Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
HTTPS : 502 Proxy Errors
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
HTTPS : 502 Proxy Errors - 17.Sep.2004 6:18:00 PM
|
|
|
ngerch
Posts: 4
Joined: 16.Sep.2004
Status: offline
|
New ISA install, single NIC used as web proxy only.
I have an access rule defined to allow HTTP, HTTPS, and FTP to a created URL set (external sites-eg. http://*bankname.com/* and https://*bankname.com/*). The strange thing is that ANY https page that I try to hit gives me the below message - even though that https page/site is defined in my allowed URL set.
Error page that displays-->
Network Access Message: The page cannot be displayed
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
IP Address: 10.2.7.20
Date: 9/17/2004 4:06:18 PM
Server: servername
Source: proxy
also in the web proxy log I get Denied Connection errors on port 443 protocol: SSL-Tunnel and it is being denied by the default rule, unless I am mistaken default HTTPS uses 443 and I allow that traffic through in one of my previous rules. I'm stumped, I am certainly forgetting something on the config side and I can't seem to figure it out.
|
|
|
|
|
RE: HTTPS : 502 Proxy Errors - 19.Sep.2004 9:29:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi N,
Don't include a path for your SSL sites. The ISA firewall isn't aware of the path after the initial CONNECT message. So, you can enable or block the SSL site, but not particular paths for SSL connections. If you include a path, the ISA firewall can't eval the path, so it takes the more secure approach and blocks the entire site.
HTH,
Tom
|
|
|
|
|
RE: HTTPS : 502 Proxy Errors - 20.Sep.2004 4:20:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi N,
What is the EXACT configuration of the access rule denying the requests?
Thanks!
Tom
|
|
|
|
|
RE: HTTPS : 502 Proxy Errors - 20.Sep.2004 8:34:00 PM
|
|
|
ngerch
Posts: 4
Joined: 16.Sep.2004
Status: offline
|
The rule that drops the SSL traffic is the "Last Default Rule" (Deny, All Traffic, All Networks, All Networks, All Users). The rule that allows HTTP traffic works OK.
Its like the HTTPS traffic isn't even being recognized by previous rules.
Below is a snipit from the log (the http connections are accepted by my allow rule but somehow HTTPS requests are not.):
Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) No Proxy USLOUISA01 onlinebanking.nationalcity.com TCP - - - - - - 0 1 1121 248 12209 0x0 0x0 Web Proxy Filter 9/20/2004 9:36:18 AM 10.2.7.20 443 SSL-tunnel Denied Connection 10.2.11.10 anonymous CONNECT
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) No Proxy USLOUISA01 onlinebanking.nationalcity.com TCP - - - - - - 0 1 571 352 5 0x0 0x0 Web Proxy Filter 9/20/2004 9:36:18 AM 10.2.7.20 443 SSL-tunnel Failed Connection Attempt 10.2.11.10 anonymous CONNECT
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Yes Proxy USLOUISA01 onlinebanking.nationalcity.com TCP Internet - - - - - - 0 0 924 0 12202 0x0 0x80 Web Proxy Filter 9/20/2004 9:36:18 AM 10.2.7.20 443 SSL-tunnel Denied Connection Default rule 10.2.11.10 CORP\NGerch Internal External onlinebanking.nationalcity.com:443
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Yes Proxy USLOUISA01 onlinebanking.nationalcity.com TCP Internet - - - - - - 0 0 924 0 12202 0x0 0x80 Web Proxy Filter 9/20/2004 9:36:18 AM 10.2.7.20 443 SSL-tunnel Denied Connection Default rule 10.2.11.10 CORP\NGerch Internal External onlinebanking.nationalcity.com:443
|
|
|
|
|
RE: HTTPS : 502 Proxy Errors - 21.Sep.2004 3:22:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi N,
OK, this indicates that there isn't a rule allowing it, or you have limitations on SSL sites that include path statements. Make sure you don't block SSL sites by using paths -- use only FQDNS and IP addresses.
HTH,
Tom
|
|
|
|
RE: HTTPS : 502 Proxy Errors - 21.Sep.2004 4:54:00 PM
|
|
|
ngerch
Posts: 4
Joined: 16.Sep.2004
Status: offline
|
Seems that URL sets won't work, has to be domain name sets. kinda broadens the scope a little bit, but certainly workable. Thank you for you time and efforts! this website has been a HUGE help.
|
|
|
|
|
RE: HTTPS : 502 Proxy Errors - 23.Sep.2004 4:18:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi N,
No problem! Good to hear you got it working and thanks for the follow up!
Tom
|
|
|
|
RE: HTTPS : 502 Proxy Errors - 27.Oct.2004 7:12:00 PM
|
|
|
artjc
Posts: 1
Joined: 27.Oct.2004
Status: offline
|
Does the access to https sites works in your environment?
tx in advanced
Best Regards
|
|
|
|
|
RE: HTTPS : 502 Proxy Errors - 23.Jun.2005 10:37:00 AM
|
|
|
danielboone18
Posts: 5
Joined: 23.Jun.2005
From: Raleigh, NC
Status: offline
|
Help- I am getting the same message but from the outside coming in. I have set up a Web Publishing rule to redirect requests for mail.hosts.com to and Internal Server to the path mail.hosts.com /exchange. I have a server 2003 Exchange box with IIS hosting I just want all reuests to be redirected from the DMZ ISA box to my Internal server. Thanks
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Confused]](/image/smiles/confused.gif)
