URL Set rule invokes Web Proxy Filter 'denied connection'

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "bsleek" <bevinr@xxxxxxxxxxxx>
Date: 12 Jun 2006 14:24:28 -0700

Hi all,

I've been configuring an ISA 2004 Enterprise SP2 array in
pre-production and am encountering an issue with the granting access to
specific URLs from my DMZ. The symptoms include "Error Code: 403
Forbidden. The ISA Server denied the specified URL (12202)" in the
browser making the request and 3 lines in the firewall/webproxy log
(filtered on client IP and parsed for brevity):

HTTP - Initiated Connection - [Enterprise] Allowed URLs - 0x0 - (no URL
recorded) - Firewall
HTTP - Denied Connection - [Enterprise] Default rule - 12202 -
anonymous - http://72.14.207.99/ - Web Proxy Filter
HTTP - Closed Connection - [Enterprise] Allowed URLs - 0x80074e24 - (no
URL recorded) - Firewall

The request is being made to www.google.ca in the browser and I've
created the following URL Set:
http://*.google.ca/
http://*.google.com/
(and also tested:
http://www.google.ca/
http://www.google.com/)
(and also tested:
http://www.google.ca/*
http://www.google.com/*)

and corresponding policy rule:
#1 - Allowed URL Rule - Allow - HTTP - from All Protected - to Allowed
URL Set - All Users

The DMZ in question has a private class c address range assigned
(192.168.107.0-255) and the client is inside this network segment
(192.168.107.100). NLB is enabled on the 2 nodes in this array for this
network (192.168.107.1) as well as on the Internal network. The
external interfaces of each FW are connected to different ISP's and
therefore do not have NLB enabled but do have correctly configured
default gateways. The client is configured with the array VIP as the
default gateway. There is a NAT relationship between the DMZ and
External.

The request works when I change the access rule destination to External
instead of the specific URL Set so I don't believe there is anything
incorrect in my network layout.

Am I missing something regarding how to create a URL set? I based this
setup on the description in the MS KB article advising on how to
configure Windows Update through a proxy but am attempting to
troubleshoot with a simpler site.

Why is the web proxy log line showing a request to the specific IP
address instead of the URL that is originally requested (and matches
the URL set)?

Thanks for any aid,

Bevin Reith

.

Follow-Ups:
- Re: URL Set rule invokes Web Proxy Filter 'denied connection'
  - From: bsleek

Prev by Date: Blocking webcams
Next by Date: Re: URL Set rule invokes Web Proxy Filter 'denied connection'
Previous by thread: Blocking webcams
Next by thread: Re: URL Set rule invokes Web Proxy Filter 'denied connection'
Index(es):
- Date
- Thread

Relevant Pages

Re: Waiting for mutiple objects
... each array size equal to the size of threads in the pool. ... and are designed to unblock a thread to process the client request. ... When any worker thread has finished processing it ... It's like you tried as hard as you can to make a bad design. ...
(comp.unix.programmer)
Re: Waiting for mutiple objects
... each array size equal to the size of threads in the pool. ... and are designed to unblock a thread to process the client request. ... When any worker thread has finished processing it ... Main dispatcher thread then signals ...
(comp.unix.programmer)
Moving $_REQUEST variable
... I'm having a mighty WTF moment here. ... One of them is present in the $_REQUEST ... array as a name-value pair, but in the $_POST array it's there as a name ...
(comp.lang.php)
Re: Waiting for mutiple objects
... each array size equal to the size of threads in the pool. ... and are designed to unblock a thread to process the client request. ... call WaitForMultipleObjects to wait on the "process" event array. ... Main dispatcher thread then signals ...
(comp.unix.programmer)
Re: Getting the dynamic name with $_REQUEST[] , Pls help
... Keeping a separate table for the "more file upload". ... If the user closes after simply uploading the files without submitting the whole project information, or an exception occurs then the db table with extra files and url is inserted un-necessary. ... At the end of submitting the full project information in the db the array values will get stored in the corresponding url and file table which is the child table which has got the FK key points to the corresponding project table. ... How come you're dealing with $_REQUEST even before the form is submitted, you're just outputting the form, what would $_REQUEST contain at that point? ...
(comp.lang.php)