HTTP Filtering and SOAP (Full Version)

All Forums >> [ISA 2006 Firewall] >> HTTP Filtering



Message


djkinetix1 -> HTTP Filtering and SOAP (10.Jun.2008 10:20:39 PM)

Hello,

We have a Java Web Start application which is primarily used to pass a number from a given client workstation back to our web server. Whenever we try to run our application on a client workstation using Microsoft ISA 2006 Enterprise, it seems the application is blocked. Our java logs show that ISA is for some reason breaking back a parsed SOAP message which is communicated back to the server. This SOAP handler was developed by Codehaus Xfire.

SOAP is nto working nice with the ISA 2006 HTTP proxy  (application Web Proxy) The errors shown in the ISA log basically show that ISA is throwing codes (200, 304, 500) for anything having to relate to xfire and SOAP. The only way we are able to get our application to work is by going to the Application Filter and disabling the Web Proxy Filter.

Is there a rule for SOAP that I need to create so this works? Any help would be MUCH APPRECIATED!!

Thank you,
Chris Perez




Jason Jones -> RE: HTTP Filtering and SOAP (11.Jun.2008 4:38:25 AM)

It may be that the web proxy filter is breaking SOAP communications...

Try defining a new protocol which uses port 80 but disable the web proxy filter for this new protocol only. Then create a new firewall policy rule for this particular application traffic only and use the new protocol. You may need to define different sources and destinations to allow you to define a rule specifically for the SOAP traffic, otherwise the web proxy filter may be disabled for other types of HTTP requests, which is not a good thing...

Cheers

JJ




djkinetix1 -> RE: HTTP Filtering and SOAP (11.Jun.2008 10:10:21 PM)

Jason,

Thanks for taking the time to reply. I tried your suggestions today and it still didn't work. ISA has a default rule to web proxy applications. I created a protocol like you said where the web proxy was unchecked in the application filter. I then created a firewall rule to the application link and assigned it the necessary protocol. When executing the application, it still didn't work.

I think that because the standard http filter is filtering all content, it is overriding the protocol I created. Digging through forums, it seems ISA and SOAP do not get along and there hasnt been a solution. I did a Wireshark sniff on the incoming and outgoing traffic. It is evident that ISA is taking the SOAP message and filtering the content via web proxy and basically breaking the communication back to the server.

Any other suggestions? Again, thanks for all your help.

Chris Perez




Jason Jones -> RE: HTTP Filtering and SOAP (12.Jun.2008 3:40:32 AM)

The process I described is specifically design to bypass the web proxy filter, so it should work - if you look at the ISA logs, are you sure that this rule and specific protocol are being used? Is the new rule above your existing internet access rule?

I have used this approach for several apps that "tunnel" over port 80 and it has solved the problem in all cases...

May be worth checking the config again to make sure it is working as expected...

Cheers

JJ




Page: [1]