Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

FTP client throug ISA via webproxy (error 502 ssl)

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Cache] >> Web Proxy client >> FTP client throug ISA via webproxy (error 502 ssl) Page: [1]
Login
Message << Older Topic   Newer Topic >>
FTP client throug ISA via webproxy (error 502 ssl) - 27.Apr.2006 8:47:07 AM   
daniilkireev

 

Posts: 12
Joined: 10.Aug.2004
From: Moscow, Russia
Status: offline 		Recently I tried to access an external FTP server from my network through ISA 2004 (SP2) via webproxy client (HTTP Connect method) and got an error:

HTTP/1.1 502 Proxy Error (The specified Secure Sockets Layer (SSL) port is not allowed. ISA server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests.)

This I searched the Net and found nothing on this. At Rebex.net there was a FAQ with a glue:

quote:

Q: I get an exception "Error 502 returned by a HTTP proxy (...)" when connecting through Microsoft ISA Server using HttpConnect proxy. Why?


A: The whole exception message is probably:

"Error 502 returned by a HTTP proxy (Proxy Error (The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests.))."

This is caused by the default behavior of Microsoft ISA server, which only allows requests to ports 443 and 563 using its HTTP Connect method. (Primary use of HTTP Connect is to allow SSL connections to HTTPS servers).

The Microsoft Knowledge Base article Q283284 addresses this issue.

To access FTP sites through ISA server's HTTP proxy, access to all ports must be allowed. FTP's control connection port is 21 by default, but data connections can use virtually any port, because it is assigned by the FTP server. (Although allowing port 21 and ports >1024 should be enough, there might be exceptions.)

To allow connections to all ports through the HTTP proxy, following VB script must be run on the ISA server: 
set isa=CreateObject("FPC.Root")
set arraypolicy=isa.Arrays.GetContainingArray.ArrayPolicy
set tprange=arraypolicy.WebProxy.TunnelPortRanges
set tmp=tprange.AddRange("FTP", 1, 65535)
tprange.Save
After the script is run and "Microsoft ISA Server Control" service is restarted, it should work.


I slightly changed the script as it didn’t run properly (an error saying “the object doesn’t support this property or method”):
Dim root
Dim tpRanges
Dim newRange
Set root = CreateObject("FPC.Root")
Set tpRanges = root.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges
set newRange = tpRanges.AddRange("FTP", 1, 65535)
tpRanges.Save
Then I ran the script, restarted ISA Server machine and everything worked OK. Now I’m able to get to FTP sites using any FTP client that supports Webproxy (HTTP Connect). Hope it would help somebody.

P.S. Don’t know how safe it is to allow all ports for FTP through webproxy?
Post #: 1
RE: FTP client throug ISA via webproxy (error 502 ssl) - 5.May2006 11:32:02 AM   
nhtvn

 

Posts: 5
Joined: 22.Mar.2006
Status: offline 		Hi DaniiKireev,
Thank for your useful information, can i ask you some thing? I've made a script file (ISA.vbs) and run it on the ISA 2004 server but I don't know what does the script edit on ISA server? and i just run the vbs file for 1 time, the second time it notices an error  "cannot create a file when that file already exists", so please tell me how to delete the file created and run the script more. Thanks alot.
NHT

(in reply to daniilkireev)
Post #: 2
RE: FTP client throug ISA via webproxy (error 502 ssl) - 5.May2006 12:45:25 PM   
daniilkireev

 

Posts: 12
Joined: 10.Aug.2004
From: Moscow, Russia
Status: offline 		IMHO, This script does something that you cannot know exactly, because it uses ISA's own API (maybe adds something to registry). And yes it cannot be run twice, the second time you run it an error appears (I don't know whether or not any files are created by this script).

To remove the changes the script does I would suggest running another script, something like this:

quote:

Dim root
Dim tpRanges
Dim removeRange
Set root = CreateObject("FPC.Root")
Set tpRanges = root.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges
set removeRange = tpRanges.Remove("FTP")
tpRanges.Save True


Hope that would help.

(in reply to nhtvn)
Post #: 3
RE: FTP client throug ISA via webproxy (error 502 ssl) - 5.May2006 3:17:29 PM   
LLigetfa

 

Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline 		Why script when www.ISATools.org has a nice GUI TPRe.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to daniilkireev)
Post #: 4
RE: FTP client throug ISA via webproxy (error 502 ssl) - 5.May2006 4:03:46 PM   
daniilkireev

 

Posts: 12
Joined: 10.Aug.2004
From: Moscow, Russia
Status: offline 		LLigetfa,
 
Where were you a few days ago?!! 8-)

(in reply to LLigetfa)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Cache] >> Web Proxy client >> FTP client throug ISA via webproxy (error 502 ssl) Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts