Re: 8081 over ssl
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Tue, 11 Dec 2007 09:00:45 -0600
It is a security risk to allow SSL on any other port than the established
443. It is an RFC recommendation that any Proxy (any brand) should not
allow SSL on any other ports. MS has choose to abide by the
recommendation,...so ISA will not allow SSL on non-standard ports.
See Section #5 "Security considerations"
SSL Tunneling; Informational RFC
http://lists.w3.org/Archives/Public/ietf-http-wg-old/1997SepDec/0142.html
Web Designers and Web Site Admins should be smart enough to never run an SSL
Site on non-standard Ports.
However you can hack ISA with a script that will let you run SSL on other
ports.
Managing Tunnel Port Ranges
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/managingtunnelports.mspx
If it requires a reboot, then it requires a reboot. I don't know if it
does,...I have no intention of ever doing this with my ISA.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
"Tom" <tom.vergucht@xxxxxxxxxxx> wrote in message
news:06D493A6-2DFC-4C13-A5F3-C3E0E72A4392@xxxxxxxxxxxxxxxx
I saw some articles writing about adding this execption to .js and then
restart the firewall... but this can't be it?
For 1 user that wants to request this url i need to do that and have
release
mamagement involved to get a date for the restart of the fw?
Can't this really be solved with a new protocol and adding that protocol
tot
the allowed rule? Question is "how to configure that new protocol? Isn't
there another way to figure out? for me, pure isa really does not allow
this
kind of requests at all.
(that is: https://bids1.tucows.com:8081/)
thanks,
--
Tom
"Hinky" wrote:
Google the following...
ISA SSL port
Here... I'll do it for you...
http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q=isa+ssl+port
Pick any article.
"Tom" <tom.vergucht@xxxxxxxxxxx> wrote in message
news:10CF7816-956D-43B5-A26A-9B4234F982FC@xxxxxxxxxxxxxxxx
Hi everyone,
can anyone tell me if it is possible to allow following url in isa
2006?
https://bids1.tucows.com:8081/
how to?
create new protocol, ex https 8081 and then add what as primary and
secondary connection?
thanks,
--
Tom
.
- References:
- Re: 8081 over ssl
- From: Hinky
- Re: 8081 over ssl
- From: Tom
- Re: 8081 over ssl
- Prev by Date: ISA 2006 proxy error
- Next by Date: Re: Redirecting IP Addresses
- Previous by thread: Re: 8081 over ssl
- Next by thread: Re: Spam Filter Causing ISA Alerts
- Index(es):
Relevant Pages
|
|
