Solved

HTTP filter

Posted on 2006-06-22
11
2,475 Views
Last Modified: 2011-09-20
I have Win2k server and ISA2004. In my firewall policy rules I would like to configure HTTP. However none of my rules have this as an option. I do have 'configure ftp' and 'configure RPC protocol'. The server has a single NIC
How do I install this?
0
Comment
Question by:rshs
  • 6
  • 5
11 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
The configure HTTP rule is not active if you have ISA installed as a cache only device as I recall. As you only have the one interface, you cannot operate effectively in a firewall condition.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Actually, I stand corrected as I have just amended one of my own servers to test this as it sounded 'off'.

What rule are you highlighting? If the rule does not include http protocol either implicitly (ie all protocols) or explicitly (http protocol) then the option will not appear.
0
 

Author Comment

by:rshs
Comment Utility
Thanks Keith
If I install a second NIC, can I then activate HTTP? Also, the ISA2004 server is plugged into a Cisco switch whihc handles relay/gateway issues so that all clients have to use ISA as a proxy server. The situation I have is a school site and i would like staff to access podcasts, but not the students.
Apparently I need to control this thru' 'configure HTTP'. Currently neither can get podcasts. I do have separate rules for staff and students.
0
 

Author Comment

by:rshs
Comment Utility
Keith
The staff have 'all protocols' and the students have have http and https only.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
can you confirm the actions?

Open the GUI,
Select configuration - monitoring
Click on start query
When you try and make the access to a podcast, what do you see in the log?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:rshs
Comment Utility
Keith
The access does appear in the query. It seems that the rule is STAFF that is blocking podcasts but i can't find how or why given that the STAFF rule have access to all protocols.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Doesn't work that way. 'All protocols' to ISA means all protocols that it knows about  ie All protocols that are defined in its protocol list; not all protocols regardless of what they are. What exactly is the message you see in the deny lines?
0
 

