Using ISA 2006 Std, pretty basic config: one nic to internet, one internally, ISA is a domain member. I have enabled WPAD discovery through DNS and forced "Automatically detect configuration settings" through group policy, I exclude certain sites from being proxied by opening the Internal network object>Web Browser>"Directly access these servers or domains". Users have no problem using the proxy with this setup.
I have one site that is listed in the "directly access ..." list, let's call it *.trouble.com. I have included it as: "*.trouble.com" "www.trouble.com"
If I look at logging I see *most* traffic to www.trouble.com is not proxied but some http requests are being proxied. This particular site is using Citrix Metaframe over https so it is very sensitive to a timeout.
Question: why would some traffic to www.trouble.com be proxied when it is specifically excluded by my configuration (above)??
Web Browser. Specify browser settings to be configured for Web Proxy clients in the network. <snip> Note the following when you specify destinations for direct access in the Directly access these servers or domains list:
You should specify both the IP address and the fully qualified domain name (FQDN) of the destination, or the FQDN only. If there is an IP range in the list, the automatic configuration script determines whether the resolved name of the IP address is included in the list. If it is, the script determines whether the destination is internal before submitting the request.
After I followed the step of excluding the domain I added the host's IP addresses to the "Directly Access.." as well. The problem went away after adding the IPs. Apparently this problem only occurs if there IP addresses in the "Directly Access" list.