Solved

MS ISA 2000, WebSense 5.5 and Proxy Bypass

Posted on 2007-04-11
10
1,613 Views
Last Modified: 2013-12-08
We currently use MS ISA 2000 for proxy and WebSense 5.5 for filtering. I would like to be able to explicitly list a number of websites which are not to use the proxy service e.g. eBay as it does not like the ISA authentication methods. I have read that within ISA 2000 their should be a HTTP Redirection Filter under the application filters section of extensions, however I cannot find it - under extensions their is only web filters and this contains WSISAFilter (Websense Filter) and Link Translator Filter.

Mike
0
Comment
Question by:Barnardos_2LS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
10 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 18888440
Hello Barnardos_2LS,

You can do this using group policy

Windows 2003 Creating and editing group policy

Group policies can be applied on a domain or an Organisational Unit, to apply a group policy in a 2003 domain environment, do the following.

On a domain controller open "Active directory Users and computers"

NOTE: As said above you can apply a GP to an OU in this instance we will deal with a domain GP, if you are concerned with a GP for an OU insert the "OU name" instead of the "Domain Name"

1. Locate the domain (top of the Tree) and right click it, then select "Properties"
2. Select the group policy Tab.
3. You will see the Default domain policy (and any other policies applied at this level)
4. You can create another domain policy by clicking "New" giving it a name and configuring it"
5. Ensure the default domain policy is highlighted and select "Edit" (unless you are working on another policy)
6. The Group policy object editor will open.
7. You can now edit the policy and close the editor when you are finished.
8. Back in the domain properties click "apply" and "OK"

Troubleshooting Group Policy in Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=B24BF2D5-0D7A-4FC5-A14D-E91D211C21B2&displaylang=en

Group Policy Infrastructure White Paper
http://www.microsoft.com/downloads/details.aspx?FamilyId=D26E88BC-D445-4E8F-AA4E-B9C27061F7CA&displaylang=en

LOOK HERE

user configuration >windows settings >internet explorer maintenance >connection >proxy settings > Enable Proxt settings

Type in the IP address of your Proxy / ISA Box and the port you use either 80 or 8080 or 8088 depending on how you are set up

Type the URLS (seperated by semi colons ;) that you want to BYPASS the proxy for eg

www.ebay.com;www.google.com etc




Regards,

PeteLong
0
 
LVL 1

Author Comment

by:Barnardos_2LS
ID: 18888467
Sorry maybe I did not explain properly. What I want to do is to continue to direct our users to the proxy server, but the proxy server to make the decision to bypass its web proxy service. I have read that within ISA 2000 their should be a HTTP Redirection Filter under the application filters section of extensions, however I cannot find it - under extensions their is only web filters and this contains WSISAFilter (Websense Filter) and Link Translator Filter.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 18888492
Oh sorry - thats how Used to do it with ISA and Websense - Im unsure if ISA 2000 is that clever :)
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 1

Author Comment

by:Barnardos_2LS
ID: 18888507
It should be - I just can't find the HTTP redirection filter! Not sure if once Websense is installed it has been removed.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 18888542
or it was introduced in ISA2004?
0
 
LVL 1

Author Comment

by:Barnardos_2LS
ID: 18888550
No it is available in ISA2000 (http://support.microsoft.com/kb/310129) however I am using Windows Server 2003.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18892430
You need to ensure you have ALL of the ISA2000 service packs/updates installed.
The location it 'should' be at is:
server/arrays - extensions - application filters. The http filter should then appear in the right-hand window.
0
 
LVL 1

Author Comment

by:Barnardos_2LS
ID: 18896203
Does the Microsoft Firewall need to be installed as I have just read somewhere that the http redirector filter relies on this?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 18900568
Think you may have it there. In the manual there is a a small comment.

"Note: In order for the the HTTP Redirector Filter to perform these actions, the ISA must be installed in Integrated mode." Reading through it constantly refers to the SecureNAT and firewall clients and suggests that these be also set to Web Proxy clients as well.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18904711
Thanks :)
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Read about how to approach blogging and about ways to do it right. Stand out from the crowd and let your knowledge be consumed by a large audience. This article aims to explain how your blog should look like,  the most important things to do while b…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question