RE: Webrouting to a SQUID-proxy
From: Kristin Thomas [MSFT] (kthomas_at_online.microsoft.com)
Date: 03/18/04
- Next message: Shawn: "Proxy Server Settings automatically set themselves after ISA was uninstalled"
- Previous message: Kristin Thomas [MSFT]: "Re: One machine exchange server with ISA 2000"
- In reply to: Oliver Stadler: "Webrouting to a SQUID-proxy"
- Next in thread: Oliver Stadler: "Re: Webrouting to a SQUID-proxy"
- Reply: Oliver Stadler: "Re: Webrouting to a SQUID-proxy"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 18 Mar 2004 16:27:55 GMT
Greeting Oli,
You would only need to put the * in, not the // so *.blackwell-synergy.com
would be correct in the destination set.
You can route to a Squid server, but if it requires authentication you
would need to enter one account's credentials and password on the upstream
proxy server settings page, it cannot pass authentication from a user.
Because of this, I'm not sure you wouldn't need to make allow all rules for
your client machines otherwise authentication of a user to verify it had
rights to browse a site in ISA might not work with the Squid Server. I
assume since you are making sure no one goes to porn sites, you aren't
allowing all for your clients. This might cause the routing to the SQuid
server not to work. Please post back what rules you have for site and
content and protocol and I will try to figure out what will/will not work
for you.
Best Regards,
Kristin Thomas, MCSE, MCP
Microsoft Enterprise Network Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: "Oliver Stadler" <ostSPAMadler@bridspamge.de>
Subject: Webrouting to a SQUID-proxy
Date: Thu, 18 Mar 2004 08:10:13 +0100
Hello all,
I have the following problem: Here at our clinic we have a back-to-back
firewall system (both are ISA-servers).
On the outer ISA-server I have a webfilter software installed. All of our
clients in our internal networks have the firewall-client installed.
When accessing special sites (electronic magazines) we need to use a special
proxy-server (Squid), for all other sites we dont need another
upstream-proxy.
Normally we accomplish this by configuring our IE with an autoconfiguration
script (PAC).
Now this works fine, but when people try to access pornographic sites the
webfilter cant block the site because its "hidden" or masked within the
request to the Squid-proxyserver (and this renders the webfilter useless).
So I wanted to create a routing-rule on our outer ISA-server. Now here are
my special questions:
- When creating destination-sets for external computers (external servers),
do I have to enter the sites as:
"*.blackwell-synergy.com" or as "//*.blackwell-synergy.com" ?
- When creating a routing rule I can only use ISA or MS-Proxy-servers as
upstream-servers. How can I route all traffic for the above destination set
to a Squid-upstream-proxy?
(While searching a forum on isaserver.org for a possible answer to this I
found an answer stating: "The squid does not understand carp or
authentication, but you can make the downstream a SecureNAT client." -> Now
what exactly is meant by this?)
Thanks a LOT in advance for help on this subject,
Greetings from Germany,
Oli
- Next message: Shawn: "Proxy Server Settings automatically set themselves after ISA was uninstalled"
- Previous message: Kristin Thomas [MSFT]: "Re: One machine exchange server with ISA 2000"
- In reply to: Oliver Stadler: "Webrouting to a SQUID-proxy"
- Next in thread: Oliver Stadler: "Re: Webrouting to a SQUID-proxy"
- Reply: Oliver Stadler: "Re: Webrouting to a SQUID-proxy"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
