Re: Unable to access HTTPS sites
- From: "Jim Harrison \(ISA SE\)" <jmharr@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 19 Nov 2008 10:53:44 -0800
If you want to control traffic through the SSL tunnels, you need to get
Clear Tunnel from Collective software.
Correct; you need to separate your HTTP and HTTPS rules if you want to apply
content-types.
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html
"John" <a> wrote in message news:%23$a8s0mSJHA.5900@xxxxxxxxxxxxxxxxxxxxxxx
Thanks Jim.
So how do I prevent users from downloading dangerous executables (EXE, COM,
VBS, BAT and many others) and, at the same time, be able to access HTTPS
sites too?
Do I need to create 2 rules, 1 that allows HTTP traffic with content-type
filtering and the other for HTTPS traffic without content-type filtering?
"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:O9eVACeSJHA.1484@xxxxxxxxxxxxxxxxxxxxxxx
Since ISA never has access to the content-type for SSL tunnel traffic and
since all outbound HTTPS traffic is tunneled, you can't apply these to any
rule which controls HTTPS traffic.
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html
"John" <a> wrote in message
news:%23GwCyLdSJHA.1184@xxxxxxxxxxxxxxxxxxxxxxx
ISA 2006 Standard Edition on Windows Server 2003 R2 SP2
Both OS and ISA have the latest patches. ISA has 2 NICs, internal and
external (with a real IP address)
Problem: HTTPS site are not accessible
Example: accessing www.bankofamerica.com gives me to the following error:
Network Access Message: The page cannot be displayed
Technical Information (for Support personnel)
* Error Code: 502 Proxy Error. The ISA Server denied the specified
Uniform Resource Locator (URL). (12202)
* IP Address: 10.1.1.1
* Date: 11/18/2008 10:47:51 PM [GMT]
* Server: isaserver.ourdomain.com
* Source: proxy
More information about my ISA 2006 settings. I created a WebProxy rule
with
the following settings:
Action: Allow
Protocols: HTTP and HTTPS
From: Internal
To: External
Users: user-created group containing my Windows 2003 AD account
Schedule: 24/7
Content types settings:
- if I choose All Content Types, I can access https sites without any
problem
- if I choose Select Content Types (with this option, the rule is
applicable
only to HTTP traffic), I can't access HTTPS sites. Selecting all of
default
content types under "Select Content Types" does not make any difference. I
still can't access HTTPS sites.
I can only access HTTPS sites if I choose All Content Types but there's a
problem. I want to restrict users ability to download executables. All
content types allows me to download everything. That's not what I want.
I don't know where to begin troubleshooting.
.
- Follow-Ups:
- Re: Unable to access HTTPS sites
- From: John
- Re: Unable to access HTTPS sites
- References:
- Unable to access HTTPS sites
- From: John
- Re: Unable to access HTTPS sites
- From: Jim Harrison \(ISA SE\)
- Re: Unable to access HTTPS sites
- From: John
- Unable to access HTTPS sites
- Prev by Date: Re: Unable to access HTTPS sites
- Next by Date: Re: Unable to access HTTPS sites
- Previous by thread: Re: Unable to access HTTPS sites
- Next by thread: Re: Unable to access HTTPS sites
- Index(es):
Relevant Pages
|
