Welcome to ISAserver.org

Some component denies access to website

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Some component denies access to website

Page: [1]

Message

<< Older Topic Newer Topic >>

Some component denies access to website - 25.Mar.2010 4:51:59 AM

Mekong River

Posts: 77
Joined: 9.Aug.2009
Status: offline

I have configure the rule properly for my client to access an internet. But when I view the log file, I found that some of the transaction were denies to access an internet. The user still access the website but i found some of component of the website is denies by ISA server.

Thank,
Mekong

Post #: 1

Featured Links*

RE: Some component denies access to website - 25.Mar.2010 3:29:11 PM

pwindell

Posts: 2228
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline

There will always be denies in the Log,...always,....Always. That is normal. If the user is "working",...leave it alone.

When authentication is requires there is always a Deniy followed by an Allow. Internet Explorer does not give the credentials on the first attempt,...therefore the ISA always denies the first attempt and then requests authentication from the browser,...the browser then gives the credentials and the connection is allow on the second attempt.

Below is a capture of the normal functioning process. The page content was removed to save space and the encrypted pack of the authentication was removed for the same reason. The GET requests and from the Browser,...the HTTP/1.1 parts are the responses from the proxy.

quote:

GET http://www.google.com/advanced_search?hl=en HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Ant.com Toolbar 1.6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; FDM; InfoPath.1; .NET CLR 3.0.04506.648; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.google.com
Cookie: PREF=ID=97776076c285414a:U=a4bbe4a689e89a69:TM=1265729490:LM=1265907996:S=vP3bHNvcU8J5GwC0; NID=32=pmuJXf0FVbzj2QXIqV6Mvv-M5Abqu7fzSW75zXe0jcfuy-ci4nhZXT-ARn5-P1DV_DO_OdzsJ4UpZ-8IuiAe76e1BgmJnEl3X0_RHRm7VUMeGjSa3l1yuId971oMNu00

HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )
Via: 1.1 PROXYHOSTNAME
Proxy-Authenticate: Negotiate
Proxy-Authenticate: Kerberos
Proxy-Authenticate: NTLM
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 4114
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Error Message</TITLE>
********page content remove the save space**************

GET http://www.google.com/advanced_search?hl=en HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Ant.com Toolbar 1.6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; FDM; InfoPath.1; .NET CLR 3.0.04506.648; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Cookie: PREF=ID=97776076c285414a:U=a4bbe4a689e89a69:TM=1265729490:LM=1265907996:S=vP3bHNvcU8J5GwC0; NID=32=pmuJXf0FVbzj2QXIqV6Mvv-M5Abqu7fzSW75zXe0jcfuy-ci4nhZXT-ARn5-P1DV_DO_OdzsJ4UpZ-8IuiAe76e1BgmJnEl3X0_RHRm7VUMeGjSa3l1yuId971oMNu00
Proxy-Authorization: Negotiate
******encoded stuff was here be removed to save space*****************
Host: www.google.com

HTTP/1.1 200 OK
Via: 1.0 .:8000 (squid), 1.0 PROXYHOSTNAME
Connection: close
Proxy-Connection: close
Expires: -1
Date: Thu, 25 Mar 2010 19:13:53 GMT
Content-Type: text/html; charset=UTF-8
Server: gws
Cache-Control: private, max-age=0
X-XSS-Protection: 0
X-Cache: MISS from .
********page content remove the save space**************