[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1533
  • Last Modified:

Web content types / mime type filter problem

I have Isa server 2004
used just for web access
content types filtering is set for "selected content types" in the access rule properties
i selected all the default content types "applications.........,vrml"
every thing gos ok but
when i try to open any site need username and password a get amessage
"Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). '
i think i have to add another mime content type butu what i need to add in this situation??????????
users cannot access mail.yahoo.com or login to hotmail boxes
i need your suggestions plz..
0
MODR100
Asked:
MODR100
  • 7
  • 4
  • 2
  • +1
1 Solution
 
bbaoIT ConsultantCommented:
it sounds that the mentioned sites need SSL. are you sure you have enabled outgoing HTTPS traffic (both URL based and TCP based)?
0
 
MODR100Author Commented:
i opened th "All outbound traffic" and the problem continues
if i allow " All content types" the problem disapeer / i dont naeed this
if i allow " the selected content list" cannot access yahoomail or hotmail
i think the problem is in the content type mime because any site need user name and password denied by the isa 2004 server
0
 
Keith AlabasterCommented:
Make swure you have installed service pack 3 for ISA2004.
Open the ISA gui, select monitoring - logging - click on start query to start the realtime log.

Make the connection attempt and watch for the denied messages when you visit whatever sigte it is you are trying.
Stop the query.

Hightlight one of the denied message lines.
Open the bottom section of the log screen and then clicl on the + symbol to droill down and see what the http headers are that were blocked.

Keith
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
MODR100Author Commented:
i have sp3 installed
i started logging and get this
------------------------------------------------------
Log type: Firewall service
Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.
Destination: Local Host ( *.*.*.*:8080)
Protocol: HTTP Proxy
•      Number of bytes sent: 427 Number of bytes received: 1081
•      Processing time: 0ms Original Client IP: *.*.*.*
0
 
MODR100Author Commented:
this message appear in log
12202 The ISA Server denied the specified Uniform Resource Locator (URL).

whan itry to access yahoo login it starts handshaking but doesnt comlete that
and access denied
0
 
bbaoIT ConsultantCommented:
i think you can also get the blocked URL from the ISA log. can you please let us know that?
0
 
MODR100Author Commented:
i allowed every thing
this result from the log:
Log type: Web Proxy (Forward)
Status: 12202 The ISA Server denied the specified Uniform Resource Locator (URL).
Rule: Default rule
Source: Internal
Destination: External
Request: login.yahoo.com:443
Filter information: Req ID: 05bc0b0f; Req ID: 05bc0b0f
Protocol: SSL-tunnel
User: anonymous
•      Client agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
•      Object source: Internet Processing time: 0
•      Cache info: 0x0 MIME type:
0
 
Keith AlabasterCommented:
No, you haven't allowed everything.

When something is blocked bty the default rule, it means that the request did nit meet the conditions set in any of the higher rules.

Where are you running the request from, an internal client or the ISA itself?
What authentication have you placed on the outbound rule? All users? Authenticated users? An Ad group?
Note that the request that was sent was named as anonymous so this would only work using the all users authentication unless you have the ISA firewall client installede.
0
 
MODR100Author Commented:
Dear i opened all protocols but filter at the contents type
to test i enabled all default content types
all allowed users allowed to to internet without authentication
firewall client also installed on an internal pc for test
i can access any site that dont need auth
i cannot login to yahoo or hotmail????????????
0
 
Keith AlabasterCommented:
Please post a copy of the log output from the log screen so I can see what is being returned.
0
 
MODR100Author Commented:
i have one web acces rule and i enabled content filtering
can i enable content filtering on a rule that enable http and https?????
when delete the old rule and make new two rules
one for http with content filter
and another rule for https without content filtering it works ok
the question
can i enable content filter on a rul that allow http and https?????????????
0
 
MODR100Author Commented:
this is the output
dest.ip   dest.port   protocol      action      rule    client ip   client uname    url
proxyIP-443            ssl-tunnel    denied   default   -     anonymous  login.yahoo.com
0
 
Keith AlabasterCommented:
It is best to make seperate rules for each when you are filtering by content types.

Content filtering works for the rule that the filter is applied to only.
For example, if you gad four http rules and you applied a conternt filter on rule 2, this would not be applied to rules 1, 3 & 4 - only rule 2.
Filter rules must appear before allow all content-type rules.

I have tried it here - I also get an error when trying to go to https://login.yahoo.com. The error is a type 995 (the application requested that the connection be dropped). I get a failed message in my isa log rather than a denied message.

0.0.0.0      Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 1.1.4322)      Yes      Proxy            login.yahoo.com      TCP                  Internet      -      -            -      Req ID: 0ace7beb; Compression: client=No, server=No, compress rate=0% decompress rate=0%      -      -      -      25/11/2007 12:37:35      0      0      8090      680      0x0      0x8            25/11/2007 12:37:35      192.168.0.67      217.12.8.76      443      SSL-tunnel      Failed Connection Attempt      Allow Outbound All protocols            995 The I/O operation has been aborted because of either a thread exit or an application request.       anonymous      Internal      External      login.yahoo.com:443      HOST1      Web Proxy Filter
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 7
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now