all types of clients.
Regards David Farinic.
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, March 17, 2005 4:57 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISAserver.org - Review of SurfControl Web Filter
5.0 for ISA Server 2004
http://www.ISAserver.org
Hi David,
From what I've heard, the 3rd party plug ins that worked with the ISA
2000 HTTP Redirector Filter don't work with the 2004 Web proxy filter
bound to the HTTP protocol. If the client is configured as a Firewall
client, then the connection is handled by the Web proxy filter, but for
some reason, the plug ins don't apply to the connection. Instead, the
client must be explicitly configured as a Web proxy client in order to
reach the Web filter plug in.
Thanks!
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: David Farinic [mailto:davidf@xxxxxxx]
Sent: Thursday, March 17, 2005 9:28 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISAserver.org - Review of SurfControl Web Filter
5.0 for ISA Server 2004
http://www.ISAserver.org
There is no problem with that in ISA2004. As I understood it that
particular 3rd party ISAPI (ISA2004 PROXY) plugin simply doesn't see
URLs from SNAT clients (i.e. http traffic redirected to PROXY )
therefore it can not filter them and its passing them through.
My conclusion from this was that 3rd party plug-in needs to be fixed as
there is difference now how to get request URL from SNAT clients and
direct proxy clients (I described this before in more detail) .
Correct me if I am wrong.
Regards DavidF
________________________________
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: Thursday, March 17, 2005 4:18 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISAserver.org - Review of SurfControl Web Filter
5.0 for ISA Server 2004
http://www.ISAserver.org
That is pretty much what we've been talking about, and how it couldn't
be done, so now I'm confused. I remember doing that in ISA2000, but
where is this setting in ISA2004?
________________________________
From: David Farinic [mailto:davidf@xxxxxxx]
Sent: Thursday, March 17, 2005 09:30
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISAserver.org - Review of SurfControl Web Filter
5.0 for ISA Server 2004
This mail was checked for viruses by GFI MailSecurity.
GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI
FAXmaker), and network security and management software (GFI LANguard) -
www.gfi.com
Other related posts:
