Re: Problem with ISA Server and autoconfig - manual works

From: Thomas W Shinder [MVP] (tshinder_at_hotmail.com)
Date: 07/14/04

• Next message: Thomas W Shinder [MVP]: "Re: 2 connections to the internet?"
• Previous message: Bob Genestet: "Re: SNAT"
• In reply to: Povl H. Pedersen: "Re: Problem with ISA Server and autoconfig - manual works"
• Next in thread: Povl H. Pedersen: "Re: Problem with ISA Server and autoconfig - manual works"
• Reply: Povl H. Pedersen: "Re: Problem with ISA Server and autoconfig - manual works"
• Messages sorted by: [ date ] [ thread ]

---

Date: Wed, 14 Jul 2004 13:28:06 -0500

Hi Povl,

No change in the pre-RTM releases. The philosophy is that if you allow
outbound HTTP, you'll control it on a per site basis, and use the deep
application layer inspection HTTP Security filter to block malicious
connections.

HTH,

--
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
"Povl H. Pedersen" <pope@my.terminal.dk> wrote in message
news:cc6cf183.0407132146.6f8394f7@posting.google.com...
: Could somebody please confirm if this if fixed in ISA Server 2004, or
: if it is the same ?
:
: Since I have not looked in the Mozilla source code, it could be the
: browsers doing this, but I find it more likely that it is in a Windows
: .DLL that that is used by both programs, thus being a client side
: problem.
:
: We discovered the problem when moving the upstream proxy from port 80
: to 3128 - to make sure it was not listening on a port users would have
: normal access to. The problem with the old setup (port 80) was that
: users could bypass the web proxy - and detailed logging, by entering
: the address of the upstream proxy in their browser, and fall back to
: tunelling through the ISA to the upstream server.
:
: I have had a supportcase before with MS that the ISA server did not
: look at port numbers in URLs, so you can not limit users to ports if
: they can reach the ports using web proxy. Port 80 and web proxy gives
: access to all ports on the Internet. MS promised that this is fixed in
: ISA Server 2004.
:
: Povl

---

• Next message: Thomas W Shinder [MVP]: "Re: 2 connections to the internet?"
• Previous message: Bob Genestet: "Re: SNAT"
• In reply to: Povl H. Pedersen: "Re: Problem with ISA Server and autoconfig - manual works"
• Next in thread: Povl H. Pedersen: "Re: Problem with ISA Server and autoconfig - manual works"
• Reply: Povl H. Pedersen: "Re: Problem with ISA Server and autoconfig - manual works"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Problem with ISA Server and autoconfig - manual works ... We discovered the problem when moving the upstream proxy from port 80 ... I have had a supportcase before with MS that the ISA server did not ... they can reach the ports using web proxy. ... (microsoft.public.isa) Re: Problem with ISA Server and autoconfig - manual works ... We discovered the problem when moving the upstream proxy from port 80 ... I have had a supportcase before with MS that the ISA server did not ... they can reach the ports using web proxy. ... (microsoft.public.isa) Re: Alert!Web proxy filter not binding on External and Internal Interf ... You are probably running IIS on the same machine. ... to run the web proxy service in the same time, on the same port. ... > I'm running Service Pack 1 for ISA server 2004. ... (microsoft.public.isa) Re: Microsoft SBS 2000 Internet Permissions Problem ... The web site logon page is access via HTTPS port 85: ... If Microsoft Internet Explorer is configured to reference a server that is ... ISA Server 2000 Standard Edition, ... (microsoft.public.windows.server.sbs) port forwarding (rerouting) with isa server. ... I have a question about port forwarding with isa server. ... external nic connected to the router and one internal nic ... (microsoft.public.isa)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)