The thing to do now is scan the ISA logs for these requests that were denied and see what the HTTP Filter thought of them. 99 times out of 10, the requests / data offends. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Ted D [mailto:tdoholis@xxxxxxxxxxxxx] Sent: Tuesday, February 22, 2005 12:15 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Javascript through ISA 2004... http://www.ISAserver.org Thanks Tom, Thanks for the explanation. This is an extremely drastic move (remove the web proxy filter) from the HTTP protocol! It works but isnt there a way to exclude it for certain connections or something? this solution basically lobotomizes ISA and its features.... Thanks TD > Hi Ted, > > My bad. :) > > That's the part of the Direct Access piece you need to do to make sure > you completely bypass the Web proxy.=20 > > Direct Access configuration is aimed at completely bypassing the Web > proxy. The autoconfig script informs the Web proxy clients configured to > use it to not remote the Web connection to the Web proxy filter via an > HTTP tunneled request to TCP 8080 on the clients local Web proxy > listener. > > However, if the HTTP protocol is bound to the Web proxy filter, Firewall > clients, and even the lowly, low security SecureNAT client will be > pushed up to the filter. So, in order to get the functionality you had > with the old HTTP Redirectory Filter, you need to unbind the filter from > the protocol. > > Note that this also disables the HTTP Security Filter interface, but it > does not disable the Web proxy filter or the HTTP filter for clients > configured as Web proxy clients. > > HTH,=20 > > > Tom > www.isaserver.org/shinder > Tom and Deb Shinder's Configuring ISA Server 2004 > http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > -----Original Message----- > From: Ted D [mailto:tdoholis@xxxxxxxxxxxxx]=20 > Sent: Tuesday, February 22, 2005 1:11 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Javascript through ISA 2004... > > http://www.ISAserver.org > > Hi Tom,=20 > > You hit the nail on the head. If I unbind the web proxy filter from > HTTP, > everything works perfect.....but what does that mean really?? ;) > > Thanks > TD > > > Hi Ted, > >=20 > > OK, try one more thing just to "make sure" its not the ISA firewall. > > Unbind the Web proxy filter from the HTTP protocol and (for some > reason > > I can't think of right now), remove authentication requirements for > > access that site. > >=20 > > This is sounding like a MIME registration issue to me now. ? :-\=3D20 > >=20 > >=20 > > Tom > > www.isaserver.org/shinder > > Tom and Deb Shinder's Configuring ISA Server 2004 > > http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > >=20 > >=20 > > -----Original Message----- > > From: Ted D [mailto:tdoholis@xxxxxxxxxxxxx]=3D20 > > Sent: Tuesday, February 22, 2005 10:49 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Javascript through ISA 2004... > >=20 > > http://www.ISAserver.org > >=20 > > Hi Tom,=3D20 > >=20 > > I have now got the whole range in the direct access rule and > everything > > shows an IP rather than a URL. I still have the same problem though > > where > > most times you click on the link, you are prompted to open or save the > > jsp > > file rather than it linking to another page. BTW this is ISA 2004, > > clients > > are XP with all 3 connection methods. > >=20 > > Thanks > > TD > >=20 > > > Hi Ted, > > >=3D20 > > > I can't test directly, because I don't have a log on. However, if > > you're > > > seeing IP addresses and URLs, that indicates the the IP addresses > are > > > the ones most likely using Direct Access, and the URLs are not, > since > > > only the Web proxy client will show URLs in the log. So, double > check > > > that the URL sites are also configured for Direct Access. > > >=3D20 > > > You *might* have to restart the client computer in order to get the > > new > > > autoconfig script pulled down from the firewall.=3D3D20 > > >=3D20 > > >=3D20 > > > Tom > > > www.isaserver.org/shinder > > > Tom and Deb Shinder's Configuring ISA Server 2004 > > > http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > >=3D20 > > >=3D20 > > > -----Original Message----- > > > From: Ted D [mailto:tdoholis@xxxxxxxxxxxxx]=3D3D20 > > > Sent: Tuesday, February 22, 2005 9:51 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: Javascript through ISA 2004... > > >=3D20 > > > http://www.ISAserver.org > > >=3D20 > > > Hi Tom, > > >=3D20 > > > The site is ingrammicro.com. when you are logged in and have done a > > > search > > > on a product, you can click on the item for real time price and > avail. > > > detail and this is the jsp link. I can see that the content comes > from > > > multiple places and sometimes they are identified by IP rather than > > the > > > DNS name etc. but dont really know how to identify what the exact > > > problem > > > is as the url never changes so all you ever see in IE is > > > http://ca.ingrammicro.com/..... > > >=3D20 > > > Thanks > > > TD > > >=3D20 > > > > Hi Ted, > > > >=3D3D20 > > > > I forgot number 5 on my list: > > > >=3D3D20 > > > > 5. What specific sites don't work > > > >=3D3D20 > > > > :-) > > > >=3D3D20 > > > > Really, its impossible to tell what's wrong without being able to > > > check > > > > out the actual site. The ISA firewall has no problem with > > Javascript, > > > > it's the specific site that's problematic, or the client > > > configuration. > > > >=3D3D20 > > > > HTH,=3D3D3D20 > > > >=3D3D20 > > > >=3D3D20 > > > > Tom > > > > www.isaserver.org/shinder > > > > Tom and Deb Shinder's Configuring ISA Server 2004 > > > > http://tinyurl.com/3xqb7 > > > > MVP -- ISA Firewalls > > > >=3D3D20 > > > >=3D3D20 > > > > -----Original Message----- > > > > From: Ted D [mailto:tdoholis@xxxxxxxxxxxxx]=3D3D3D20 > > > > Sent: Tuesday, February 22, 2005 9:42 AM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] Javascript through ISA 2004... > > > >=3D3D20 > > > > http://www.ISAserver.org > > > >=3D3D20 > > > > I am having trouble getting javascript to work correctly through > ISA > > > > 2004. > > > > FWC is installed and I have a direct access rule for the site. I > see > > > > that > > > > the traffic is identified by the rule and it is allowed but about > > 90% > > > of > > > > the time you get a pop up asking you if you want to open or save > the > > > jsp > > > > file. even stranger is the other 10% of the time that it actually > > > opens > > > > the correct page. > > > >=3D3D20 > > > > Has anyone had this problem? How did you solve it? > > > >=3D3D20 > > > > ------------------------------------------------------ > > > > List Archives: > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist > > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: =3D3D > > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3D3DFAQ > > > > ------------------------------------------------------ > > > > Other Internet Software Marketing Sites: > > > > World of Windows Networking: http://www.windowsnetworking.com > > > > Leading Network Software Directory: http://www.serverfiles.com > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > > Network Security Library: http://www.secinf.net/ > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org Discussion List > > as: > > > > tshinder@xxxxxxxxxxxxxxxxxx > > > > To unsubscribe visit =3D3D3D > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > >=3D20 > > > ------------------------------------------------------ > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: =3D > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3DFAQ > > > ------------------------------------------------------ > > > Other Internet Software Marketing Sites: > > > World of Windows Networking: http://www.windowsnetworking.com > > > Leading Network Software Directory: http://www.serverfiles.com > > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > Network Security Library: http://www.secinf.net/ > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion List > as: > > > tshinder@xxxxxxxxxxxxxxxxxx > > > To unsubscribe visit =3D3D > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > >=20 > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: = > http://www.isaserver.org/pages/larticle.asp?type=3D3DFAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > World of Windows Networking: http://www.windowsnetworking.com > > Leading Network Software Directory: http://www.serverfiles.com > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Network Security Library: http://www.secinf.net/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit =3D > > http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit = > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.