?
Solved

HTTP filter

Posted on 2006-06-22
11
Medium Priority
?
2,590 Views
Last Modified: 2011-09-20
I have Win2k server and ISA2004. In my firewall policy rules I would like to configure HTTP. However none of my rules have this as an option. I do have 'configure ftp' and 'configure RPC protocol'. The server has a single NIC
How do I install this?
0
Comment
Question by:rshs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16967536
The configure HTTP rule is not active if you have ISA installed as a cache only device as I recall. As you only have the one interface, you cannot operate effectively in a firewall condition.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16967551
Actually, I stand corrected as I have just amended one of my own servers to test this as it sounded 'off'.

What rule are you highlighting? If the rule does not include http protocol either implicitly (ie all protocols) or explicitly (http protocol) then the option will not appear.
0
 

Author Comment

by:rshs
ID: 16967561
Thanks Keith
If I install a second NIC, can I then activate HTTP? Also, the ISA2004 server is plugged into a Cisco switch whihc handles relay/gateway issues so that all clients have to use ISA as a proxy server. The situation I have is a school site and i would like staff to access podcasts, but not the students.
Apparently I need to control this thru' 'configure HTTP'. Currently neither can get podcasts. I do have separate rules for staff and students.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:rshs
ID: 16967570
Keith
The staff have 'all protocols' and the students have have http and https only.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16968321
can you confirm the actions?

Open the GUI,
Select configuration - monitoring
Click on start query
When you try and make the access to a podcast, what do you see in the log?
0
 

Author Comment

by:rshs
ID: 16997817
Keith
The access does appear in the query. It seems that the rule is STAFF that is blocking podcasts but i can't find how or why given that the STAFF rule have access to all protocols.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16998346
Doesn't work that way. 'All protocols' to ISA means all protocols that it knows about  ie All protocols that are defined in its protocol list; not all protocols regardless of what they are. What exactly is the message you see in the deny lines?
0
 

