[isapros] Re: Fw: Re: Web Filter with HTTPS
- From: "Thor \(Hammer of God\)" <thor@xxxxxxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Wed, 20 Jun 2007 17:52:15 -0700
Re: [isapros] Re: Fw: Re: Web Filter with HTTPSRight- so to Jim with his "can2,
can2, can2" i have to say, "ni"
Can't config HTTP on the rule if HTTP or HTTPS (respectively) is not bound to
"Web Filter." My machine is not bursted in that regard.
Now, when you say "Still working" what does that mean? HTTP Filter
configurations are rule-based. Are you saying if I un-bind Web Filter from
HTTP and HTTPS on a fresh install, and then create a pub rule, that some
"general, default" HTTP filter config is still applied to Web Pub rules?
t
----- Original Message -----
From: Thomas W Shinder
To: isapros@xxxxxxxxxxxxx
Sent: Wednesday, June 20, 2007 5:44 PM
Subject: [isapros] Re: Fw: Re: Web Filter with HTTPS
When you unbind the Web Proxy filter from the HTTP protocol your HTTP
Security Filter configuration options go away, but they're still working.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
----------------------------------------------------------------------------
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Thomas W Shinder
Sent: Wednesday, June 20, 2007 7:37 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Fw: Re: Web Filter with HTTPS
No, you need to configure the HTTP Security Filter, and in order to
configured the HTTP Security Filter, the Web Proxy Filter must be enabled.
Its always enabled for Web listeners
It can unbound from the HTTP protocol, in which case the configuration
interface for the HTTP Security Filter disappears, but you configuration
changes remain intact.
When you unbind the Web proxy filter from the HTTPS protocol, no Web
caching or filtering is done for Firewall clients or SecureNAT clients.
Web proxy clients are always exposed to the Web proxy filter, even if you
unbind it from the HTTP protocol.
How's that?
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
--------------------------------------------------------------------------
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Gerald G. Young
Sent: Wednesday, June 20, 2007 5:06 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Fw: Re: Web Filter with HTTPS
If you're just publishing OWA and an RPC proxy over HTTPS, isn't any
filter configuration automatically handled by ISA when running the Publish Mail
Server wizard? As I understood it, ISA knows that stuff inherently; no
configuration necessary.
Cordially yours,
Jerry G. Young II ++ Sent from BlackBerry ++
Application Engineer
Platform Engineering and Architecture
NTT America, an NTT Communications Company
22451 Shaw Rd.
Sterling, VA 20166
Office: 571-434-1319
Fax: 703-333-6749
Email: g.young@xxxxxxxx
-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx <isapros-bounce@xxxxxxxxxxxxx>
To: isapros@xxxxxxxxxxxxx <isapros@xxxxxxxxxxxxx>
Sent: Wed Jun 20 17:52:18 2007
Subject: [isapros] Re: Fw: Re: Web Filter with HTTPS
We're all pendants here ;)
Here is my specific question then:
I want to publish HTTPS ie OWA for RPC and HTTPS. I obviously need to
configure the HTTP Filter properties. If I have the Web Filter bound to
HTTPS (iow, selected in the available filters under the protocl config)
then
ALL outbound HTTPS traffic breaks. Therefore, one has to un-bind the Web
Filter from HTTPS for outbound to work (on this install).
Ergo, since the Web Filter is not bound to the HTTPS protocol (in order
for
outbound to work), there is no way to select "Configure HTTP" from the
properties of the web publishing rule.
FromwhenthouNowThinketh, WTF is the deal on what properties of the filter
are applied? See what I mean??
t
----- Original Message -----
From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
To: <isapros@xxxxxxxxxxxxx>
Sent: Wednesday, June 20, 2007 2:31 PM
Subject: [isapros] Re: Fw: Re: Web Filter with HTTPS
> Not to be pedantic, but the published traffic being handled by the web
> proxy isn't "HTTPS", it's "HTTP inside SSL" and ISA handles each layer
> separately. By the time the web proxy is evaluating the HTTP traffic,
> SSL is no longer a factor and it gets treated just like "plain old" HTTP
> traffic.
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thor (Hammer of God)
> Sent: Wednesday, June 20, 2007 2:26 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Fw: Re: Web Filter with HTTPS
>
> Then how do you configure the HTTP filtering on web pub rules if the Web
>
> Filter is not bound to HTTPS?
>
> t
> ----- Original Message -----
> From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
> To: <isapros@xxxxxxxxxxxxx>
> Sent: Wednesday, June 20, 2007 2:24 PM
> Subject: [isapros] Re: Fw: Re: Web Filter with HTTPS
>
>
>> Sorta..
>> if it's a web pub rule, then the web proxy is already involved and no
>> "protocol binding" is required.
>> If it's a server pub rule, then ISA is effectively blind to the
> traffic
>> anyway.
>>
>> -----Original Message-----
>> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Thor (Hammer of God)
>> Sent: Wednesday, June 20, 2007 2:05 PM
>> To: isapros@xxxxxxxxxxxxx
>> Subject: [isapros] Fw: Re: Web Filter with HTTPS
>>
>> OK, so you are saying that if I unbind the Web Filter from HTTPS, and
>> create
>> a pub rule for HTTPS, then the filter will still be used for the Pub
>> rule?
>>
>> t
>>
>>
>> -----Original Message-----
>> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Jim Harrison
>> Sent: Wednesday, June 20, 2007 5:43 PM
>> To: isapros@xxxxxxxxxxxxx
>> Subject: [isapros] Re: Web Filter with HTTPS
>>
>> The web filter is the part that expects to watch the HTTP traffic as
> it
>> flows through ISA.
>> With the exception of web publishing, HTTPS traffic is effectively
>> invisible to ISA and therefore any policies enacted via the web filter
>> (think HTTP Filter, too) cannot be applied and ISA will default to
> "when
>> in doubt, trash it" mode.
>>
>> -----Original Message-----
>> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Thor (Hammer of God)
>> Sent: Wednesday, June 20, 2007 1:15 PM
>> To: isapros@xxxxxxxxxxxxx
>> Subject: [isapros] Web Filter with HTTPS
>>
>> Just a sanity check here... why would all HTTPS traffic fail if the
> Web
>> Filter was bound to the HTTPS protocol?
>>
>> t
>>
>> All mail to and from this domain is GFI-scanned.
>>
>>
>>
>>
>> All mail to and from this domain is GFI-scanned.
>>
>>
>
>
>
> All mail to and from this domain is GFI-scanned.
>
>
Other related posts:
