Re: ISA 2004 HTTPS Protocol Port Addition
- From: pgk1012 <pgk1012@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 19 Jul 2007 11:34:02 -0700
Thank you for all the information. This helped a lot.
"Phillip Windell" wrote:
You *don't* create a new protocol..
HTTP will run any port "as is" with no rule changes.
HTTPS will run on any port if you hack the ISA with a script to tell it to
allow SSL on other ports.
Managing Tunnel Port Ranges
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/managingtunnelports.mspx
There are reasons why it is normally restricted to 443:
The following quote is taken from these links:
SSL Tunneling; Informational RFC
http://lists.w3.org/Archives/Public/ietf-http-wg-old/1997SepDec/0142.html
Tunneling SSL Through a WWW Proxy
http://muffin.doit.org/docs/rfc/tunneling_ssl.html
------------Quote-------------
5. Security Considerations
CONNECT is really a lower-level function than the rest of the HTTP
methods, kind of an escape mechanism for saying that the proxy should
not interfere with the transaction, but merely forward the data. This
is because the proxy should not need to know the entire URI that is
being accessed (privacy, security), only the information that it
explicitly needs (hostname and port number). Due to this fact, the
proxy cannot verify that the protocol being spoken is really SSL, and
so the proxy configuration should explicitly limit allowed
connections to well-known SSL ports (such as 443 for HTTPS, 563 for
SNEWS, as assigned by the Internet Assigned Numbers Authority).
------------end quote---------
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
"pgk1012" <pgk1012@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:66056CF3-C431-4F24-954E-CB9A7B74EAFE@xxxxxxxxxxxxxxxx
The HTTPS protocol cannot be modified because it is one the standard
defined
ones provided. I have an application that requires HTTPS on port 8000.
Installing the firewall client allows this to work. I added a user
protocol
but have no idea how that could be tied in if at all with HTTPS traffic
going
to the regular HTTPS protocol on port 443. How can I go about setting up
ISA
to acknowledge port 8000 as a valid HTTPS (SSL) port (still keep port 443
as
well)?
- References:
- Re: ISA 2004 HTTPS Protocol Port Addition
- From: Phillip Windell
- Re: ISA 2004 HTTPS Protocol Port Addition
- Prev by Date: Re: ISA 2004 HTTPS Protocol Port Addition
- Next by Date: Re: ISA 2006 and SSL tunneling on port 1494 and 2598
- Previous by thread: Re: ISA 2004 HTTPS Protocol Port Addition
- Index(es):
Relevant Pages
|
