Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Web proxy publishing for external IP addresses

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Web proxy publishing for external IP addresses Page: [1]
Login
Message << Older Topic   Newer Topic >>
Web proxy publishing for external IP addresses - 1.Nov.2002 9:21:00 AM   
Ustas

 

Posts: 8
Joined: 15.Jul.2002
Status: offline 		Hello, All!
It is necessary, that tools Web Proxy was accessible with external IP
addresses.
I have created:
1) protocol definition for inbound TCP packets from a port 8080.
2) publishing rules for created protocol definition from the external ISA
interface on internal ISA interface.
But the browser does not open page, shows an error "Specified URL denied by ISA Server".
In WEBproxy log query from 127.0.0.1 address are written.
Post #: 1
RE: Web proxy publishing for external IP addresses - 1.Nov.2002 7:24:00 PM   
tshinder

 

Posts: 47669
Joined: 10.Jan.2001
From: Texas
Status: online 		Hi Yaroslav,

What are you trying to accomplish?

Thanks!
Tom

(in reply to Ustas)
Post #: 2
RE: Web proxy publishing for external IP addresses - 2.Nov.2002 7:59:00 AM   
Ustas

 

Posts: 8
Joined: 15.Jul.2002
Status: offline 		It is necessary to publish Web Proxy Service. That on clients which is on the side of the external interface of the server, could use proxy of the ISA the server in the browser.

(in reply to Ustas)
Post #: 3
RE: Web proxy publishing for external IP addresses - 2.Nov.2002 4:17:00 PM   
Fuego

 

Posts: 4
Joined: 31.Oct.2002
Status: offline 		I suspect that means he wants to offer ISA server web proxy services to browser clients on the public Internet.

It also sounds like he wants them to access the proxy via port 8080, which suggests that these clients may be behind a firewall, which blocks port 80 outgoing.

I presume that he will also want to restrict access to this proxy, via IP, to avoid an "open proxy".

(in reply to Ustas)
Post #: 4
RE: Web proxy publishing for external IP addresses - 2.Nov.2002 5:13:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Yaroslav,

it is possible to publish the outgoing web proxy listener. I've done it once as an experiment, but I don't know if this could be entitled as a secure solution.

This are the configuration steps:

1) create a protocol definition for TCP port 8080 inbound.

2) server publish the outgoing web proxy listener and use the above protocol definition as mapped server protocol.

3) if you know the IP address ranges who are allowed to use this resource, you can create a client address set and use it in the server publishing rule.

HTH,
Stefaan

(in reply to Ustas)
Post #: 5
RE: Web proxy publishing for external IP addresses - 4.Nov.2002 8:34:00 AM   
Ustas

 

Posts: 8
Joined: 15.Jul.2002
Status: offline 		Hello Fuego and Spouseele!

2Fuego. Yes, all is true.

2Spouseele. I have made all, as you have written. But when I try to open page in a browser, the browser writes:

HTTP 502 Proxy Error - The ISA Server denies the specified Uniform Resource Locator (URL). (12202)
Internet Security and Acceleration Server

And string in the WEB Proxy log:

c-ip cs-username cs-agent
127.0.0.1 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705)
s-operation cs-uri sc-status
GET http://www.ural.org/ 12202

P.S. In Site and Content rules everyone have access to all content.

(in reply to Ustas)
Post #: 6
RE: Web proxy publishing for external IP addresses - 4.Nov.2002 6:58:00 PM   
tshinder

 

Posts: 47669
Joined: 10.Jan.2001
From: Texas
Status: online 		Could be a problem with Windows 2003.

