• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Error Code: 403 Forbidden. The server denied the specif... - 5.Aug.2005 4:30:00 AM   
laf1974

 

Posts: 5
Joined: 5.Aug.2005
Status: offline
Hi

I've create a web site with IIS 6.0 and I create a web publishing rule with ISA 2004 wizard.
I've implementate a w2k3 domain with a w2k3 domain controller, a w2k3 web server and a w2k3 web proxy/firewall with ISA 2004 standard edition.
When I contact my web site with a browser internet of a internal/external client I recive this error message

Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)

Can U help me?

Thanks

Best regardes
Post #: 1
RE: Error Code: 403 Forbidden. The server denied the sp... - 5.Aug.2005 7:15:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
What are the details of the Web Publishing rule?

Thanks!
Tom

(in reply to laf1974)
Post #: 2
RE: Error Code: 403 Forbidden. The server denied the sp... - 5.Aug.2005 7:23:00 AM   
laf1974

 

Posts: 5
Joined: 5.Aug.2005
Status: offline
Hi,

my External ip 82.xxx.xxx.xxx
my ISA internal is 10.0.0.254
my Web Server ip 10.0.0.1

I used the configuration wizard.
Action : enable
From : anyware
to : "computer Name"
Forward to origin...... Yes
Listerner: External and listed the external IP address, Listen to port 80
Path : as Default
Bridging: Redirect to port Http 80

(in reply to laf1974)
Post #: 3
RE: Error Code: 403 Forbidden. The server denied the sp... - 5.Aug.2005 9:10:00 AM   
isawader

 

Posts: 420
Joined: 27.Apr.2005
Status: offline
If I understand the description of your problem correctly, you are looping through the firewall! You should use a workstation outside the ISA 2004 firewall to test your web publishing rules!

Make sure you are accessing the webpage with its "public name" in the web publishing rule.

[ August 05, 2005, 09:11 AM: Message edited by: ISAwader ]

(in reply to laf1974)
Post #: 4
RE: Error Code: 403 Forbidden. The server denied the sp... - 5.Aug.2005 11:14:00 AM   
laf1974

 

Posts: 5
Joined: 5.Aug.2005
Status: offline
Hi,

I don't connect to web page from internal and external workstation of my ISA firewall.

(in reply to laf1974)
Post #: 5
RE: Error Code: 403 Forbidden. The server denied the sp... - 25.Aug.2005 10:31:00 PM   
Mauisoft

 

Posts: 4
Joined: 25.Aug.2005
From: San Pedro Sula
Status: offline
I have this very same problem, I have my ISS server on W2k3 and all internal clients can browse the website which resides on the /SulaExpress/* folder.

My ISA Server is 2k4 and I used the Web Publishing Wizard to "enable this website to be accesible from outside, acording to the error it looks like the problem is on authentication issue, I have check that the listener has No Authentication and that the IIS server has the same settings, I even checked the Security Tab for the Folder itself and it allows ANONYMOUS LOGON on it, but I still have the same error AS ON THIS TOPIC.

http://63.245.16.245/

Is there anything else I should consider??

I Have two NICs on my ISA Server, I posted the mail server using the wizard and it works fine.
My Network has two servers one with ISA 2k4 on a W2k3 PC, and the other is w2k3 on a PC that is on the internal network, it has my mail server,
IIS and Active Directory

Is there regular steps to publish a web server even after using the wizard?

Thanks!

(in reply to laf1974)
Post #: 6
RE: Error Code: 403 Forbidden. The server denied the sp... - 26.Aug.2005 2:38:00 AM   
Mauisoft

 

Posts: 4
Joined: 25.Aug.2005
From: San Pedro Sula
Status: offline
I forgot to mention that I only have this problem when I'm trying to access the website from an external client.

Thanks!

(in reply to laf1974)
Post #: 7
RE: Error Code: 403 Forbidden. The server denied the sp... - 26.Aug.2005 9:30:00 AM   
isawader

 

Posts: 420
Joined: 27.Apr.2005
Status: offline
What did you two type in for the "Public Name Details" wizard page when creating the web publishing rule?

(in reply to laf1974)
Post #: 8
RE: Error Code: 403 Forbidden. The server denied the sp... - 26.Aug.2005 6:52:00 PM   
Mauisoft

 

Posts: 4
Joined: 25.Aug.2005
From: San Pedro Sula
Status: offline
on that pane I typed the public name which I have already posted on my ISP has the public website, for example, www.sulaexpress.com and on my ISP this should be pointing to the external IP 63.245.16.245

(in reply to laf1974)
Post #: 9
RE: Error Code: 403 Forbidden. The server denied the sp... - 30.Aug.2005 4:21:00 PM   
jalcala

 

Posts: 32
Joined: 12.Aug.2005
Status: offline
I am curious to see how this is resolved too. I am running into the same issue when publishing an internal website thru ISA. I used the configuration example in the ISA Server 2004 book and can't get it to work.

