Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
403 FOrbidden when accessing an internal web site
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
403 FOrbidden when accessing an internal web site - 4.Jan.2006 3:32:33 AM
|
|
|
Edward
Posts: 33
Joined: 14.Dec.2005
Status: offline
|
Hi All,
Can you help me confirm if this is a normal behavior?
It’s a SBS Server with ISA 2004 installed. There is an internal website hosted on the SBS Server itself (not published by the ISA). IIS is listening on the internal IP address using the host head “companyweb”. The “companyweb” can be resolved to the internal IP address of the ISA firewall by the internal DNS Server. The "Require all users to authenticate" option is checked on the ISA.
From an internal XP client, we perform the following test (FWC is not installed):
1. Enable web proxy, uncheck the “Bypass proxy server for local addresses” option in IE.
We can access http://companyweb without problem.
2. Enable web proxy; check the “Bypass proxy server for local addresses” option in IE.
We receive an error indicating that “Error Code: 403 Forbidden. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)”
3. Disable web proxy in IE.
Receive the same error in item 2.
Does the error mean that the request is dropped by the ISA’s Web Proxy engine? If so, why will the ISA Web Proxy engine handle the request? Since the URL doesn’t contain a period, it should be regarded as an internal host, am I right?
I have an additional question:
On Networks->Internal->Web Browser, if I tick the “Bypass proxy for Web servers in this network” option, how will the XP client do the DNS resolution when accessing http://companyweb? Will it do the resolution by itself or will it be done by the ISA’s Web Proxy engine? If it’s performed by the ISA Web Proxy engine, will the HTTP request looped back through the ISA firewall to access the IIS site behind the same network interface?
(If we disable the "Require all users to authenticate" option, all the above tests will work fine. But the customer is not willing to un-tick the option.)
Thanks in advance and Happy new year!
Best Regards,
Edward Tian
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
