Solved

ISA 2004 - streaming video

Posted on 2006-07-15
12
473 Views
Last Modified: 2013-11-16
Hi All,
I've got an ISA rule that is intended to block stremaing media (audio and video).  It appears to work almost correctly.  When a user tries to launch a video on the web (in a web page for instance), the user is prompted for his/her authentication.  If they enter their username and password, it allows the video.  

Question:  How can I stop the video/audio from prompting for permission to play?

Thanks,
Terry
0
Comment
Question by:colepc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
12 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17117096
How are you blocking?
Right-click the allow rule and select configure http
Block the downloads from
0
 

Author Comment

by:colepc
ID: 17117276
Clue #1 has appeared...there is no option for 'configure http' on the rule I've created.  The selected protocols used on this rule include MMS, PNM, and RTSP.  I initially had HTTP in there as well (it was in the "Streaming Media" protocol group), but all http was blocked (not just video).  I removed http from it then and general web content was accessible again.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17125348
Are you operating in proxy mode only? ie only one NIC?
0
Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

 

Author Comment

by:colepc
ID: 17125526
Nope.  2 nics.  one outside one inside.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17125572
Oh, ok. Just reread your other post; you have removed http from the list of protocols.... lol
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17125728
So how have you set the rules?
Allow all outgoing except for these protocols?
Deny these protocols for all users?
0
 

Author Comment

by:colepc
ID: 17135549
My base question needs to change based on what I've observed today.  The behavior of the video feeds (and audio) prompting a user for credentials in order to see it is slightly off from what you are thinking of (in this case anyway).  Check this out...

I've observed that on the terminal server (where all users will access the internet...completely RDP network), if the user is a member of the local Administrators group (for the TS box), the behvior is different for the video feed.  The text of the credentials dialog is different when the user is an Administrator (again, local to the TS) than when the users is just an "internet user" on the SBS (or Domain User). To illustrate better than a description, check these 2 pictures, one of each dialog box:


As Administrator on the TS:  http://www.colepc.com/As_administrator_image.gif

Not as the administrator on the TS:  http://www.colepc.com/not_as_administrator_image.gif

The other thing that's come to light, is that the login shown in the 2nd image is a nuisance; that is, it pesters the snot out of the "non local admin" user whenever they attempt to browse the internet.  If the user visits a blocked page (due to an ISA rule, say "www.match.com", for example), they are prompted with the same login screen. Providing valid credentials does not satisfy the login...it returns incessantly.  I didn't realize this behaviour was happening as I've been logged into the TS for testing as a Domain Admin (including membership as a local Admin on the TS).  I finally saw it from a user's point of view which leads me to here.

I've tried to isolate this behavior to possibly other less priviledged local users on the TS, but the appropriate behaviour only occurs when the user is an admin.  Of course, this is bad news for other local security on the actual TS box!

Does that ring any bells?

Thanks,
Terry
0
 

Author Comment

by:colepc
ID: 17168242
Here's the answer...

The problem was not with ISA permissions, but rather the redirect page I had entered whenever a "deny" rule was encountered.   Although I put the "custom_denied.htm" page in \inetpub\wwwroot, the parent folder's permissions were not inherited by the page resulting in only allowing Administrators to view the page.

Manually inheriting permissions on the redirect page(s) solved the issue.

Duh.



0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17170116
Is this a duplicate question to this one or did the one answer fit both questions?
http://www.experts-exchange.com/Security/Firewalls/Q_21926953.html#17168873

Nice one Terry.

0
 
LVL 1

Accepted Solution

by:
GhostMod earned 0 total points
ID: 17206105
Closed, 500 points refunded.

GhostMod
Community Support Moderator
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
firewall management operations 1 114
Sonicwall Email los and Alerts 1 66
IP Phones with SonicWall 6 84
Security Geteway Sonicwall 7 117
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question