RE: OWA HTTPS [Enterprise] Default rule Denial

• From: "Young, Gerald G" <Gerald.Young@xxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 19 Jan 2006 12:43:08 -0600

Ooohkey, then. *8^)

Back to the redirect you provided...

The error being received was a 12202 error.  Since there wasn't a
12202.htm file in the ErrorHtmls directory, I created a new file called
such, put the redirect in, updated the URL to point to where I wanted it
to go and then restarted the firewall service.

I'm still getting that 12202 error and the web proxy filter is throwing
it. *8^(

Ideas?

Cordially yours,
Jerry G. Young II
  MCSE (4.0/W2K)
Atlanta EES Implementation Team Lead
HHS Engineering
Unisys
 
11493 Sunset Hills Rd.
Reston, VA 20190
Office: 703-579-2727
Cell: 703-625-1468

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Thursday, January 19, 2006 1:27 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial

http://www.ISAserver.org

ISA 2004 doesn't have a web proxy service; it's an application filter in
the firewall service.
Thus, if you feel the need to cycle the web proxy, you have to cycle the
firewall service.

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] 
Sent: Thursday, January 19, 2006 10:21
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial

http://www.ISAserver.org

Thanks, Jim.

Silly question, though.  How do you restart the Web Proxy service when
it doesn't display in the Services tab of the Monitoring node?  I don't
even see W3Proxy.exe running as a process, although I do see a
W3Prefch.exe process (that related?).

Cordially yours,
Jerry G. Young II
  MCSE (4.0/W2K)
Atlanta EES Implementation Team Lead
HHS Engineering
Unisys
 
11493 Sunset Hills Rd.
Reston, VA 20190
Office: 703-579-2727
Cell: 703-625-1468

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Thursday, January 19, 2006 12:44 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial

http://www.ISAserver.org

That's my point - you shouldn't allow "/*". 
If you create rules using specific path limitations, don't test them
using other (empty, IOW) paths unless you're trying to validate ISA
blocking action (you did).

If you're trying to support folks that forget to use /exchange in the
URL, take a look at http://isatools.org/isa_redirects.zip

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx]
Sent: Thursday, January 19, 2006 09:30
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial

http://www.ISAserver.org

By default, when creating the rule using the wizard, the paths are set
to just the following.  I have not changed these.

/exchange/*
/exchweb/*
/public/*

Should I add "/"?  In the past, when I've attempted to add "/*" ISA
complains saying that that is the same as the others already specified.

Cordially yours,
Jerry G. Young II
  MCSE (4.0/W2K)
Atlanta EES Implementation Team Lead
HHS Engineering
Unisys
 
11493 Sunset Hills Rd.
Reston, VA 20190
Office: 703-579-2727
Cell: 703-625-1468

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Thursday, January 19, 2006 12:23 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial

http://www.ISAserver.org

Does you rule include the "/" path? 
My $.02 says "no".
My $M5 says it shouldn't, either.

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx]
Sent: Thursday, January 19, 2006 09:06
To: [ISAserver.org Discussion List]
Subject: [isalist] OWA HTTPS [Enterprise] Default rule Denial

http://www.ISAserver.org


All,

I'm having a problem with getting OWA working through ISA as expected.

If I point the URL for OWA to https://domain.com/exchange
<https://domain.com/exchange> , a connection is made and the OWA page
displays.  However, if I go to https://domain.com <https://domain.com> ,
I consistently get denied connections due to the [Enterprise] Default
rule kicking in stating that the ISA server denied that URL.  The URL
field in the logged event shows up as http://domain.com
<http://domain.com>  instead of http://domain.com:443
<http://domain.com:443> .  The same field when going to
https://domain.com/exchange <https://domain.com/exchange>  shows up in
the logs as http://domain.com:443/exchange
<http://domain.com:443/exchange> .

Anyone know what's causing this behavior?

Since this is being logged by the Web Proxy Filter, I'm guessing
something related to that configuration but I'll be damned if I can
figure it out.

Cordially yours,

Jerry G. Young II

  MCSE (4.0/W2K)

Atlanta EES Implementation Team Lead

HHS Engineering

Unisys

 

11493 Sunset Hills Rd.

Reston, VA 20190

Office: 703-579-2727

Cell: 703-625-1468

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gerald.young@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gerald.young@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gerald.young@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » OWA HTTPS [Enterprise] Default rule Denial
• » RE: OWA HTTPS [Enterprise] Default rule Denial
• » RE: OWA HTTPS [Enterprise] Default rule Denial
• » RE: OWA HTTPS [Enterprise] Default rule Denial
• » RE: OWA HTTPS [Enterprise] Default rule Denial
• » RE: OWA HTTPS [Enterprise] Default rule Denial
• » RE: OWA HTTPS [Enterprise] Default rule Denial
• » RE: OWA HTTPS [Enterprise] Default rule Denial
• » RE: OWA HTTPS [Enterprise] Default rule Denial
• » RE: OWA HTTPS [Enterprise] Default rule Denial
• » RE: OWA HTTPS [Enterprise] Default rule Denial
• » RE: OWA HTTPS [Enterprise] Default rule Denial
• » RE: OWA HTTPS [Enterprise] Default rule Denial
• » RE: OWA HTTPS [Enterprise] Default rule Denial
• » RE: OWA HTTPS [Enterprise] Default rule Denial
• » RE: OWA HTTPS [Enterprise] Default rule Denial
• » RE: OWA HTTPS [Enterprise] Default rule Denial
• » RE: OWA HTTPS [Enterprise] Default rule Denial

1. Home
2. isalist
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---