Like Jim just said... All initial requests are made anonymously. You¹ll see that in the log. It doesn¹t mean that the request was successful. It also depends on what app is making the request. The general question was ³why am I seeing anonymous in my logs.² The general answer is ³all browser requests are initially made anonymously.² But it could also be your app. For instance, my bank allows us to make deposits by just ³scanning² in received checks with this little scanner they give us. We keep the checks- but when the app posts to the bank the app itself is too stupid to be able to authenticate, so it always makes requests that are, to ISA, anonymous. I had to work around that. Stuff like that. t On 1/26/07 7:53 AM, "Michael Ross" <mross@xxxxxxxxxxx> spoketh to all: > wierd.. dunno why im seeing this.. > > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On > Behalf Of Jim Harrison > Sent: Thursday, January 25, 2007 8:11 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: anon? > > All initial requests are sent anonymous. > Neither ISA nor the client app will send user authentication upstream until > someone along the way asks for it. > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On > Behalf Of Michael Ross > Sent: Thursday, January 25, 2007 3:37 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: anon? > > ok following that logic, and assuming i have a web filter appliance upstream > of the isa box (where web traffic goes post isa and pre www), why would it not > send user authentication information? instead, it all shows up as a blank, or > anon user > > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On > Behalf Of Thor (Hammer of God) > Sent: Thursday, January 25, 2007 4:08 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: anon? > What he means is that the browser will first attempt to establish itself as a > web proxy client anonymously. Even if you¹ve changed your rules to require > authentication for outbound web, the browser will still try, fail, and then > authenticate itself. In your logs, you¹ll see this activity, and the > anonymous attempt will be logged under ³anonymous.² > > t > > > On 1/25/07 2:00 PM, "Greg Mulholland" <gmulholland@xxxxxxxxxxxx> spoketh to > all: > a good browser will do that! > > Greg > > ----- Original Message ----- > > From: Michael Ross <mailto:mross@xxxxxxxxxxx> > > To: isalist@xxxxxxxxxxxxx > > Sent: Friday, January 26, 2007 7:50 AM > > Subject: [isalist] anon? > > > > isa 2004 sp2 > > why would my logs show a user as anonymous? > > > All mail to and from this domain is GFI-scanned. >