Solved

MS ISA 2000, WebSense 5.5 and Proxy Bypass

Posted on 2007-04-11
10
1,595 Views
Last Modified: 2013-12-08
We currently use MS ISA 2000 for proxy and WebSense 5.5 for filtering. I would like to be able to explicitly list a number of websites which are not to use the proxy service e.g. eBay as it does not like the ISA authentication methods. I have read that within ISA 2000 their should be a HTTP Redirection Filter under the application filters section of extensions, however I cannot find it - under extensions their is only web filters and this contains WSISAFilter (Websense Filter) and Link Translator Filter.

Mike
0
Comment
Question by:Barnardos_2LS
  • 4
  • 3
  • 3
10 Comments
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
Hello Barnardos_2LS,

You can do this using group policy

Windows 2003 Creating and editing group policy

Group policies can be applied on a domain or an Organisational Unit, to apply a group policy in a 2003 domain environment, do the following.

On a domain controller open "Active directory Users and computers"

NOTE: As said above you can apply a GP to an OU in this instance we will deal with a domain GP, if you are concerned with a GP for an OU insert the "OU name" instead of the "Domain Name"

1. Locate the domain (top of the Tree) and right click it, then select "Properties"
2. Select the group policy Tab.
3. You will see the Default domain policy (and any other policies applied at this level)
4. You can create another domain policy by clicking "New" giving it a name and configuring it"
5. Ensure the default domain policy is highlighted and select "Edit" (unless you are working on another policy)
6. The Group policy object editor will open.
7. You can now edit the policy and close the editor when you are finished.
8. Back in the domain properties click "apply" and "OK"

Troubleshooting Group Policy in Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=B24BF2D5-0D7A-4FC5-A14D-E91D211C21B2&displaylang=en

Group Policy Infrastructure White Paper
http://www.microsoft.com/downloads/details.aspx?FamilyId=D26E88BC-D445-4E8F-AA4E-B9C27061F7CA&displaylang=en

LOOK HERE

user configuration >windows settings >internet explorer maintenance >connection >proxy settings > Enable Proxt settings

Type in the IP address of your Proxy / ISA Box and the port you use either 80 or 8080 or 8088 depending on how you are set up

Type the URLS (seperated by semi colons ;) that you want to BYPASS the proxy for eg

www.ebay.com;www.google.com etc




Regards,

PeteLong
0
 
LVL 1

Author Comment

by:Barnardos_2LS
Comment Utility
Sorry maybe I did not explain properly. What I want to do is to continue to direct our users to the proxy server, but the proxy server to make the decision to bypass its web proxy service. I have read that within ISA 2000 their should be a HTTP Redirection Filter under the application filters section of extensions, however I cannot find it - under extensions their is only web filters and this contains WSISAFilter (Websense Filter) and Link Translator Filter.
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
Oh sorry - thats how Used to do it with ISA and Websense - Im unsure if ISA 2000 is that clever :)
0
 
LVL 1

Author Comment

by:Barnardos_2LS
Comment Utility
It should be - I just can't find the HTTP redirection filter! Not sure if once Websense is installed it has been removed.
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
or it was introduced in ISA2004?
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Author Comment

by:Barnardos_2LS
Comment Utility
No it is available in ISA2000 (http://support.microsoft.com/kb/310129) however I am using Windows Server 2003.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
You need to ensure you have ALL of the ISA2000 service packs/updates installed.
The location it 'should' be at is:
server/arrays - extensions - application filters. The http filter should then appear in the right-hand window.
0
 
LVL 1

Author Comment

by:Barnardos_2LS
Comment Utility
Does the Microsoft Firewall need to be installed as I have just read somewhere that the http redirector filter relies on this?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
Comment Utility
Think you may have it there. In the manual there is a a small comment.

"Note: In order for the the HTTP Redirector Filter to perform these actions, the ISA must be installed in Integrated mode." Reading through it constantly refers to the SecureNAT and firewall clients and suggests that these be also set to Web Proxy clients as well.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Thanks :)
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Internet is a big network which is formed by connecting multiple small networks.It is a platform for all the users which are connected to it.Internet act as platform in different fields. Such as: Internet  as a collaboration platform. Internet  as…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now