As for the "public name details" I hav etried several different approaches. Currently I am just using the External IP because I do not have this in DNS yet (testing phase). Any input would be appreciated.

(in reply to laf1974)
Post #: 10
RE: Error Code: 403 Forbidden. The server denied the sp... - 30.Aug.2005 4:44:00 PM   
jalcala

 

Posts: 32
Joined: 12.Aug.2005
Status: offline
Well here is a follow up on this...I looked at my ISA log and the rule being applied is the "Default rule" which blocks all other traffic. However, it is the last rule in my list. The web publishing rule is the first. So for some reason the web publishing rule is being bypassed and the deny all rule is being applied. And by the way, yes the web publishing rule is enabled. I have triple checked that.

(in reply to laf1974)
Post #: 11
RE: Error Code: 403 Forbidden. The server denied the sp... - 31.Aug.2005 9:36:00 AM   
jalcala

 

Posts: 32
Joined: 12.Aug.2005
Status: offline
More details on configuration of web publishing rule:

Action - Allow
From - External
Exception - Internal
To - weblink (used both internal DNS name and internal IP)
Forward original host header - Tried both checking and unchecking this option
Request appear to come from - ISA
Traffic - HTTP
Listener - Details to follow
Link Translation - not checked
Schedule - 24x7
User - All
Bridging - Web Server
Redirec to port 80
Paths - /*
Public name - http://70.150.129.233/weblink, http://70.150.129.233/weblink7, 70.150.129.233/weblink7

Web Listener Details
Network - External (IP of 172.16.131.5)
Preferences - Enable http, port 80
Authentication - none specified
Advanced - unlimited connections
RSA - Cookies expire after specified time (15 min)

I am just stumped as to why this rule is being passed and the default rule of Deny is being applied.

Final note on this I am testing from my home PC (using RDP to home PC) and viewing log entries as they come into ISA.

[ August 31, 2005, 09:38 AM: Message edited by: jalcala ]

(in reply to laf1974)
Post #: 12
RE: Error Code: 403 Forbidden. The server denied the sp... - 31.Aug.2005 12:53:00 PM   
jalcala

 

Posts: 32
Joined: 12.Aug.2005
Status: offline
OK another update...after changing the public name to just the IP (dropped the /weblink part)I can now at least get passed the ISA server. In the log files I see th eweb publishing rule being applied and allowing the traffic to pass to the web server. However, now when I connect to web server I am getting a pop up box asking me to authenticate. Since ISA is passing the request to IIS looks like I may have some authentication issue with IIS.

(in reply to laf1974)
Post #: 13
RE: Error Code: 403 Forbidden. The server denied the sp... - 31.Aug.2005 1:48:00 PM   
jalcala

 

Posts: 32
Joined: 12.Aug.2005
Status: offline
OK, well after messing around with this somemore I finally got it working.

first thing I had to do was get it thru ISA, did that by chnaging the Public name to just the IP of the web server (left of the website name).

Once I got thru ISA I had to create an IUSER account to use for anonymous access to the website. Once that was done, all is good.

(in reply to laf1974)
Post #: 14
RE: Error Code: 403 Forbidden. The server denied the sp... - 1.Sep.2005 9:02:00 PM   
Mauisoft

 

Posts: 4
Joined: 25.Aug.2005
From: San Pedro Sula
Status: offline
Thanks jalcala for your updates! let my try and if you can send me more details on what you did my email is mauisoft@gmail.com

Thanks!

(in reply to laf1974)
Post #: 15
RE: Error Code: 403 Forbidden. The server denied the sp... - 2.Sep.2005 8:03:00 AM   
jalcala

 

Posts: 32
Joined: 12.Aug.2005
Status: offline
Mauricio,

Would be glad to help, just keep posting in here any issues you may have. This way we have a runnig track of what is taking place.

I can say from my experience the biggest issues I was having was getting the http request pasted ISA and then setting the permissions in IIS. One area that helped me out a lot was in the logging of ISA. I was able to see what rule was being applied and work from there.

