• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

www.domain vs domain only access to web sites

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> General >> www.domain vs domain only access to web sites Page: [1]
Login
Message << Older Topic   Newer Topic >>
www.domain vs domain only access to web sites - 13.Sep.2006 9:08:11 PM   
hlbenda

 

Posts: 13
Joined: 19.Jun.2006
From: Nebraska
Status: offline
I am running ISA 2004 as proxy & cache - all appears to work well except:

A client could go tohttp://www.motoralldata.com/alldata/MOTOR~V17976660~C8000~R0~OF1~N/0 but not http://motoralldata.com/alldata/MOTOR~V17976660~C8000~R0~OF1~N/0 .  (not using the www gave a timeout error)  

The nslookup information on www.motoralldata.com showed an ip address of 169.198.1.193 and nslookup information on motoralldata.com showed ip addresses of 208.253.229.23 and 169.198.1.193. 

If the client PC went to a site like Google first, then pasted in the address, both addresses worked. 

A sniff showed a failure on authentication on the http://motoralldata.com.... Address. 

We have resolved the issue by adding an entry in the hosts file on the ISA server of:  169.168.1.193    motoralldata.com
The clients can now access both links, with or without the www!

Still not sure what the real problem is but am worried that other sites may behave the same.  Does anyone understand this???


_____________________________

Thanks!
Heather
Post #: 1
RE: www.domain vs domain only access to web sites - 14.Sep.2006 11:58:15 AM   
aklimkin

 

Posts: 182
Joined: 28.Jun.2006
Status: offline
It's clear that both 'www.domain.com' and 'domain.com' should refer to the same ip to make client browser to show the same content. Or 'domain.com' could perform simple unconditional redirect to 'www.domain.com'.
It appears that in your case the remote web site doesn't use any of two above mentioned techniques.
That is why your users are experiencing difficulties while browsing that site.

The resolution you have introduced (to add hosts entry for that domain) is very common in such cases.

_____________________________

Regards,
Andrew

(in reply to hlbenda)
Post #: 2
RE: www.domain vs domain only access to web sites - 14.Sep.2006 7:17:54 PM   
hlbenda

 

Posts: 13
Joined: 19.Jun.2006
From: Nebraska
Status: offline
Thanks for the reply -

This still seems like a bad long-term solution.  I started looking into some other sites that clients have reported trouble with.  I don't see that this is at all uncommon in web sites.  

For example, folks were having trouble with orders on buy.com, but no problems when accessing the site without the proxy - nslookup on the www.buy.com and buy.com reveals 3 different IP addresses....

www.msn.com has a different IP than msn.com, but no problems have been reported with it. Could it be because there is no ssl involved with msn, but there is with buy.com?

I would be interested to know if others are seeing these same issues, how do they fix them (editing the hosts file on the isa server, or something else?).

Is there a hosts file available with the problematic sites already in it - and can I buy a subscription for the updates?

(Does ISA 2006 work better - like I stated above, without going through the proxy these issues do not exist and the pc does not have an entry in the hosts file)


_____________________________

Thanks!
Heather

(in reply to aklimkin)
Post #: 3
RE: www.domain vs domain only access to web sites - 15.Sep.2006 5:35:53 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Heather,

The ISA firewall will perfrom name resolution based on its DNS settings. There's never a reason to include HOSTS files entries for forward proxy. It's up to the organizaiton to determine how they want to map domain names. Most orgs have www.domain.com and domain.com map to the same address, although this is never a requirement.

Just to confirm, is this a fowrard proxy or a Web Publishing scenario?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to hlbenda)
Post #: 4
RE: www.domain vs domain only access to web sites - 15.Sep.2006 9:44:05 PM   
hlbenda

 

Posts: 13
Joined: 19.Jun.2006
From: Nebraska
Status: offline
It is a forward proxy.

(in reply to tshinder)
Post #: 5
RE: www.domain vs domain only access to web sites - 18.Sep.2006 3:43:21 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Heather,

OK, so it's up to the person running the Web site and it's DNS how www. and non-www. names are resolved. There's nothing that you need to do to reslove this issue, as things are working as they should be.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to hlbenda)
Post #: 6
RE: www.domain vs domain only access to web sites - 18.Sep.2006 5:45:18 PM   
hlbenda

 

Posts: 13
Joined: 19.Jun.2006
From: Nebraska
Status: offline
I understand what you are saying, unfortunately, my clients do not see it as running as it should be.  They see it as the site they need works with out ISA and does not work with it.  The site does work with the ISA hosts file entry. (which sucks as a long-term solution)

My concern is that I have a misconfiguration, but I don't know where.

(I can't imagine that I would be alone in this unless I had something incorrect.)

Comments, suggestions and ideas would be welcomed.

(in reply to tshinder)
Post #: 7
RE: www.domain vs domain only access to web sites - 19.Sep.2006 4:05:42 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Heather,

There's nothing you need to do with your ISA Firewall, it's a problem with their DNS configuration that's causing the problem. You might want to let them know that they might have spurious entries for the non-www entry.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to hlbenda)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> General >> www.domain vs domain only access to web sites Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts