[isapros] Re: Fw: Re: Web Filter with HTTPS
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Wed, 20 Jun 2007 19:41:30 -0500
That should say:
"When you unbind the Web Proxy Filter from the HTTP protocol......."
whopps.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Wednesday, June 20, 2007 7:37 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Fw: Re: Web Filter with HTTPS
No, you need to configure the HTTP Security Filter, and in order
to configured the HTTP Security Filter, the Web Proxy Filter must be
enabled.
Its always enabled for Web listeners
It can unbound from the HTTP protocol, in which case the
configuration interface for the HTTP Security Filter disappears, but you
configuration changes remain intact.
When you unbind the Web proxy filter from the HTTPS protocol, no
Web caching or filtering is done for Firewall clients or SecureNAT
clients.
Web proxy clients are always exposed to the Web proxy filter,
even if you unbind it from the HTTP protocol.
How's that?
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Gerald G. Young
Sent: Wednesday, June 20, 2007 5:06 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Fw: Re: Web Filter with HTTPS
If you're just publishing OWA and an RPC proxy over
HTTPS, isn't any filter configuration automatically handled by ISA when
running the Publish Mail Server wizard? As I understood it, ISA knows
that stuff inherently; no configuration necessary.
Cordially yours,
Jerry G. Young II ++ Sent from BlackBerry ++
Application Engineer
Platform Engineering and Architecture
NTT America, an NTT Communications Company
22451 Shaw Rd.
Sterling, VA 20166
Office: 571-434-1319
Fax: 703-333-6749
Email: g.young@xxxxxxxx
-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx
<isapros-bounce@xxxxxxxxxxxxx>
To: isapros@xxxxxxxxxxxxx <isapros@xxxxxxxxxxxxx>
Sent: Wed Jun 20 17:52:18 2007
Subject: [isapros] Re: Fw: Re: Web Filter with HTTPS
We're all pendants here ;)
Here is my specific question then:
I want to publish HTTPS ie OWA for RPC and HTTPS. I
obviously need to
configure the HTTP Filter properties. If I have the Web
Filter bound to
HTTPS (iow, selected in the available filters under the
protocl config) then
ALL outbound HTTPS traffic breaks. Therefore, one has
to un-bind the Web
Filter from HTTPS for outbound to work (on this
install).
Ergo, since the Web Filter is not bound to the HTTPS
protocol (in order for
outbound to work), there is no way to select "Configure
HTTP" from the
properties of the web publishing rule.
FromwhenthouNowThinketh, WTF is the deal on what
properties of the filter
are applied? See what I mean??
t
----- Original Message -----
From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
To: <isapros@xxxxxxxxxxxxx>
Sent: Wednesday, June 20, 2007 2:31 PM
Subject: [isapros] Re: Fw: Re: Web Filter with HTTPS
> Not to be pedantic, but the published traffic being
handled by the web
> proxy isn't "HTTPS", it's "HTTP inside SSL" and ISA
handles each layer
> separately. By the time the web proxy is evaluating
the HTTP traffic,
> SSL is no longer a factor and it gets treated just
like "plain old" HTTP
> traffic.
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thor (Hammer of God)
> Sent: Wednesday, June 20, 2007 2:26 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Fw: Re: Web Filter with HTTPS
>
> Then how do you configure the HTTP filtering on web
pub rules if the Web
>
> Filter is not bound to HTTPS?
>
> t
> ----- Original Message -----
> From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
> To: <isapros@xxxxxxxxxxxxx>
> Sent: Wednesday, June 20, 2007 2:24 PM
> Subject: [isapros] Re: Fw: Re: Web Filter with HTTPS
>
>
>> Sorta..
>> if it's a web pub rule, then the web proxy is already
involved and no
>> "protocol binding" is required.
>> If it's a server pub rule, then ISA is effectively
blind to the
> traffic
>> anyway.
>>
>> -----Original Message-----
>> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Thor (Hammer of God)
>> Sent: Wednesday, June 20, 2007 2:05 PM
>> To: isapros@xxxxxxxxxxxxx
>> Subject: [isapros] Fw: Re: Web Filter with HTTPS
>>
>> OK, so you are saying that if I unbind the Web Filter
from HTTPS, and
>> create
>> a pub rule for HTTPS, then the filter will still be
used for the Pub
>> rule?
>>
>> t
>>
>>
>> -----Original Message-----
>> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Jim Harrison
>> Sent: Wednesday, June 20, 2007 5:43 PM
>> To: isapros@xxxxxxxxxxxxx
>> Subject: [isapros] Re: Web Filter with HTTPS
>>
>> The web filter is the part that expects to watch the
HTTP traffic as
> it
>> flows through ISA.
>> With the exception of web publishing, HTTPS traffic
is effectively
>> invisible to ISA and therefore any policies enacted
via the web filter
>> (think HTTP Filter, too) cannot be applied and ISA
will default to
> "when
>> in doubt, trash it" mode.
>>
>> -----Original Message-----
>> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Thor (Hammer of God)
>> Sent: Wednesday, June 20, 2007 1:15 PM
>> To: isapros@xxxxxxxxxxxxx
>> Subject: [isapros] Web Filter with HTTPS
>>
>> Just a sanity check here... why would all HTTPS
traffic fail if the
> Web
>> Filter was bound to the HTTPS protocol?
>>
>> t
>>
>> All mail to and from this domain is GFI-scanned.
>>
>>
>>
>>
>> All mail to and from this domain is GFI-scanned.
>>
>>
>
>
>
> All mail to and from this domain is GFI-scanned.
>
>
Other related posts:
