Re: Odd Ports Being Allowed

From: Phillip Windell (_at_.)
Date: 05/12/04 

Date: Wed, 12 May 2004 10:43:58 -0500

The Web Proxy Service is basing permission on a per-user / per-protocol
bases. HTTP is still HTTP no matter what port the destination is running
thier site on.

This is the way it is supposed to work. 

-- 
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
"Tim D" <mamoth@NOSPAMchartermi.net> wrote in message
news:%23vw9f7COEHA.1644@TK2MSFTNGP09.phx.gbl...
> I have a quick question and hopefully it will only require a simple
answer.
>
> I have a protocol rule set to allow HTTP, HTTPS, and FTP Download out. The
> Site rule is set to allow folks to go to any site.
>
> Now, when folks go to sites and specify a port number such as:
>
>
http://203.199.70.225:8080/cgi-images/indiatimes/timesclassifieds/dec0403/tailor_180x200.gif
>
> They are being allowed out. The rule that is being applied is the one that
> only allows HTTP, HTTPS and FTP Download. So this is a tad confusing as to
> why they are getting out. The entry shows up in the Web Proxy log, so I
know
> it's not a Firewall Client issue.
>
> Here is the log snippet:
>
> xxx.xxx.xxx.xxx DOMAIN\username Mozilla/4.0 (compatible; MSIE 5.5; Windows
> NT 5.0) Y 2004-05-12 13:44:56 w3proxy SERVER - 203.199.70.225
203.199.70.225
> 8080 1438 649 11236 http TCP GET
>
http://203.199.70.225:8080/cgi-images/indiatimes/timesclassifieds/dec0403/tailor_180x200.gif
> image/gif Inet 200 0x40800000 Allow - Normal Web Access Site Allow - All
>
> So I'm a little baffled on why this is being allowed out. The "Allow -
> Normal Web Access" rule only allows HTTP (port 80), HTTPS (port 443), and
> FTP Download (port 21) out. Yet, it seems to be allowing 8080 (as well as
> other ports) to go out as well.
>
> Does anyone know why this is?
>
> Any help would be appreciated.
>
> Thanks,
> Tim
>
>

Relevant Pages

  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... , but some of my clients do not want users to ... definitely closed now cause when I open it up http: ... the article is incorrect in stating that port 80 is needed. ... that port 443 and port 80 must be open to use RPC over HTTP. ...
    (microsoft.public.windows.server.sbs)
  • Re: Public Website on SBS 2003
    ... hosting and PROTECTING a website is specialist field and ... As leythos says you need to open HTTP port to the www. ... network settings are on servers internet connections. ...
    (microsoft.public.windows.server.sbs)
  • Re: [fw-wiz] tunnel vs open a hole
    ... It does depend on what protocols you are passing through the port or the ... If the protocol is pure HTTP, ... If the protocol is new whizbang multi-media binary with no RFC or complete ... or tunnel over currently open port 80? ...
    (Firewall-Wizards)
  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... Look in IIS at your Exchweb, Exadmin, exchange-oma, and RPC sites' directory ... Why is it called RPC over HTTP if HTTP is not really needed to be ... As pointed out by others, port 80 does NOT need to be open, and yes, it ... I have about 20 of these SBS machines at other locations and have ...
    (microsoft.public.windows.server.sbs)
  • Re: Help understanding error message
    ... Saravana Kumar [MVP - BizTalk Server] ... Receive port is reported to be HTTP but I don't any see HTTP packets in ... Maybe you set up a two-way send port being directed to a one-way ... Details:"Unable to read data from the transport connection: The ...
    (microsoft.public.biztalk.general)