ms_proxy_auth_query is used in server-side CARP and upstream chaining. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Ross Sent: Friday, January 26, 2007 8:12 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: anon? actually i think its client side CARP cuz standard doesnt support server side... my ISA 2004 is standard edition. ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Friday, January 26, 2007 10:00 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: anon? This is server-side CARP. It has nothing to do with requests sent upstream to your appliance. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Ross Sent: Friday, January 26, 2007 7:54 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: anon? wierd.. dunno why im seeing this.. ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, January 25, 2007 8:11 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: anon? All initial requests are sent anonymous. Neither ISA nor the client app will send user authentication upstream until someone along the way asks for it. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Ross Sent: Thursday, January 25, 2007 3:37 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: anon? ok following that logic, and assuming i have a web filter appliance upstream of the isa box (where web traffic goes post isa and pre www), why would it not send user authentication information? instead, it all shows up as a blank, or anon user ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Thursday, January 25, 2007 4:08 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: anon? What he means is that the browser will first attempt to establish itself as a web proxy client anonymously. Even if you've changed your rules to require authentication for outbound web, the browser will still try, fail, and then authenticate itself. In your logs, you'll see this activity, and the anonymous attempt will be logged under "anonymous." t On 1/25/07 2:00 PM, "Greg Mulholland" <gmulholland@xxxxxxxxxxxx> spoketh to all: a good browser will do that! Greg ----- Original Message ----- From: Michael Ross <mailto:mross@xxxxxxxxxxx> <mailto:mross@xxxxxxxxxxx> To: isalist@xxxxxxxxxxxxx Sent: Friday, January 26, 2007 7:50 AM Subject: [isalist] anon? isa 2004 sp2 why would my logs show a user as anonymous? All mail to and from this domain is GFI-scanned. All mail to and from this domain is GFI-scanned. All mail to and from this domain is GFI-scanned.