(in reply to laf1974)
Post #: 16
RE: Error Code: 403 Forbidden. The server denied the sp... - 2.Sep.2005 11:04:00 AM   
Guest
Let me know what you guys think. I believe we're all having the same problem due to 1 little thing here. But quickly, heres my configuration (brief)...

2 domains located at 2 different places... Both having the same issue.

1 is for a client... 1 is mine, I have SBS2003 Premium with ISA2004 on both, local domain name for client is crockettmyers.local My security certificate is for server.crockettmyers.com.
mine locally is eondigital.local with a security cert for server.eondigitalsolutions.com.

(In SBS 2003 running the Server configuration wizard sets up everything from SBS2003 to ISA2004 for me automatically.) I'm trying to access remote web workplace from either...

**OKay now, the meat of the issue...

It seems we're all accessing name based websites by trying to use the IP address. Looks like with the configuration we all have, we will need to create an A name record on our domain names pointing to the IP address...

ie: server.crockettmyers.com A>> 157.141.25.119.

It seems ISA is denying the request because it's not able to verify that we're coming from the right source (so to speak) ISA is configured to only allow name based authentication. In the case of the previous user, I believe they got it to work by changing the name to the IP address. That way ISA didn't deny based on the fact that it wasn't a request for a specific name of a site, but rather allowed traffic based on the IP address.

***Please be careful with allowing sites to be pulled by IP, it makes them easier to get through security.

Just my thoughts on our little matter... what do you think? (Unfortunately I can't get the A name added because my host isn't returning my phone calls. I'm switching providers!)

(in reply to laf1974)
  Post #: 17
RE: Error Code: 403 Forbidden. The server denied the sp... - 2.Sep.2005 11:18:00 AM   
jalcala

 

Posts: 32
Joined: 12.Aug.2005
Status: offline
I used the IP becasue I am testing the web publishing rule. However, once I get the DNS record entered I should not have any problems as long as the DNS name is created on the Public Name page within ISA.

When trying to access your website<satch22> I get the following error message:

Technical Information (for support personnel)
Error Code 10060: Connection timeout
Background: The gateway could not receive a timely response from the website you are trying to access. This might indicate that the network is congested, or that the website is experiencing technical difficulties.
Date: 9/2/2005 3:24:31 PM
Server: Myserver name
Source: Firewall

Within ISA the log shows "Failled Connection Attempt"

[ September 02, 2005, 11:19 AM: Message edited by: jalcala ]

(in reply to laf1974)
Post #: 18
RE: Error Code: 403 Forbidden. The server denied the sp... - 21.Sep.2005 4:46:00 PM   
darkchild

 

Posts: 1
Joined: 21.Sep.2005
From: CA USA
Status: offline
Hi,

I have been fighting the same issue it seems. As a certified MS partner I have been working with MS support engineers and this problem has been giving us fits.

What I have found in my travels is that if you run a default setup after applying SP1 to SBS then you can get the DNS error. I had this problem for a while. I think this could have been fixed by simply adding an entry to DNS for "PUBLISHING" and point the record to the web server. The reason for this is that when you run the wizard to configure the internet connection and the fire wall an SSL certificate is created for both the server name and publishing. If all the rules look correct but the error you get is can not find the server of DNS error I think this will fix it.

I was able to fix this problem by re running the wizard and where it asks for the fully qualified server name ( my case server.domain.local) appeared as the default. By putting in www.domain.com (My server has a registered .com address) all my services then started working.

Hope this helps.

PS One of the engineers was able to make a rule by the IP address so i can see how changing the name to just the IP will get things working again.

(in reply to laf1974)
Post #: 19
RE: Error Code: 403 Forbidden. The server denied the sp... - 31.Jul.2006 10:10:56 AM   
shang

 

Posts: 10
Joined: 24.Dec.2004
Status: offline
Old thread but nevertheless I learnt to use monitor\query function here.

I kinda had the same problem.

Built split DNS, a web server, then publish the web server to 'external'
external client can browse the internal web server with no problem but internal client will cause
'proxy error 502', 'error 12202', 'ISA denied the URL'.
On monitor\logging\query show that the rule applied is 'last rule default-denied'

More, if internal client use netbios name(e.g. www) instead of full FQDN(e.g. www.microsoft.com) or
if web proxy client is disabled(LAN setting, untick 'use a proxy..') can access web server no problem.

Issue solve by add new firewall policy
protocols: HTTP
from: Internal, Localhost
to: Internal

test again using full FQDN, the browse request(both at internal and localhost) now succeed.
'monitor\logging\query' show rule used is the new 'internal-allow-internal' policy

Hope this is useful

(in reply to darkchild)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts