Re: Webrouting to a SQUID-proxy

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Oliver Stadler (ostSPAMadler_at_bridspamge.de)
Date: 03/25/04 

Date: Thu, 25 Mar 2004 09:56:59 +0100

Hello Kristin,

Thank you very much for your answer and sorry that it took so long for me to
answer. I figured out where the problem was!
In the field where you have to type in the name of the upstream-proxy I
entered "http://proxyname.de" and that was the problem. When I corrected it
to just "proxyname.de" it worked like a charm.
Stupid mistake on my side, but I think this happened because before the
firewall we had to enter "http://pac.proxyname.de" in the automatic
configuration field in the IE settings.

Thanks again,

Greetings from Munich,

Oli

"Kristin Thomas [MSFT]" <kthomas@online.microsoft.com> schrieb im
Newsbeitrag news:Tdh%230XQDEHA.2224@cpmsftngxa06.phx.gbl...
> Greeting Oli,
>
> You would only need to put the * in, not the // so *.blackwell-synergy.com
> would be correct in the destination set.
>
> You can route to a Squid server, but if it requires authentication you
> would need to enter one account's credentials and password on the upstream
> proxy server settings page, it cannot pass authentication from a user.
> Because of this, I'm not sure you wouldn't need to make allow all rules
for
> your client machines otherwise authentication of a user to verify it had
> rights to browse a site in ISA might not work with the Squid Server. I
> assume since you are making sure no one goes to porn sites, you aren't
> allowing all for your clients. This might cause the routing to the SQuid
> server not to work. Please post back what rules you have for site and
> content and protocol and I will try to figure out what will/will not work
> for you.
>
> Best Regards,
>
> Kristin Thomas, MCSE, MCP
> Microsoft Enterprise Network Support
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> When responding to posts, please "Reply to Group" via
> your newsreader so that others may learn and benefit
> from your issue.
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> --------------------
> From: "Oliver Stadler" <ostSPAMadler@bridspamge.de>
> Subject: Webrouting to a SQUID-proxy
> Date: Thu, 18 Mar 2004 08:10:13 +0100
>
>
> Hello all,
>
> I have the following problem: Here at our clinic we have a back-to-back
> firewall system (both are ISA-servers).
> On the outer ISA-server I have a webfilter software installed. All of our
> clients in our internal networks have the firewall-client installed.
>
> When accessing special sites (electronic magazines) we need to use a
special
> proxy-server (Squid), for all other sites we dont need another
> upstream-proxy.
> Normally we accomplish this by configuring our IE with an
autoconfiguration
> script (PAC).
> Now this works fine, but when people try to access pornographic sites the
> webfilter cant block the site because its "hidden" or masked within the
> request to the Squid-proxyserver (and this renders the webfilter useless).
> So I wanted to create a routing-rule on our outer ISA-server. Now here are
> my special questions:
>
> - When creating destination-sets for external computers (external
servers),
> do I have to enter the sites as:
> "*.blackwell-synergy.com" or as "//*.blackwell-synergy.com" ?
>
> - When creating a routing rule I can only use ISA or MS-Proxy-servers as
> upstream-servers. How can I route all traffic for the above destination
set
> to a Squid-upstream-proxy?
> (While searching a forum on isaserver.org for a possible answer to this I
> found an answer stating: "The squid does not understand carp or
> authentication, but you can make the downstream a SecureNAT client." ->
Now
> what exactly is meant by this?)
>
> Thanks a LOT in advance for help on this subject,
>
> Greetings from Germany,
>
> Oli
>
>
>
>

Relevant Pages

  • RE: Users Cant Access Documents on Server
    ... Thanks for using the SBS newsgroup. ... As well as we know, if a workstation would not access network shares, then ... Leave the Default Gateway of the internal NIC blank of the server box. ... Clients That Require SMB Signing ...
    (microsoft.public.windows.server.sbs)
  • Re: Users Cant Access Documents on Server
    ... my computer to the network on the server. ... Connection Wizard none of the computers were listed. ... The Mac clients can not communicate with the server box. ... > Error Messages When You Open or Copy Network Files on Windows XP SP1 ...
    (microsoft.public.windows.server.sbs)
  • Re: [SLE] SMTP authentication
    ... So eventhough my local SMTP server dials up to the internet with a certain username and password, that same username and password would not be used as authentication between my local SMTP server and the ISP's one, should it be used as a relay? ... either defer all outgoing mails until you connect to the internet, then flush out all the mails in the queue. ... Your local server would use an external program like fetchmail to poll the mailserver of your ISP, download the mails and feed them to Postfix. ... The test does NOT say "All clients must be in mynetworks, ...
    (SuSE)
  • RE: VPN Clients Not Registering in AD DNS
    ... via VPN, the DNS records of the VPN clients are unable to be registered. ... Windows 2003 server? ... please let me know whether the clients get the IP ...
    (microsoft.public.windows.server.sbs)
  • Re: Users Cant Access Documents on Server
    ... > then add my computer to the network on the server. ... Did you not see the computers in the Server Management taskpad section? ... The Mac clients can not communicate with the server box. ... >> Error Messages When You Open or Copy Network Files on Windows XP SP1 ...
    (microsoft.public.windows.server.sbs)