?
Solved

How to bypass local sites

Posted on 2009-02-11
13
Medium Priority
?
1,274 Views
Last Modified: 2012-05-06
Hi,

i m using ISA 2006, i want to bypass some internal URL for internal network.
i have already put the entries in bypass colum but still is not bypass.

suppose i want to bypass this address :- 192.168.0.57 to our all internal network .
beuase i m using some web service on this server.

rajesh
0
Comment
Question by:nesarmatrix
  • 7
  • 6
13 Comments
 
LVL 4

Expert Comment

by:jonhicks
ID: 23609893
Do you configure your browsers automatically using a wpad.dat file? If not, consider doing so.

If yes, add the following line to it.

if (isInNet(host,"192.168.0.57","255.255.255.255")) return "DIRECT";
0
 

Author Comment

by:nesarmatrix
ID: 23610025
Hi johnicks,
sorry i m not understand, pls describe with full details..
i m waiting
0
 
LVL 4

Accepted Solution

by:
jonhicks earned 1000 total points
ID: 23610103
If you check the box in your browser to "automatically detect proxy settings", the browser goes after "HTTP://wpad.yourlocaldomain.com/wpad.dat" and decides what to do depending on what you stick in the wpad.dat file.

I've attached an example wpad.dat below

Line by line it says;
If the url matches http://localhost*, go direct (i.e. don't use the proxy).
If the network address of the host is 10.1.1.2, go direct.
If your IP address is within the network 192.168.1.0/255.255.255.0, go to proxy server 192.168.1.20:8080.
If none of the above match, go direct.

Now, you have to stick this file on an HTTP server and you have to create a dns alias (cname record) called 'wpad.yourdomain.com' and point it at your HTTP server so that the browser can get to http://wpad/wpad.dat.

You then just configure all your browsers to detect settings automatically (either manually or via a group policy object).
function FindProxyForURL(url,host)
{
if (shExpMatch(url, "http://localhost*")) return "DIRECT";
if (isInNet(host,"10.1.1.2","255.255.255.255")) return "DIRECT";
if (isInNet(myIpAddress(), "192.168.1.0", "255.255.252.0")) return "PROXY 192.168.1.20:8080";
else
return DIRECT;
}

Open in new window

0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 

Author Comment

by:nesarmatrix
ID: 23610121
Hi johnicks,

this is the our internal link :-
and i want to by pass this URL in our network.

below mention error found in ISA monitoring.
12209 the isa server requires authorization to fulfill the request . Access to the web proxy filter is denied.

Pls check as sson as possible.
rajesh
0
 
LVL 4

Expert Comment

by:jonhicks
ID: 23610203
okay, what that means is your proxy is not allowing you to browse local IP addresses.

You can resolve this by allowing it, but you need to be aware that this will not bypass the proxy, it simply tells the isa firewall to allow it.

Your firewall policy will have a rule for web browsing. In the destination, you need to add internal networks.

See attached screenshot.
isa-screenshot.jpg
0
 

Author Comment

by:nesarmatrix
ID: 23610362
Hi johnicks ,
my local sites has been browsed, but one of my application has given error.

pls find the error.
ERROR.JPG
0
 
LVL 4

Expert Comment

by:jonhicks
ID: 23610425
Okay, looks to me like that applet is trying to use the proxy but the proxy wants to authenticate the user... but the app is not capable of doing this.

Can you paste a screenshot of your ISA rules for me?
0
 

Author Comment

by:nesarmatrix
ID: 23610727
ok pls find the settings.
screen2.JPG
screen1.JPG
0
 

Author Comment

by:nesarmatrix
ID: 23610919
Hi johnnicks,

is thr any solutions for the same.
0
 
LVL 4

Expert Comment

by:jonhicks
ID: 23610967
Ah right, okay. Can you also post your firewall policy?

Note you could remove "require all users to authenticate". This option can break certain sites that do not support user authentication. This box is not checked by default. MS recommend using Firewall rules to enforce user access instead.
0
 

Author Comment

by:nesarmatrix
ID: 23611080
pls find the firewall policy jpg file.

ok do that , but i want to configure authenticate pop up screen for all users.
is thr any options in ISA 2006.

rajesh
firewall-policy.JPG
0
 
LVL 4

Expert Comment

by:jonhicks
ID: 23611271
I can't really see much, but at least I get an idea of how you've setup your rules.
create a rule allowing HTTP access from Internal to 192.168.0.57. Make sure it says "All users". I'm guessing your other rules are restricted to certain user groups. Consider turning on integrated windows authentication (back in your network settings) and remove the check box I mentioned before.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have put this article together as i needed to get all the information that might be available already into one general document that could be referenced once without searching the Internet for the different pieces. I have had a few issues where…
The System Center Operations Manager 2012, known as SCOM, is a part of the Microsoft system center product that provides the user with infrastructure monitoring and application performance monitoring. SCOM monitors:   Windows or UNIX/LinuxNetwo…
Integration Management Part 2
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses
Course of the Month15 days, 14 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question