Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Caching Anonymous Requests
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Caching Anonymous Requests - 6.Sep.2004 5:25:00 PM
|
|
|
JayG
Posts: 16
Joined: 24.Feb.2004
Status: offline
|
I'm having problems with a Java plug-in running on an internal website. When the plug-in is called, the user logged by the ISA server as initiating the request is 'anonymous'. We are using integrated authentication, with 'Ask unauthenticated users for identification' selected on the properties of the internal network; this causes the plug-in connection to be rejected.
Is there any way around this - is it possible to configure the ISA server to bypass caching for this website only. Unfortunatley, we cannot bypass caching for all local addresses as other websites are available on the LAN.
|
|
|
|
|
RE: Caching Anonymous Requests - 6.Sep.2004 10:55:00 PM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Jay,
First, NEVER enable the "ask unauthenticated users to authenticate". It causes far too many problems.
You can create an anonymous access rule and allow it to be applied to that site, and then place that rule on the top of the list.
Or, configure the clients as Firewall and/or SecureNAT clients and configure the site for Direct Access.
HTH,
Tom
|
|
|
|
|
RE: Caching Anonymous Requests - 7.Sep.2004 12:58:00 PM
|
|
|
JayG
Posts: 16
Joined: 24.Feb.2004
Status: offline
|
Thanks for that Tom - it's working now. I added a URL set containing the relevant website URLs, then created a user-defined protocol for the port the Java plug-in works over, and finally added an access rule containing these elements.
The only problem now is that all web requests from all users are being logged with a username of 'anonymous' - how can I force ISA to log the correct username?
|
|
|
|
|
RE: Caching Anonymous Requests - 7.Sep.2004 3:06:00 PM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Jay,
They should only be anonymous if the rule is for anonymous access for that site only. You can fix the problem completely by using the Firewall client. That's why I *always* recommend making maching both Firewall and Web Proxy clients.
HTH,
Tom
|
|
|
|
|
RE: Caching Anonymous Requests - 8.Sep.2004 1:24:00 PM
|
|
|
JayG
Posts: 16
Joined: 24.Feb.2004
Status: offline
|
I've managed to get this to work without installing the Firewall Client (for a whole bunch of reasons it will not be deployed on our network) - here's how:
The URL accessed for the Java plug-in is:
http://<servername>:8011/<pathtoplug-in>
While this appears to be a connection over port 8011, ISA logs show that the connection is port 8011 over HTTP, so...
1) Created a URL set containing a single URL of http://<servername>*
2) Added an access rule to the top of the firewall policy allowing a source of any, destination of the URL set, protocol of HTTP & user set of All Users
3) Updated the access rule below that which allows for general web access so the user set is Authenticated Users
4) Unticked 'Ask unauthenticated users for identification' in the properties of the internal network
The effect is that anonymous connections to the plug-in URLs are allowed, and all other web requests are still logged with the correct username.
|
|
|
|
|
RE: Caching Anonymous Requests - 8.Sep.2004 3:10:00 PM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Jay,
Great! That'll do it. So it looks like an auth problem and not the dreaded bad Java coding problem so Direct Access wasn't required.
Good to hear you got it working and thanks for the follow up!
Tom
|
|
|
|
|
RE: Caching Anonymous Requests - 28.Oct.2004 11:39:00 AM
|
|
|
seeds
Posts: 16
Joined: 18.May2004
Status: offline
|
I have the exact same problem and your fix has worked for me on my 2004 box but I also need to implement the fix on my 2000 box but am having difficulty.
Here is what I have done :
Already have a protocol rule in place to allow HTTP for a particular W2K group.
Created a destination set for the URL
Created a Site and Content Rule to allow HTTP from Any Request to the Destination Set.
Any ideas what I'm doing wrong as it doesn't work??
Thanks,
P.S. I know this isn't the 2000 forum but I wanted to keep in line with this thread.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
