• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Publishing the Incoming Web Requests Listener article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Publishing the Incoming Web Requests Listener article Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Publishing the Incoming Web Requests Listener article - 5.Nov.2002 6:58:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Questions and replies to the Publishing the Incoming Web Requests listener article go here.

Thanks!

[ November 05, 2002, 07:06 AM: Message edited by: tshinder ]
Post #: 1
RE: Publishing the Incoming Web Requests Listener article - 12.Nov.2002 1:54:00 AM   
haintjong

 

Posts: 2
Joined: 12.Nov.2002
From: UK
Status: offline
Hi Tshinder
I am very new to ISA configuration and this article answers most of my queries and probably save me a lot of sleepless nights in next few weeks

I recently configured a new DMZ with ISA to allow users to access out intranet pages via GPRS. The web publishing rule works fine and user now want to have internet access using the same infrastructure.

My issue is - the exisitng internet enable proxy for our internal client is not the same ISA server. Is it possible to configure the ISA server as you mention in the arctile to pass on the web request to another proxy server instead?

Regards

HainTjong

(in reply to tshinder)
Post #: 2
RE: Publishing the Incoming Web Requests Listener article - 12.Nov.2002 6:50:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi HainTjong,

I'm not sure exactly what it is you want to accomplish, but I suppose you could configure Web Proxy chaining with an upstream ISA Server, so that requests go from one to another.

HTH,
Tom

(in reply to tshinder)
Post #: 3
RE: Publishing the Incoming Web Requests Listener article - 22.Nov.2002 1:05:00 AM   
haintjong

 

Posts: 2
Joined: 12.Nov.2002
From: UK
Status: offline
Hi Tshinder

Thanks for the reply. I am still having few problems with the configuration. But first, let me just clarify our configuration first.

I have a ISA server configured with single extneral IP address to allows our offsite users to access our internal web pages via web publishing rules. I want to enable the internet access to these users but would like to redirect their internet requests to another proxy server which has good internet connectivity. Is this possible ? The reasons behind this is really down to the follows
* Costs - Want to utilize the existing internet connection than install another connection
* Security / Censorship - The other server already setup to minitoring our internal users internet access and block any potential web sites.

You mentioned that I could configure the Web Proxy chaining with an upstream ISA Server, so that requests go from one to another. Could you explain this in more details ?

PS I ordered your book via Amazon but still not arrive yet. I would be grateful if you can help me out on this.

HTH
HainTjong

(in reply to tshinder)
Post #: 4
RE: Publishing the Incoming Web Requests Listener article - 25.Nov.2002 9:04:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi HainTjong,

I think the best solution is a VPN for what you're trying to accomplish.

HTH,
Tom

(in reply to tshinder)
Post #: 5
RE: Publishing the Incoming Web Requests Listener article - 28.Feb.2003 2:27:00 AM   
ryanlamb

 

Posts: 9
Joined: 28.Feb.2003
Status: offline
I have set up my isa server as you stated and also only allow specific ip address to use the server. This works great for those people on known IP address. My question: Is there a way that I can have users on not known IP addresses authenticate to use the server? I know if I choose "require unauthenticated users to authenticate" all users must authenticate before before they can browse but I woulld only those without a known IP to need to authenticate.

Thanks.

(in reply to tshinder)
Post #: 6
RE: Publishing the Incoming Web Requests Listener article - 28.Feb.2003 5:33:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Ryan,

The option is authentication, becuase its far too easy to spoof IP addresses. When running a public proxy, you can't be too safe!

HTH,
Tom

(in reply to tshinder)
Post #: 7
RE: Publishing the Incoming Web Requests Listener article - 28.Feb.2003 8:28:00 PM   
ryanlamb

 

Posts: 9
Joined: 28.Feb.2003
Status: offline
Is there a way to do both IP addresses without authentication AND authentication for those on non-listed IP address?

OR

If I use only authentication is there a "easy" way so the users don't have to enter the username and password each time they open the browser?

Thanks,

[ February 28, 2003, 08:35 PM: Message edited by: Ryan Lamberton ]

(in reply to tshinder)
Post #: 8
RE: Publishing the Incoming Web Requests Listener article - 28.Feb.2003 9:14:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Ryan,

Perhaps, but ISA Serve is a security device, so I've never tried to reduce the level of security it provides [Wink]

I'll put this on my list of issues to research.

Thanks!
Tom

(in reply to tshinder)
Post #: 9
RE: Publishing the Incoming Web Requests Listener article - 1.Mar.2003 8:00:00 PM   
ryanlamb

 

Posts: 9
Joined: 28.Feb.2003
Status: offline
Another question /problem. Everything is setup and working well most of the time. About once or twice a day our users can't browse (and me as well). I stop the firewall and start it again and everything is working again. Any Ideas?
I have this setup on 2 diferent windows 2000 adv. servers and the both have the same problem.

Thanks.

