Re: Unable to access HTTPS sites

Tech-Archive recommends: Speed Up your PC by fixing your registry

Thanks Jim.

So how do I prevent users from downloading dangerous executables (EXE, COM,
VBS, BAT and many others) and, at the same time, be able to access HTTPS
sites too?

Do I need to create 2 rules, 1 that allows HTTP traffic with content-type
filtering and the other for HTTPS traffic without content-type filtering?


"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:O9eVACeSJHA.1484@xxxxxxxxxxxxxxxxxxxxxxx
Since ISA never has access to the content-type for SSL tunnel traffic and
since all outbound HTTPS traffic is tunneled, you can't apply these to any
rule which controls HTTPS traffic.

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"John" <a> wrote in message
news:%23GwCyLdSJHA.1184@xxxxxxxxxxxxxxxxxxxxxxx
ISA 2006 Standard Edition on Windows Server 2003 R2 SP2
Both OS and ISA have the latest patches. ISA has 2 NICs, internal and
external (with a real IP address)

Problem: HTTPS site are not accessible

Example: accessing www.bankofamerica.com gives me to the following error:

Network Access Message: The page cannot be displayed
Technical Information (for Support personnel)

* Error Code: 502 Proxy Error. The ISA Server denied the specified
Uniform Resource Locator (URL). (12202)
* IP Address: 10.1.1.1
* Date: 11/18/2008 10:47:51 PM [GMT]
* Server: isaserver.ourdomain.com
* Source: proxy

More information about my ISA 2006 settings. I created a WebProxy rule
with
the following settings:

Action: Allow
Protocols: HTTP and HTTPS
From: Internal
To: External
Users: user-created group containing my Windows 2003 AD account
Schedule: 24/7

Content types settings:
- if I choose All Content Types, I can access https sites without any
problem
- if I choose Select Content Types (with this option, the rule is
applicable
only to HTTP traffic), I can't access HTTPS sites. Selecting all of
default
content types under "Select Content Types" does not make any difference. I
still can't access HTTPS sites.

I can only access HTTPS sites if I choose All Content Types but there's a
problem. I want to restrict users ability to download executables. All
content types allows me to download everything. That's not what I want.

I don't know where to begin troubleshooting.




.

Relevant Pages

  • Re: Unable to access HTTPS sites
    ... rule which controls HTTPS traffic. ... Jim Harrison (ISA SE) ... More information about my ISA 2006 settings. ... I can't access HTTPS sites. ...
    (microsoft.public.isa.configuration)
  • Re: Unable to access HTTPS sites
    ... If you want to control traffic through the SSL tunnels, ... you need to separate your HTTP and HTTPS rules if you want to apply ... Jim Harrison (ISA SE) ... I can't access HTTPS sites. ...
    (microsoft.public.isa.configuration)
  • RE: ISA 2006 and SSL
    ... Because the ISA 2006 is a new ... | 3) From your port I am reading things about publishing to a web server. ...
    (microsoft.public.isa)
  • RE: SSL Tunnel Issues
    ... ISA 2000 with latest FP and SP ... Do you configure the Internet Explorer on the client computer to ... using an HTTP and HTTPS rule for specific users, ... > Microsoft Online Partner Support ...
    (microsoft.public.isa)
  • Re: Allow Web Access to Citrix Server - ISA 2004
    ... Are you using HTTP or HTTPS? ... client information on port 80 internally. ... Also make sure you don't have an ISA listener on port 443 on that IP ... I have installed the Secure Gateway software and am now in the wizard to ...
    (microsoft.public.isa)