Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Allow SSL threw proxy?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Allow SSL threw proxy? - 15.Apr.2008 1:23:34 PM
|
|
|
jmair
Posts: 14
Joined: 15.Mar.2007
Status: offline
|
I have my ISA set up for students on campus as a proxy server and web filter. When a student logs in, AD assigns a proxy (port 8080) to the student.
The problem I'm having is that some students are trying to submit college information, the site is using SSL to transfer the info and ISA blocks the send part of the site.
Where do I go, or how can I allow SSL (port 443) threw the ISA server. Any information would be greatful.
Thanks
|
|
|
|
|
RE: Allow SSL threw proxy? - 15.Apr.2008 4:30:56 PM
|
|
|
pwindell
Posts: 782
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
have my ISA set up for students on campus as a proxy server and web filter. When a student logs in, AD assigns a proxy (port 8080) to the student.
You mean you are pushing proxy settings to the user's browser via GPO? That's not a very good idea,..too inflexable,...but yes it works. That port 8080 has nothing to do with what the user is doing with some website. ISA listens for Web Proxy Client "requests" on port 8080. When a URL is requested the browser does nothing more than relay the request to the proxy on port 8080,...the proxy answers the request and sends it back to the user's browser. The user never "goes" anywhere,..the user never "leaves their seat" figuratively speaking. The proxy goes to the Internet for them and brings back what they asked for and gives it to them.
The problem I'm having is that some students are trying to submit college information, the site is using SSL to transfer the info and ISA blocks the send part of the site.
Where do I go, or how can I allow SSL (port 443) threw the ISA server. Any information would be greatful.
Just add HTTPS to the Access Rule that you are already using to allow them HTTP.
_____________________________
Phillip Windell
www.wandtv.com
|
|
|
|
|
RE: Allow SSL threw proxy? - 15.Apr.2008 4:53:16 PM
|
|
|
jmair
Posts: 14
Joined: 15.Mar.2007
Status: offline
|
Ahh excelent Thank you! I think that will do the trick. I was trying to do it as an exception under an already established rule.
I know my current setup with proxy with AD isn't perfect, but the students can't change the proxy setting and we have staff and students sharing the same machines. Students need to be managed, Staff doesn't. With the right OU's it's a very easy thing to manage and maintain. (especially at the end and beggining of the year when the staff and student turn over is very high.) I haven't had any problems getting AD and ISA to work together, it's been a dream. But if you have a better solution or an example as to why it's too inflexable, I'm all ears. I'm not one to turn away a good suggestion from another.
|
|
|
|
|
RE: Allow SSL threw proxy? - 15.Apr.2008 5:44:48 PM
|
|
|
pwindell
Posts: 782
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
I know my current setup with proxy with AD isn't perfect, but the students can't change the proxy setting and we have staff and students sharing the same machines. Students need to be managed, Staff doesn't. With the right OU's it's a very easy thing to manage and maintain. (especially at the end and beggining of the year when the staff and student turn over is very high.) I haven't had any problems getting AD and ISA to work together, it's been a dream. But if you have a better solution or an example as to why it's too inflexable, I'm all ears. I'm not one to turn away a good suggestion from another.
Try a mixture.
Configure the LAN for Automatic Proxy detection using WPAD. 90% of this is done at the DNS and DHCP Server, not the proxy or the clients. There are a few things to do on ISA.
Then use the GPO to push the "proxy settings" that amounts to nothing more than enabling the first two checkboxes in the browser concerning the auto-detection and leaving the rest blank. The users still won't be able to change the proxy settings and you will get the flexability of the proxy autodection.
You can push the Firewall Client out to machines via GPO as well and it will also take advantage of the autodetection.
When a proxy is not detected the Client will attempt to run without a proxy,...as long as the LAN does not provide an "alternate means" of getting to the Internet, the user will not be able to leave the LAN until the reason for the autodetection failure is solved (like the user messing with the machine where they shouldn't).
_____________________________
Phillip Windell
www.wandtv.com
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