HTH,
Tom

(in reply to Ustas)
Post #: 7
RE: Web proxy publishing for external IP addresses - 4.Nov.2002 10:47:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Yaroslav,

I have just redone the test of server publishing the outgoing web proxy listener and it worked as expected. I have used a open protocol and site&content rule and verified that in the firewall and web proxy log the requests where accepted. Here is an excerpt of the firewall and proxy log:
code:
Firewall log
------------
10.0.129.1, -, -, N, 11/4/2002, 22:34:42, fwsrv, ISA, -, -, 217.136.92.194, 1983, -, 0, 0, 8080, TCP, Accept, -, -, -, 0, 0, -, -, 2, 45
10.0.129.1, -, -, N, 11/4/2002, 22:34:42, fwsrv, ISA, -, -, 217.136.92.194, 1984, -, 0, 0, 8080, TCP, Accept, -, -, -, 0, 0, -, -, 2, 45
10.0.129.1, -, -, N, 11/4/2002, 22:34:42, fwsrv, ISA, -, -, 217.136.92.194, 1985, -, 0, 0, 8080, TCP, Accept, -, -, -, 0, 0, -, -, 2, 45
10.0.129.1, -, -, N, 11/4/2002, 22:34:42, fwsrv, ISA, -, -, 217.136.92.194, 1986, -, 0, 0, 8080, TCP, Accept, -, -, -, 0, 0, -, -, 2, 45
10.0.129.1, -, -, N, 11/4/2002, 22:34:42, fwsrv, ISA, -, -, 217.136.92.194, 1987, 16, 0, 0, 8080, TCP, Accept, -, -, -, 0, 0, -, -, 2, 45
10.0.129.1, -, -, N, 11/4/2002, 22:35:41, fwsrv, ISA, -, -, 217.136.92.194, 1984, 58687, 0, 0, 8080, TCP, Accept, -, -, -, 20000, 0, -, -, 2, 45
10.0.129.1, -, -, N, 11/4/2002, 22:35:41, fwsrv, ISA, -, -, 217.136.92.194, 1987, 58828, 0, 0, 8080, TCP, Accept, -, -, -, 20000, 0, -, -, 2, 45
10.0.129.1, -, -, N, 11/4/2002, 22:35:41, fwsrv, ISA, -, -, 217.136.92.194, 1986, 58875, 0, 0, 8080, TCP, Accept, -, -, -, 20000, 0, -, -, 2, 45
10.0.129.1, -, -, N, 11/4/2002, 22:35:41, fwsrv, ISA, -, -, 217.136.92.194, 1983, 59531, 0, 0, 8080, TCP, Accept, -, -, -, 20000, 0, -, -, 2, 45
10.0.129.1, -, -, N, 11/4/2002, 22:35:55, fwsrv, ISA, -, -, 217.136.92.194, 1985, 71828, 0, 0, 8080, TCP, Accept, -, -, -, 20000, 0, -, -, 2, 45
1

Web proxy log
-------------
127.0.0.1, anonymous, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0), N, 11/4/2002, 22:35:35, w3proxy, ISA, -, www.google.be, 216.239.53.101, 80, 203, 295, 4378, http, TCP, GET, http://www.google.be/, text/html, Inet, 200, 0x40020005, PR-SPECIAL, SCR-INTERNET
127.0.0.1, anonymous, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0), N, 11/4/2002, 22:35:35, w3proxy, ISA, -, www.google.be, 216.239.53.101, 80, 188, 391, 195, http, TCP, GET, http://www.google.be/images/hp0.gif, text/html, Inet, 304, 0x40000006, PR-SPECIAL, SCR-INTERNET
127.0.0.1, anonymous, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0), N, 11/4/2002, 22:35:35, w3proxy, ISA, -, www.google.be, 216.239.53.101, 80, 188, 391, 195, http, TCP, GET, http://www.google.be/images/hp1.gif, text/html, Inet, 304, 0x40000006, PR-SPECIAL, SCR-INTERNET
127.0.0.1, anonymous, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0), N, 11/4/2002, 22:35:35, w3proxy, ISA, -, www.google.be, 216.239.53.101, 80, 172, 391, 195, http, TCP, GET, http://www.google.be/images/hp2.gif, text/html, Inet, 304, 0x40000006, PR-SPECIAL, SCR-INTERNET
127.0.0.1, anonymous, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0), N, 11/4/2002, 22:35:35, w3proxy, ISA, -, www.google.be, 216.239.53.101, 80, 171, 391, 195, http, TCP, GET, http://www.google.be/images/hp3.gif, text/html, Inet, 304, 0x40000006, PR-SPECIAL, SCR-INTERNET
So, it sounds more like a authorization problem in your case.

HTH,
Stefaan

(in reply to Ustas)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Web proxy publishing for external IP addresses Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts