Hi Steve, Disable all Web listeners that do not want responding to Web requests. That way there won't be any pages returned by the firewall. HTH, Tom ________________________________ From: SteveC [mailto:stevec@xxxxxxxxxxx] Sent: Thursday, July 15, 2004 6:39 AM To: [ISAserver.org Discussion List] Subject: [isalist] re True Web Publishing Discard http://www.ISAserver.org John, I'm not too sure about that. If I make an HTTP request to a host nothing running on port 80, the host in question doesn't return anything. ISA server, when I tell it to discard the packet like it never came, actually returns packets. If I send an HTTP request to port 81, ISA does nothing - but the client computer/browser shows an error in my GUI (IE). So in that case the server appears to be truly discarding the request and not returning anything. Jim/Tom, can you throw in your $.02 on this? Does 2004 help? Thanks. >Date: Wed, 7 Jul 2004 10:06:05 -0700 > >Author: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx> > >Subject: RE: True Web Publishing Discard? > >Body: When an HTTP request is made, something must be returned, or a timeout error >message or a can not find server error message. > >John Tolmachoff >Engineer/Consultant/Owner >eServices For You > > >> -----Original Message----- >> Subject: [isalist] True Web Publishing Discard? >> >> http://www.ISAserver.org >> >> >> ISA 2000 - >> >> I have a web publishing rule set to "deny" certain IP number ranges and >> redirect to a web site that has an empty HTML page. That works as >> expected. >> >> I recently changed the rule to "discard". But instead of ignoring the >> traffic, ISA displays a "I don't like you" page. That doesn't exactly >> seem like discarding to me... >> >> So then I changed the "deny" rule back to the empty web site, and then >> stopped that web site. Now I get an "{Invalid Hostname)" message when I >> try to hit the site from a bad IP range. Again, that's not ignoring. >> >> Did I miss something, is there another way to get ISA to truly >> ignore/discard web traffic? I think that If I can make it look like the >> site is not there to bad guys, then hopefully they will just move on - but >> ISA is giving up too much info. >> ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist