RE: Javascript through ISA 2004...

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 22 Feb 2005 11:57:16 -0800

The thing to do now is scan the ISA logs for these requests that were
denied and see what the HTTP Filter thought of them.
99 times out of 10, the requests / data offends.

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 
-----Original Message-----
From: Ted D [mailto:tdoholis@xxxxxxxxxxxxx] 
Sent: Tuesday, February 22, 2005 12:15
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Javascript through ISA 2004...

http://www.ISAserver.org

Thanks Tom, 

Thanks for the explanation. This is an extremely drastic move (remove
the
web proxy filter) from the HTTP protocol! It works but isnt there a way
to
exclude it for certain connections or something? this solution basically
lobotomizes ISA  and its features....

Thanks
TD

> Hi Ted,
> 
> My bad. :)
> 
> That's the part of the Direct Access piece you need to do to make sure
> you completely bypass the Web proxy.=20
> 
> Direct Access configuration is aimed at completely bypassing the Web
> proxy. The autoconfig script informs the Web proxy clients configured
to
> use it to not remote the Web connection to the Web proxy filter via an
> HTTP tunneled request to TCP 8080 on the clients local Web proxy
> listener.
> 
> However, if the HTTP protocol is bound to the Web proxy filter,
Firewall
> clients, and even the lowly, low security SecureNAT client will be
> pushed up to the filter. So, in order to get the functionality you had
> with the old HTTP Redirectory Filter, you need to unbind the filter
from
> the protocol.
> 
> Note that this also disables the HTTP Security Filter interface, but
it
> does not disable the Web proxy filter or the HTTP filter for clients
> configured as Web proxy clients.
> 
> HTH,=20
> 
> 
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
> 
> -----Original Message-----
> From: Ted D [mailto:tdoholis@xxxxxxxxxxxxx]=20
> Sent: Tuesday, February 22, 2005 1:11 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Javascript through ISA 2004...
> 
> http://www.ISAserver.org
> 
> Hi Tom,=20
> 
> You hit the nail on the head. If I unbind the web proxy filter from
> HTTP,
> everything works perfect.....but what does that mean really?? ;)
> 
> Thanks
> TD
> 
> > Hi Ted,
> >=20
> > OK, try one more thing just to "make sure" its not the ISA firewall.
> > Unbind the Web proxy filter from the HTTP protocol and (for some
> reason
> > I can't think of right now), remove authentication requirements for
> > access that site.
> >=20
> > This is sounding like a MIME registration issue to me now. ?
:-\=3D20
> >=20
> >=20
> > Tom
> > www.isaserver.org/shinder
> > Tom and Deb Shinder's Configuring ISA Server 2004
> > http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >=20
> >=20
> > -----Original Message-----
> > From: Ted D [mailto:tdoholis@xxxxxxxxxxxxx]=3D20
> > Sent: Tuesday, February 22, 2005 10:49 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Javascript through ISA 2004...
> >=20
> > http://www.ISAserver.org
> >=20
> > Hi Tom,=3D20
> >=20
> > I have now got the whole range in the direct access rule and
> everything
> > shows an IP rather than a URL. I still have the same problem though
> > where
> > most times you click on the link, you are prompted to open or save
the
> > jsp
> > file rather than it linking to another page. BTW this is ISA 2004,
> > clients
> > are XP with all 3 connection methods.
> >=20
> > Thanks
> > TD
> >=20
> > > Hi Ted,
> > >=3D20
> > > I can't test directly, because I don't have a log on. However, if
> > you're
> > > seeing IP addresses and URLs, that indicates the the IP addresses
> are
> > > the ones most likely using Direct Access, and the URLs are not,
> since
> > > only the Web proxy client will show URLs in the log. So, double
> check
> > > that the URL sites are also configured for Direct Access.
> > >=3D20
> > > You *might* have to restart the client computer in order to get
the
> > new
> > > autoconfig script pulled down from the firewall.=3D3D20
> > >=3D20
> > >=3D20
> > > Tom
> > > www.isaserver.org/shinder
> > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > >=3D20
> > >=3D20
> > > -----Original Message-----
> > > From: Ted D [mailto:tdoholis@xxxxxxxxxxxxx]=3D3D20
> > > Sent: Tuesday, February 22, 2005 9:51 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Javascript through ISA 2004...
> > >=3D20
> > > http://www.ISAserver.org
> > >=3D20
> > > Hi Tom,
> > >=3D20
> > > The site is ingrammicro.com. when you are logged in and have done
a
> > > search
> > > on a product, you can click on the item for real time price and
> avail.
> > > detail and this is the jsp link. I can see that the content comes
> from
> > > multiple places and sometimes they are identified by IP rather
than
> > the
> > > DNS name etc. but dont really know how to identify what the exact
> > > problem
> > > is as the url never changes so all you ever see in IE is
> > > http://ca.ingrammicro.com/.....
> > >=3D20
> > > Thanks
> > > TD
> > >=3D20
> > > > Hi Ted,
> > > >=3D3D20
> > > > I forgot number 5 on  my list:
> > > >=3D3D20
> > > > 5. What specific sites don't work
> > > >=3D3D20
> > > > :-)
> > > >=3D3D20
> > > > Really, its impossible to tell what's wrong without being able
to
> > > check
> > > > out the actual site. The ISA firewall has no problem with
> > Javascript,
> > > > it's the specific site that's problematic, or the client
> > > configuration.
> > > >=3D3D20
> > > > HTH,=3D3D3D20
> > > >=3D3D20
> > > >=3D3D20
> > > > Tom
> > > > www.isaserver.org/shinder
> > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > http://tinyurl.com/3xqb7
> > > > MVP -- ISA Firewalls
> > > >=3D3D20
> > > >=3D3D20
> > > > -----Original Message-----
> > > > From: Ted D [mailto:tdoholis@xxxxxxxxxxxxx]=3D3D3D20
> > > > Sent: Tuesday, February 22, 2005 9:42 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] Javascript through ISA 2004...
> > > >=3D3D20
> > > > http://www.ISAserver.org
> > > >=3D3D20
> > > > I am having trouble getting javascript to work correctly through
> ISA
> > > > 2004.
> > > > FWC is installed and I have a direct access rule for the site. I
> see
> > > > that
> > > > the traffic is identified by the rule and it is allowed but
about
> > 90%
> > > of
> > > > the time you get a pop up asking you if you want to open or save
> the
> > > jsp
> > > > file. even stranger is the other 10% of the time that it
actually
> > > opens
> > > > the correct page.
> > > >=3D3D20
> > > > Has anyone had this problem? How did you solve it?
> > > >=3D3D20
> > > > ------------------------------------------------------
> > > > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist
> > > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: =3D3D
> > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3D3DFAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
List
> > as:
> > > > tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit =3D3D3D
> > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >=3D20
> > > ------------------------------------------------------
> > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist
> > > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: =3D
> > http://www.isaserver.org/pages/larticle.asp?type=3D3D3DFAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: http://www.windowsnetworking.com
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Network Security Library: http://www.secinf.net/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
> as:
> > > tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit =3D3D
> > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> >=20
> > ------------------------------------------------------
> > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: =
> http://www.isaserver.org/pages/larticle.asp?type=3D3DFAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
> > tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit =3D
> > http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit =
> http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

• » Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...
• » RE: Javascript through ISA 2004...

1. Home
2. isalist
3. Archive
4. 02-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---