Re: Web clients get 12202 error
- From: Dar Scott <dsc@xxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 15 Dec 2001 13:29:37 -0700
At 3:54 PM -0800 12/14/01, Jim Harrison wrote:
The SOCKS proxy doesn't "do" web requests...
I found HTTP Redirector enabled; I must have done that when
thrashing. Rather than disabling it I just flipped a switch in its
properties for now.
It now works!
I deleted a protocol rule to pass HTTP and a moment later added the
exact same rule again. Bingo! All sorts of things I have been
struggling with started working. Even my DNS rule. Maybe something
in the rule db was corrupted.
SOCKS works great for web requests, with or without redirection to
the Web proxy.
I switched to using the Web Proxy, not SOCKS.
In the current state of my ISA server I need an HTTP protocol rule
for the Web Proxy to work. An IP filter has no affect.
Are you using client authentication for your outbound traffic?
Are you requiring user auth?
In the server Properties "Outgoing Web Requests" tab, the box labeled
"Ask authenticated users for identification" is unchecked. So that
probably wasn't my problem.
I am considering using auth and have this problem: I have to have
have a protocol rule to pass HTTP. (If this is abnormal, maybe I
better reinstall.)
This presents two problems.
First, I now have a rule to pass HTTP exposed to my SecureNAT
clients. I can patch that with HTTP Redirector. I see no way to
just just drop direct HTTP. This same problem applies if I want to
leave SOCKS open for some applications but don't want it used for
web; I have to redirect.
Second, from what I read (Shinder etal pp 330...), authentication
does not apply to web requests coming in this way.
Is there a way to enable web proxy without a rule that allows direct
access? (Or have I done something to my system that put me into this
bind?)
Dar Scott
Other related posts: