Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
"Directly Access" question
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
"Directly Access" question - 10.Mar.2008 8:07:21 PM
|
|
|
sbaldridge
Posts: 15
Joined: 2.May2004
Status: offline
|
I'm having a problem here... frustrating.
Using ISA 2006 Std, pretty basic config: one nic to internet, one internally, ISA is a domain member. I have enabled WPAD discovery through DNS and forced "Automatically detect configuration settings" through group policy, I exclude certain sites from being proxied by opening the Internal network object>Web Browser>"Directly access these servers or domains". Users have no problem using the proxy with this setup.
I have one site that is listed in the "directly access ..." list, let's call it *.trouble.com. I have included it as:
"*.trouble.com"
"www.trouble.com"
If I look at logging I see *most* traffic to www.trouble.com is not proxied but some http requests are being proxied. This particular site is using Citrix Metaframe over https so it is very sensitive to a timeout.
Question: why would some traffic to www.trouble.com be proxied when it is specifically excluded by my configuration (above)??
Thanks!!
Scott
|
|
|
|
|
RE: "Directly Access" question - 11.Mar.2008 2:10:44 PM
|
|
|
Kirill
Posts: 205
Joined: 26.Sep.2001
Status: offline
|
Hi Scott,
Try using just "*trouble.com" instead of 2 definitions.
_____________________________
Regards,
Kirill
Corporate SAP Basis Administrator/Chief IT Security Officer, MSc, MCSE.
|
|
|
|
|
RE: "Directly Access" question - 11.Mar.2008 4:09:37 PM
|
|
|
sbaldridge
Posts: 15
Joined: 2.May2004
Status: offline
|
Wouldn't that also filter similar domains like*.bigtrouble.com?
|
|
|
|
|
RE: "Directly Access" question - 11.Mar.2008 4:16:05 PM
|
|
|
sbaldridge
Posts: 15
Joined: 2.May2004
Status: offline
|
Anyway I think I have it worked out. This problem exists in ISA2004SP2, I'm really surprised it's not corrected by now in the 2006 version.
From this document:
http://technet.microsoft.com/en-us/library/bb794774.aspx
- Web Browser. Specify browser settings to be configured for Web Proxy clients in the network. <snip> Note the following when you specify destinations for direct access in the Directly access these servers or domains list:
- You should specify both the IP address and the fully qualified domain name (FQDN) of the destination, or the FQDN only. If there is an IP range in the list, the automatic configuration script determines whether the resolved name of the IP address is included in the list. If it is, the script determines whether the destination is internal before submitting the request.
After I followed the step of excluding the domain I added the host's IP addresses to the "Directly Access.." as well. The problem went away after adding the IPs. Apparently this problem only occurs if there IP addresses in the "Directly Access" list.
Scott
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
