Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Websites get temporaryly inaccessible (403 Forbidden)
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Websites get temporaryly inaccessible (403 Forbidden) - 12.Oct.2004 5:51:00 PM
|
|
|
peterjuuls
Posts: 3
Joined: 12.Oct.2004
Status: offline
|
My ISA 2004 Std (on Win2003) is used for web caching only. Users/clients are required to authenticate (using Integrated Auth.).
ISA is located on our internal network and accesses the Internet through our Checkpoint firewall.
Internal clients are web proxy clients, IE5.5SP2 and IE6SP1 on Win2000
The web access rule permits http, https and ftp to the Internet and permits any content.
Users start browsing in the morning, everything works fine, but suddenly they get this error
"Error Code: 403 Forbidden. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)"
The error disappears after 5 - 30 minutes. In the meantime, the user can access other websites or even other URL's on the same inaccessible website.
Network Monitor on ISA shows me this
1. IE requests the URL
2. ISA asks IE for authentication
3. IE seems to ignore the auth-request and requests the URL again.
4. ISA returns the 403-error page
Most of the inaccessible websites are newspaper-sites with lots of fast changing content or ads.
Anybody seen this problem ?
Best regards
Palle
|
|
|
|
|
RE: Websites get temporaryly inaccessible (403 Forbidden) - 13.Oct.2004 12:30:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Palle,
Are the Web Proxy clients configured to use the ISA firewall's autoconfiguration script?
Thanks!
Tom
|
|
|
|
|
RE: Websites get temporaryly inaccessible (403 Forbidden) - 13.Oct.2004 7:19:00 PM
|
|
|
peterjuuls
Posts: 3
Joined: 12.Oct.2004
Status: offline
|
Hi Tom,
Clients are configured like this under
Tools -> Internet Options -> Connections -> LAN Settings
Automatically detect settings = Unchecked
Use automatic configuration script = Unchecked
Use a proxy server for your LAN = Checked
Bypass proxy server for local addresses = Checked
Under Advanced are listed two internal domain names prefixed with askerisks
The reason for not checking "Use automatic configuration script" is mainly that apparently it has no effect - the symptoms and errors are still there.
I guess one of your points is that checking "Use automatic configuration script" would ensure definitions of "local addresses" on ISA and web proxy client are synchronized. I don't believe this to be of any importance here, because the temporarily unavailable websites are external to both ISA and clients.
Best regards
Palle
|
|
|
|
|
RE: Websites get temporaryly inaccessible (403 Forbidden) - 18.Oct.2004 1:01:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Palle,
You must use autodetection (and wpad) or the autoconfig script to get the Web proxy client config from the ISA firewall to the Web browsers.
HTH,
Tom
|
|
|
|
RE: Websites get temporaryly inaccessible (403 Forbidden) - 9.Feb.2005 9:07:00 PM
|
|
|
countyjake
Posts: 8
Joined: 12.Dec.2002
From: MT
Status: offline
|
I get the same thing (403 Forbidden on many, but not all users PC's) when I enable "Use Automatic Configuration Script". If I don't have it in there, it works fine. Tom, a few questions if you would be so kind to shed some light on:
1. What info does that configuration script pass to the users?
2. I currently have WPAD in DHCP as well as in DNS, is this what you're talking about for the Autodetection? Do I also need to check the Automatically detect settings?
3. Why would we get 403 Forbidden on some PC's and not others... or at all really?
thanks!
jake
|
|
|
|
|
RE: Websites get temporaryly inaccessible (403 Forbidden) - 8.Mar.2005 4:15:00 PM
|
|
|
slohcine
Posts: 10
Joined: 8.Mar.2005
Status: offline
|
Hi Palle,
Were you able to resolve the problem you mention? I have a similar setup to you but my symptoms are a little different.
Thanks,
Eric
|
|
|
|
RE: Websites get temporaryly inaccessible (403 Forbidden) - 15.Mar.2005 10:34:00 AM
|
|
|
Guest
|
Hi.
Where any of you able too resolve this problem?
We have the the same issue.
I have tried all different client settings but with the same result.
We currently use WPAD via DHCP.
IF i press F5 a alot of times i a row the site may appear suddely, and if i continue to press F5 I get the original error message after a while.
Cincerely //JJ
|
|
|
|
|
RE: Websites get temporaryly inaccessible (403 Forbidden) - 18.Mar.2005 3:43:00 PM
|
|
|
wbplomp
Posts: 138
Joined: 18.Nov.2004
From: Netherlands, The
Status: offline
|
Hi Guys,
I found a solution that might help!
First a bit explenations... I had two basic rules:
Full Internet Access (Full Internet Access Users. All Content types)
Restricted Internet Access (All Users, Video/Audio disabled)
I wanted unauthenticated users to be able to have restricted internet access.
But everytime they wanted to browse, they got this errror or an logon box.
What seemed to be the problem.... the rule order!
When a rule matches except the user credentials, it asks for authentication without going to the next rule.
So... put the unauthenticated/All Users rules at top, then rules wich require authentication.
Kind regards,
Boudewijn Plomp
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
