ISA 2006

Have 2 ISA 2006 servers on Server 2003 doing NLB for https proxy access to web resources inside our network for users outside the network. Problem we have found is someone is heavily using our servers in what appears to be as an anonymous proxy from the outside, to upload large amounts of data to a site called something like How do you prevent someone from doing something like this and allow only use to access the resources we have set it up for?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

That is impossible.
ISA does not provide a Web Proxying Service to External,...only Internal.
So what is going on is one of two things:

1. What you think is happening just simply is not really happening at all and you are misinterpreting what you are seeing

2. If something like that is really happeing then it is because of some other flaw soemwhere else in your Networking Design and is not the fault of the ISA itself.
Ok, this is a Single Nic "Hork Mode",...web-caching-only arrangment.  Well at least in my opnion this is a waste of time configuration and the ability should be removed from the product,...but unfortuneately the ability is still in the product.

But anyway, sounds like you gave Access by using an Access Rule instead of a Web Publishing Rule.  Since a Single-Nic mode does not have a true "External" everything is Internal-to-Internal,...hence an Access Rule that was anonymous would allow anyone to bounce of the ISA and go Anywhere and there is not much you could do about it with a Rule like that.

If you are going to use an Access Rule for anything then you need to do one of two things:

1. Stop using an Anonymous Rule and authenticate the users against AD

2. Limit the "FROM" to an Address Set that matches you internal LAN and remove "Internal" from the FROM Tab in the Access Rule.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
skrog1Author Commented:
So far, looking into # 2, looks like that is definately an issue and seeing what we can do with #1.

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Roshan MohammedCloud Engineering OfficerCommented:
For a start, put a deny rule, above the proxy rules, and the deny rule to deny the site, whilst u work on resolving the actual issue. this will prevent users from uploading/downloading stuff from the site!
skrog1Author Commented:
We changed the rule, invoked authentication, and in the network firewall blocked all but the needed services. We see normal traffic only now. Thanks pwindell for getting us down the right track.
You're welcome,..glad it all worked out.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.