Author Comment

by:rshs
Comment Utility
Below is the text from the query. its pretty messy.
                        PROXY2      -            TCP      -                        Yes            -                        1215      2000      4130      106264      0x80074e20             0x0      0x0      Firewall      28/06/2006 8:49:15 AM      10.57.40.13      8080      Unidentified IP Traffic      Closed Connection            10.57.41.139            Internal      Local Host      -      -
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      Yes      Proxy      PROXY2            10.1.81.11      TCP                  -      -            -      Blocked by the HTTP Security filter: URL contains an extension which is disallowed      -      -      -      0      1      4351      638            12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator.       0x4      0x880      Web Proxy Filter      28/06/2006 8:49:16 AM      10.57.40.13      8080      http      Denied Connection      Staff      10.56.40.11      ********************************      Internal      External      GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      No      Proxy      PROXY2            www.abc.net.au      TCP                  -      -            -            -      -      -      0      15      551      509            5       0x0      0x80      Web Proxy Filter      28/06/2006 8:49:16 AM      10.57.40.13      80      http      Failed Connection Attempt            10.56.40.11      anonymous                  GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      No      Proxy      PROXY2            www.abc.net.au      TCP                  -      -            -            -      -      -      0      1      4521      393            12209 The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied.       0x0      0x0      Web Proxy Filter      28/06/2006 8:49:16 AM      10.57.40.13      80      http      Denied Connection            10.56.40.11      anonymous                  GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      Yes      Proxy      PROXY2            10.1.81.11      TCP                  -      -            -      Blocked by the HTTP Security filter: URL contains an extension which is disallowed      -      -      -      0      1      4351      638            12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator.       0x4      0x880      Web Proxy Filter      28/06/2006 8:49:16 AM      10.57.40.13      8080      http      Denied Connection      Staff      10.56.40.11      ********************************      Internal      External      GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      No      Proxy      PROXY2            www.abc.net.au      TCP                  -      -            -            -      -      -      0      16      551      509            5       0x0      0x80      Web Proxy Filter      28/06/2006 8:49:16 AM      10.57.40.13      80      http      Failed Connection Attempt            10.56.40.11      anonymous                  GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      No      Proxy      PROXY2            www.abc.net.au      TCP                  -      -            -            -      -      -      0      1      4521      393            12209 The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied.       0x0      0x0      Web Proxy Filter      28/06/2006 8:49:16 AM      10.57.40.13      80      http      Denied Connection            10.56.40.11      anonymous                  GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      Yes      Proxy      PROXY2            10.1.81.11      TCP                  -      -            -      Blocked by the HTTP Security filter: URL contains an extension which is disallowed      -      -      -      0      1      4351      638            12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator.       0x4      0x880      Web Proxy Filter      28/06/2006 8:49:17 AM      10.57.40.13      8080      http      Denied Connection      Staff      10.56.40.11      ********************************      Internal      External      GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      No      Proxy      PROXY2            www.abc.net.au      TCP                  -      -            -            -      -      -      0      16      551      509            5       0x0      0x80      Web Proxy Filter      28/06/2006 8:49:17 AM      10.57.40.13      80      http      Failed Connection Attempt            10.56.40.11      anonymous                  GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      No      Proxy      PROXY2            www.abc.net.au      TCP                  -      -            -            -      -      -      0      1      4521      393            12209 The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied.       0x0      0x0      Web Proxy Filter      28/06/2006 8:49:17 AM      10.57.40.13      80      http      Denied Connection            10.56.40.11      anonymous                  GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060624.mp3
10.56.40.11                        PROXY2      -            TCP      -                        Yes            -                        1325      0      2091      10471      0x80074e20             0x0      0x0      Firewall      28/06/2006 8:49:17 AM      10.57.40.13      8080      Unidentified IP Traffic      Closed Connection            10.56.40.11            Internal      Local Host      -      -
10.56.40.11                        PROXY2      -            TCP      -                        Yes            -                        1325      0      0      0      0x0             0x0      0x0      Firewall      28/06/2006 8:49:17 AM      10.57.40.13      8080      Unidentified IP Traffic      Initiated Connection            10.56.40.11            Internal      Local Host      -      -
10.56.40.11                        PROXY2      -            TCP      -                        Yes            -                        1324      0      2211      10471      0x80074e20             0x0      0x0      Firewall      28/06/2006 8:49:17 AM      10.57.40.13      8080      Unidentified IP Traffic      Closed Connection            10.56.40.11            Internal      Local Host      -      -
10.56.40.11                        PROXY2      -            TCP      -                        Yes            -                        1324      0      0      0      0x0             0x0      0x0      Firewall      28/06/2006 8:49:17 AM      10.57.40.13      8080      Unidentified IP Traffic      Initiated Connection            10.56.40.11            Internal      Local Host      -      -
10.56.40.11                        PROXY2      -            TCP      -                        Yes            -                        1326      0      0      0      0x0             0x0      0x0      Firewall      28/06/2006 8:49:19 AM      10.57.40.13      8080      Unidentified IP Traffic      Initiated Connection            10.56.40.11            Internal      Local Host      -      -
10.56.40.11                        PROXY2      -            TCP      -                        Yes            -                        1326      0      2131      10471      0x80074e20             0x0      0x0      Firewall      28/06/2006 8:49:19 AM      10.57.40.13      8080      Unidentified IP Traffic      Closed Connection            10.56.40.11            Internal      Local Host      -      -
10.57.40.13                        PROXY2      -            TCP      -                        No            -                        15434      0      7527      14932      0x80074e20             0x0      0x0      Firewall      28/06/2006 8:49:19 AM      10.1.81.11      8080      Unidentified IP Traffic      Closed Connection            10.57.40.13            Local Host      External      -      -
10.57.40.13                        PROXY2      -            TCP      -                        No            -                        15428      0      18683      50606      0x80074e20             0x0      0x0      Firewall      28/06/2006 8:49:19 AM      10.1.81.11      8080      Unidentified IP Traffic      Closed Connection            10.57.40.13            Local Host      External      -      -
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      Yes      Proxy      PROXY2            10.1.81.11      TCP                  -      -            -      Blocked by the HTTP Security filter: URL contains an extension which is disallowed      -      -      -      0      1      4351      780            12217 The request was rejected by the HTTP filter. Contact your ISA Server administrator.       0x0      0x880      Web Proxy Filter      28/06/2006 8:49:20 AM      10.57.40.13      8080      http      Denied Connection      Staff      10.56.40.11      ********************************      Internal      External      GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060617.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      No      Proxy      PROXY2            www.abc.net.au      TCP                  -      -            -            -      -      -      0      1      551      652            5       0x0      0x80      Web Proxy Filter      28/06/2006 8:49:20 AM      10.57.40.13      80      http      Failed Connection Attempt            10.56.40.11      anonymous                  GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060617.mp3
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)      No      Proxy      PROXY2            www.abc.net.au      TCP                  -      -            -            -      -      -      0      16      4521      536            12209 The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied.       0x0      0x0      Web Proxy Filter      28/06/2006 8:49:20 AM      10.57.40.13      80      http      Denied Connection            10.56.40.11      anonymous                  GET      http://www.abc.net.au/rn/podcast/feeds/lin_20060617.mp3
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
No, its clean enough. Just cut & paste the output into notepad and turn off the wordwrap under the format tab.

You have a couple of things here.
1. You have set user groups to limit the access but the traffic is arriving at ISA as anonymous.
2. You are assigning the Internet explorer proxy to use port 8080 but ISA does not have port 8080 defined as a protocol so it shows as unidentified.
3. Are you using the ISA firewall client on your workstations?
4. Have you amended the content types in your rule(s)? This is generally the reason for the URL restriction (URL contains an extension which is disallowed)

Check this link out
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/httpfiltering.mspx

Also, be aware that the configure http optiondoes not appear on deny rules, only allow rules....
0
 

Author Comment

by:rshs
Comment Utility
That document is the one I'm trying to follow. Hence, why i want to be able to 'configure HTTP'. As mentioned I don't have this available.
I got it - Under firewall policy -> protocols -> HTTP (edit)
HTTP properites - parameters - tick Web proxy filter under Application Filters.
I now have 'Configure HTTP'.
Your number 2 above can you give me any clues.
You have helped me and i will allocate the point to you Keith, though which comment I shoould accept i don't know as, singularly none are the answer, but collectively I have the solution.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 300 total points
Comment Utility
Thats good of you; thanks. 16998604

Highlight the firewall policy on the left.
Open the right-hand window pane and select protocols
Just under where it says protocols, select new
call it web proxy
select outbound tcp port 8080 - 8080
save it and apply the policy

Regards
Keith
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now