Author Comment

by:rshs
ID: 16998463
Below is the text from the query. its pretty messy.
                        PROXY2      -            TCP      -                        Yes            -                        1215      2000      4130      106264      0x80074e20             0x0      0x0      Firewall      28/06/2006 8:49:15 AM      10.57.40.13      8080      Unidentified IP Traffic      Closed Connection            10.57.41.139            Internal      Local Host      -      -
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      Yes      Proxy      PROXY2            10.1.81.11      TCP                  -      -            -      Blocked by the HTTP Security filter: URL contains an extension which is disallowed      -      -      -      0      1      4351      638            12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator.       0x4      0x880      Web Proxy Filter      28/06/2006 8:49:16 AM      10.57.40.13      8080      http      Denied Connection      Staff      10.56.40.11      ********************************      Internal      External      GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      No      Proxy      PROXY2            www.abc.net.au      TCP                  -      -            -            -      -      -      0      15      551      509            5       0x0      0x80      Web Proxy Filter      28/06/2006 8:49:16 AM      10.57.40.13      80      http      Failed Connection Attempt            10.56.40.11      anonymous                  GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      No      Proxy      PROXY2            www.abc.net.au      TCP                  -      -            -            -      -      -      0      1      4521      393            12209 The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied.       0x0      0x0      Web Proxy Filter      28/06/2006 8:49:16 AM      10.57.40.13      80      http      Denied Connection            10.56.40.11      anonymous                  GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      Yes      Proxy      PROXY2            10.1.81.11      TCP                  -      -            -      Blocked by the HTTP Security filter: URL contains an extension which is disallowed      -      -      -      0      1      4351      638            12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator.       0x4      0x880      Web Proxy Filter      28/06/2006 8:49:16 AM      10.57.40.13      8080      http      Denied Connection      Staff      10.56.40.11      ********************************      Internal      External      GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      No      Proxy      PROXY2            www.abc.net.au      TCP                  -      -            -            -      -      -      0      16      551      509            5       0x0      0x80      Web Proxy Filter      28/06/2006 8:49:16 AM      10.57.40.13      80      http      Failed Connection Attempt            10.56.40.11      anonymous                  GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      No      Proxy      PROXY2            www.abc.net.au      TCP                  -      -            -            -      -      -      0      1      4521      393            12209 The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied.       0x0      0x0      Web Proxy Filter      28/06/2006 8:49:16 AM      10.57.40.13      80      http      Denied Connection            10.56.40.11      anonymous                  GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      Yes      Proxy      PROXY2            10.1.81.11      TCP                  -      -            -      Blocked by the HTTP Security filter: URL contains an extension which is disallowed      -      -      -      0      1      4351      638            12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator.       0x4      0x880      Web Proxy Filter      28/06/2006 8:49:17 AM      10.57.40.13      8080      http      Denied Connection      Staff      10.56.40.11      ********************************      Internal      External      GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      No      Proxy      PROXY2            www.abc.net.au      TCP                  -      -            -            -      -      -      0      16      551      509            5       0x0      0x80      Web Proxy Filter      28/06/2006 8:49:17 AM      10.57.40.13      80      http      Failed Connection Attempt            10.56.40.11      anonymous                  GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      No      Proxy      PROXY2            www.abc.net.au      TCP                  -      -            -            -      -      -      0      1      4521      393            12209 The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied.       0x0      0x0      Web Proxy Filter      28/06/2006 8:49:17 AM      10.57.40.13      80      http      Denied Connection            10.56.40.11      anonymous                  GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
10.56.40.11                        PROXY2      -            TCP      -                        Yes            -                        1325      0      2091      10471      0x80074e20             0x0      0x0      Firewall      28/06/2006 8:49:17 AM      10.57.40.13      8080      Unidentified IP Traffic      Closed Connection            10.56.40.11            Internal      Local Host      -      -
10.56.40.11                        PROXY2      -            TCP      -                        Yes            -                        1325      0      0      0      0x0             0x0      0x0      Firewall      28/06/2006 8:49:17 AM      10.57.40.13      8080      Unidentified IP Traffic      Initiated Connection            10.56.40.11            Internal      Local Host      -      -
10.56.40.11                        PROXY2      -            TCP      -                        Yes            -                        1324      0      2211      10471      0x80074e20             0x0      0x0      Firewall      28/06/2006 8:49:17 AM      10.57.40.13      8080      Unidentified IP Traffic      Closed Connection            10.56.40.11            Internal      Local Host      -      -
10.56.40.11                        PROXY2      -            TCP      -                        Yes            -                        1324      0      0      0      0x0             0x0      0x0      Firewall      28/06/2006 8:49:17 AM      10.57.40.13      8080      Unidentified IP Traffic      Initiated Connection            10.56.40.11            Internal      Local Host      -      -
10.56.40.11                        PROXY2      -            TCP      -                        Yes            -                        1326      0      0      0      0x0             0x0      0x0      Firewall      28/06/2006 8:49:19 AM      10.57.40.13      8080      Unidentified IP Traffic      Initiated Connection            10.56.40.11            Internal      Local Host      -      -
10.56.40.11                        PROXY2      -            TCP      -                        Yes            -                        1326      0      2131      10471      0x80074e20             0x0      0x0      Firewall      28/06/2006 8:49:19 AM      10.57.40.13      8080      Unidentified IP Traffic      Closed Connection            10.56.40.11            Internal      Local Host      -      -
10.57.40.13                        PROXY2      -            TCP      -                        No            -                        15434      0      7527      14932      0x80074e20             0x0      0x0      Firewall      28/06/2006 8:49:19 AM      10.1.81.11      8080      Unidentified IP Traffic      Closed Connection            10.57.40.13            Local Host      External      -      -
10.57.40.13                        PROXY2      -            TCP      -                        No            -                        15428      0      18683      50606      0x80074e20             0x0      0x0      Firewall      28/06/2006 8:49:19 AM      10.1.81.11      8080      Unidentified IP Traffic      Closed Connection            10.57.40.13            Local Host      External      -      -
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      Yes      Proxy      PROXY2            10.1.81.11      TCP                  -      -            -      Blocked by the HTTP Security filter: URL contains an extension which is disallowed      -      -      -      0      1      4351      780            12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator.       0x0      0x880      Web Proxy Filter      28/06/2006 8:49:20 AM      10.57.40.13      8080      http      Denied Connection      Staff      10.56.40.11      ********************************      Internal      External      GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060617.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      No      Proxy      PROXY2            www.abc.net.au      TCP                  -      -            -            -      -      -      0      1      551      652            5       0x0      0x80      Web Proxy Filter      28/06/2006 8:49:20 AM      10.57.40.13      80      http      Failed Connection Attempt            10.56.40.11      anonymous                  GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060617.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      No      Proxy      PROXY2            www.abc.net.au      TCP                  -      -            -            -      -      -      0      16      4521      536            12209 The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied.       0x0      0x0      Web Proxy Filter      28/06/2006 8:49:20 AM      10.57.40.13      80      http      Denied Connection            10.56.40.11      anonymous                  GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060617.mp3
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16998604
No, its clean enough. Just cut & paste the output into notepad and turn off the wordwrap under the format tab.

You have a couple of things here.
1. You have set user groups to limit the access but the traffic is arriving at ISA as anonymous.
2. You are assigning the Internet explorer proxy to use port 8080 but ISA does not have port 8080 defined as a protocol so it shows as unidentified.
3. Are you using the ISA firewall client on your workstations?
4. Have you amended the content types in your rule(s)? This is generally the reason for the URL restriction (URL contains an extension which is disallowed)

Check this link out
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/httpfiltering.mspx

Also, be aware that the configure http optiondoes not appear on deny rules, only allow rules....
0
 

Author Comment

by:rshs
ID: 16998868
That document is the one I'm trying to follow. Hence, why i want to be able to 'configure HTTP'. As mentioned I don't have this available.
I got it - Under firewall policy -> protocols -> HTTP (edit)
HTTP properites - parameters - tick Web proxy filter under Application Filters.
I now have 'Configure HTTP'.
Your number 2 above can you give me any clues.
You have helped me and i will allocate the point to you Keith, though which comment I shoould accept i don't know as, singularly none are the answer, but collectively I have the solution.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 900 total points
ID: 17003911
Thats good of you; thanks. 16998604

Highlight the firewall policy on the left.
Open the right-hand window pane and select protocols
Just under where it says protocols, select new
call it web proxy
select outbound tcp port 8080 - 8080
save it and apply the policy

Regards
Keith
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses
Course of the Month12 days, 19 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question