Re: Web Proxy Filter exception not working

I thought that this had resolved the problem but realized the same issue is
occuring. Here is what I modified the setup to be:

Rule 1: Allow all traffic but HTTP between all protected networks and the
MetroList site.

Rule 2: Unrestricted internet access between all protected networks and the
External network. My custom protocol is not allowed but all other protocols
are. The unfiltered protocol is denied so all other HTTP traffic still uses
the web proxy filter. It is because the methods are being used? How can I
turn off the filter for methods to a specific site?

Thanks in advance for your continued help!

Rob

The intial connection to the MetroList site uses my unfiltered protocol.
Then a HEAD and GET method is sent by the custom application and those use
Rule 2. I cannot figure out why any traffic would use Rule 2.

"Phillip Windell" wrote:

> "Rob" <Rob@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:7FA18AA4-B6AD-449E-B8CD-83E95870C4F4@xxxxxxxxxxxxxxxx
> > We have ISA 2004 as an edge firewall. It is using only securenat. All is
> > well except with two proprietary applications running on the network. The
> > applications use HTTP methods to get data from the Metrolist site.
>
> > To work around the issue I created my own protocol with a source port of
> 80,
> > destination port of 80. In the Unrestricted Internet Access we deny this
> > protocol and the Metrolist site. Another access rule is created allowing
> > only the user-defined protocol from all protected networks to the
> Metrolist
> > site.
>
> Do don't create a "deny rule". You simply create two "Allow" Rules. One is
> just the normal Rule that allows all your users, using http, to do whatever
> you want them to do. The second Rule is anonymous (All Users) and uses only
> the Metrolist Site (via URL Set of Domain Name Set). You then place the
> Metrolist Rule *above* the other HTTP Rule.
>
> HTTP and http is the same thing.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/ISA2004_AccessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
> http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Deployment Guidelines for ISA Server 2004 Enterprise Edition
> http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
> -----------------------------------------------------
>
>
>
>
.

Relevant Pages

  • Re: Is HTTP an Async Protocol
    ... If you say that HTTP is 3 layers, which is true in one sense, ... TCP/IP is an asynchronous protocol (like most ... > network protocols). ... >> "asynch" is a term related to programming. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: VPN clients cant access internal web sites
    ... Name: Http Vpn ... Protocol Type: Tcp ... Allow Traffic from Vpn Clients ... When I try to view web sites on the Internal network, I receive "Error Code: ...
    (microsoft.public.isa)
  • Re: Is HTTP an Async Protocol
    ... Long answer: HTTP is a protocol. ... "asynch" is a term related to programming. ... A protocol is a standard for communication. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: help abt HTTP protocol !
    ... >> HTTP protocol connection, as HTTP itself and not any other protocol. ... > The HTTP request could be sent one byte at a time, ... > hundreds of packets. ...
    (comp.security.firewalls)
Loading