Ryan

[ March 01, 2003, 08:03 PM: Message edited by: Ryan Lamberton ]

(in reply to tshinder)
Post #: 10
RE: Publishing the Incoming Web Requests Listener article - 23.Mar.2003 7:05:00 AM   
ryanlamb

 

Posts: 9
Joined: 28.Feb.2003
Status: offline
Ok, no answer one that one. How about this. I have the ISA server setup as you said and with no SMTP server installed and I am getting complants that someone is sending spam from my ISA server. The log reads:

Offending message:
X-Message-Info: yOfSAGsvVmXvO7ZRyvQQAkyTmTNMFYWm
Received: from mc7-f12.law1.hotmail.com ([65.54.253.19]) by
mc7-s16.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
Sat, 22 Mar 2003 16:43:31 -0800
Received: from mailin-02.mx.aol.com ([XXX.XXX.36.217]) by
mc7-f12.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
Sat, 22 Mar 2003 16:43:31 -0800

Where my IP is the one with the X's

What could be causing this?

Ryan

(in reply to tshinder)
Post #: 11
RE: Publishing the Incoming Web Requests Listener article - 23.Mar.2003 6:57:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Ryan,

Did you configure your SMTP service to not relay? But default, the IIS 5 SMTP service doesn't allow relay from non-authenticated hosts.

HTH<
Tom

(in reply to tshinder)
Post #: 12
RE: Publishing the Incoming Web Requests Listener article - 24.Mar.2003 12:15:00 AM   
ryanlamb

 

Posts: 9
Joined: 28.Feb.2003
Status: offline
There is no smtp service on the computer. I have found in the logs that someone is logging in to the proxy that is not in the allowed IP address list (client address set used by the incoming web request listener in server publishing rules). I have it set it up to only allow users with specific IP addresses. This works for me and if my ip address is not in the list I cannot use the proxy. Yet I can see his IP address in the firewall log with allow after it. How can they get through the firewall? I also added a IP packet filter to block port 25 in both directions but that has not helped.

This is the log entry (if it helps):
10.0.1.105- - N 2003-03-23 20:17:52 fwsr FAMILINK-PROXY - - 66.207.212.111 2006 - - - 2320 TCP Accept - - - 0 - incoming web request listener - 2 1

I have tryed everything I can think of to block the 66.207.212.111 address even creating a protocol rule to deny all IP traaffic that applies to that client set. Yet is is still in the log as accept! Am I missing something?

Thanks for all your help.

Ryan

(in reply to tshinder)
Post #: 13
RE: Publishing the Incoming Web Requests Listener article - 24.Mar.2003 4:06:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Ryan,

I'm not sure what the Incoming Web Requests listener has to do with SMTP?

Thanks!
Tom

(in reply to tshinder)
Post #: 14
RE: Publishing the Incoming Web Requests Listener article - 24.Mar.2003 7:58:00 PM   
ryanlamb

 

Posts: 9
Joined: 28.Feb.2003
Status: offline
I think I got it. Thanks, I have an error! [Mad] [Mad] [Mad] [Eek!] [Mad] [Mad] [Mad]

[ March 24, 2003, 10:46 PM: Message edited by: Ryan Lamberton ]

(in reply to tshinder)
Post #: 15
RE: Publishing the Incoming Web Requests Listener article - 17.Oct.2003 5:53:00 PM   
Guest
Hi tshinder i followed your 'allowing external connections to use the ISA proxy' but when a user authenticates they are able to browse and when they load up a new browser window they don't get asked to re authenticate.

I understand that this of benifit to the users to save them from having to re authenticate every time they open a new browser but i would like to set it so they do have to re authenticate.

The only part of your article i didn't complete was to disable the W3SVC service. How exactly does disabling this service help, and is this the reason for it not asking to re authenticate?

Regards
Edward

(in reply to tshinder)
  Post #: 16
RE: Publishing the Incoming Web Requests Listener article - 3.Mar.2005 4:10:00 PM   
NikoraM

 

Posts: 2
Joined: 16.Nov.2004
Status: offline
What about ISA 2004? How can I do this with ISA 2004? Thanks

(in reply to tshinder)
Post #: 17
RE: Publishing the Incoming Web Requests Listener article - 1.Jun.2005 4:18:00 PM   
Guest
Thanks for the great articles on this subject!

I have a need to allow external connections to use the web proxy on ISA 2004. We have field users who sometimes cannot connect to the VPN - mostly from public WiFi spots (hotels and such).

Can you please explain this process in ISA 2004? I have done it on 2000 but 2004 is quite different.

Thanks!
Hackz

(in reply to tshinder)
  Post #: 18
RE: Publishing the Incoming Web Requests Listener article - 5.Aug.2005 5:38:00 PM   
Guest
Yes, please can you also give me some help setting this up for ISA 2004, it's driving me mad [Frown]

(in reply to tshinder)
  Post #: 19
RE: Publishing the Incoming Web Requests Listener article - 13.Mar.2006 9:13:14 AM   
dfaa

 

Posts: 1
Joined: 14.Aug.2002
From: Stavanger
Status: offline
Hi have anyone got this solution to work on Isa2004 SP2 , i really need this when i have multiple users out in the field who i want to go through my isa with antivirus /antispyware ...

If anyone have this solution working please help me out here

(in reply to Guest)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Publishing the Incoming Web Requests Listener article Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts