• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Preventing browser from sending anonymous requests

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Web Proxy] >> Web Proxy Client >> Preventing browser from sending anonymous requests Page: [1]
Login
Message << Older Topic   Newer Topic >>
Preventing browser from sending anonymous requests - 14.Jul.2008 12:27:14 PM   
JW

 

Posts: 15
Joined: 21.Nov.2006
Status: offline
I'd like to force authentication for our web proxy.  When I enable this on my rules, it works, but there are still requests coming in as anonymous, and of course they get dropped.  Is there something that can be done in the client's browser to prevent anonymous requests?
Post #: 1
RE: Preventing browser from sending anonymous requests - 14.Jul.2008 12:45:55 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
No, this is normal behaviour.

http://technet.microsoft.com/en-gb/library/cc302664.aspx

"In addition, Web Proxy clients always make the first connection anonymously"

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to JW)
Post #: 2
RE: Preventing browser from sending anonymous requests - 14.Jul.2008 12:48:20 PM   
JW

 

Posts: 15
Joined: 21.Nov.2006
Status: offline
Thanks, Jason.  But is it normal for there to be A LOT of them from the same client, accessing the same site?  And, because of this design, will having authentication as a requirement break users' ability to get to any site, or will the initial connection be retried with authentication?

< Message edited by JW -- 14.Jul.2008 12:50:39 PM >

(in reply to Jason Jones)
Post #: 3
RE: Preventing browser from sending anonymous requests - 14.Jul.2008 4:49:45 PM   
ferrix

 

Posts: 547
Joined: 16.Mar.2005
Status: offline
JW,
for clients using the web proxy configuration, they will retry with authentication.

For clients that don't support proxy settings, are not set up to use them, or are too dumb to support authentication, those requests may fail.  Some apps for example call out to their home companies to check for updates, and some of these could fail.

Just be aware of trouble tickets of connection errors, and see if you can correlate any of them to anonymous "connection denied" logs.

(in reply to JW)
Post #: 4
RE: Preventing browser from sending anonymous requests - 16.Jul.2008 7:37:26 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

if you are using IE6, then the authentication method is NTLM. By using NTLM you send more requests to ISA machine and consequently to your DC. If you use Kerberos to authenticate, then you just have to authenticate once on bothe servers. Check this greate article for a better understanding:
Improving Web Proxy Client Authentication Performance on ISA Server 2006

Regards,
Paulo Oliveira.

(in reply to ferrix)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Web Proxy] >> Web Proxy Client >> Preventing browser from sending anonymous requests Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts