Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SNAT Clients and HTTP Headers

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> SecureNAT Client >> SNAT Clients and HTTP Headers Page: [1]
Login
Message << Older Topic   Newer Topic >>
SNAT Clients and HTTP Headers - 13.Sep.2006 4:53:37 PM   
selsworthy

 

Posts: 14
Joined: 13.Mar.2003
From: Truro, Cornwall, UK
Status: offline 		Hi....This is really an update to a previous post of mine but i thought i'd start a new thread as i have a lot more detail on the problem and would appreciate any help with this...

Issue is when redirecting SNAT client requests to an upstream proxy some websites do not work. It appears to be to do with how ISA modifies the HTTP headers on the way through and that some websites do not respond or deny access when the GET portion of the header contains IP address and not hostname. Example below using www.abbey.com which is one of the sites we have problems with:

HTTP Header originally sent by SNAT client 
Hypertext Transfer Protocol
   GET / HTTP/1.1\r\n
       Request Method: GET
       Request URI: /
       Request Version: HTTP/1.1
   Via: 1.1 MEM-ISA-CEN-098\r\n
   If-None-Match: "4541bdf4-0101000e"\r\n
   User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\r\n
   Host: www.abbey.com\r\n
   If-Modified-Since: Sat, 02 Sep 2006 00:00:00 GMT\r\n
   Accept: */*\r\n
   Accept-Language: en-gb\r\n
   Connection: Keep-Alive\r\n
   \r\n

HTTP header which sent when ISA redirects request to upstream proxy
Hypertext Transfer Protocol
   GET http://195.43.51.12/ HTTP/1.1\r\n
       Request Method: GET
       Request URI: http://195.43.51.12/
        Request Version: HTTP/1.1
   Via: 1.1 MEM-ISA-CEN-098\r\n
   If-None-Match: "4541bdf4-0101000e"\r\n
   User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\r\n
   Host: www.abbey.com\r\n
   If-Modified-Since: Sat, 02 Sep 2006 00:00:00 GMT\r\n
   Accept: */*\r\n
   Accept-Language: en-gb\r\n
   Proxy-Connection: Keep-Alive\r\n
   \r\n

This request is denied by the website and i think its because the site doesn't accept GET requests with IP address (should be URL). A successful redirect to the upstream proxy is as below (but this was originally from a web proxy client)

Hypertext Transfer Protocol
   GET http://www.abbey.com/ HTTP/1.1\r\n
       Request Method: GET
       Request URI: http://www.abbey.com/
       Request Version: HTTP/1.1
   Via: 1.0 MEM-ISA-CEN-098\r\n
   If-None-Match: "4541bdf4-0101000e"\r\n
   User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\r\n
   Host: www.abbey.com\r\n
   If-Modified-Since: Sat, 02 Sep 2006 00:00:00 GMT\r\n
   Accept: */*\r\n
   Accept-Language: en-gb\r\n
   Pragma: no-cache\r\n
   Proxy-Connection: Keep-Alive\r\n
   \r\n

Question is is there any way of getting ISA to use the URL in the GET command when it redirects requests instead of the IP address??

Any advice/help would be gratefully recieved as this ones starting to make my head hurt!!
Post #: 1
RE: SNAT Clients and HTTP Headers - 19.Sep.2006 10:27:14 AM   
selsworthy

 

Posts: 14
Joined: 13.Mar.2003
From: Truro, Cornwall, UK
Status: offline 		Has anyone got any ideas on this? Tom - ur advice would be really helpful - even if its to say that ISA will not send the URL in requests sent by SNAT clients. Will the behaviour be the same in ISA2006?

(in reply to selsworthy)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> SecureNAT Client >> SNAT Clients and HTTP Headers Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts