• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Websense Blocking Behaviour

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Misc.] >> 3rd Party Add-ons >> Websense Blocking Behaviour Page: [1]
Login
Message << Older Topic   Newer Topic >>
Websense Blocking Behaviour - 24.Nov.2009 6:30:40 AM   
isaman_2009

 

Posts: 3
Joined: 24.Nov.2009
Status: offline
Wondering if anyone can help. I've got ISA 2006 Enterprise installed in a 2 node NLB single NIC config. Websense 7.1 ISAPI is installed on each node along with a filter service.

If a client opens a browser window and tries to access a blocked site they get a 302 redirect and forwarded to a URL such as:

http://172.16.0.1:15871/cgi-bin/blockpage.cgi?ws-session=12345678

This page looks correct and the images and buttons work on the standard block page. The browser URL looks like the above.

But if the user already has IE or Firefox open on another internet page and tries to access a blocked site then get a 200 response from ISA. The block page URL is the site you tried to access and the block page doesn't display correctly because of some relative URL references.

Anyone seen anything similar? We have the same issues on both Standard and Enterprise ISA installs.

Websense support are very confused and of little hlp so far.

< Message edited by isaman_2009 -- 24.Nov.2009 6:31:51 AM >
Post #: 1
RE: Websense Blocking Behaviour - 24.Nov.2009 10:48:08 AM   
pwindell

 

Posts: 2243
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Unfortuneately this is 100% Websense as far as I can see.  They are the only one who have a prayer of figuring it out in my opinion.

_____________________________

Phillip Windell

(in reply to isaman_2009)
Post #: 2
RE: Websense Blocking Behaviour - 24.Nov.2009 3:49:33 PM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
I've seen issues with incorrectly displayed blocked pages that were caused by improperly configured browser exception lists.  If you are using autoconfiguration, make sure that you have the option to 'directly access computers specified in the addresses tab' selected on the 'web browser' tab of the Internal network properties.  If you aren't using autoconfiguration, make sure that the IP address(es) of your ISA firewalls are included in the browser exception list on your clients.

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to isaman_2009)
Post #: 3
RE: Websense Blocking Behaviour - 25.Nov.2009 5:43:16 AM   
pfearns23

 

Posts: 8
Joined: 6.Nov.2009
Status: offline
Can you try accessing ISA using the real ip address and see if the same occurs ?

Also, Can you post a screenshot of the blockpage when this is happening ?

It may be worth putting the isapi filter into debug - the ISAPI filter is the component that facilates the communcation between Websense and ISA, it also send the redirects for the blockpage.

Have Websense support asked you to do this already ? If not I can post instructions, it may some light on what is happening here ?

Cheers

< Message edited by pfearns23 -- 25.Nov.2009 6:14:43 AM >


_____________________________

Paul Fearns,
Technical Consultant
Celestix Networks - Europe.
http://www.celestix.com

(in reply to isaman_2009)
Post #: 4
RE: Websense Blocking Behaviour - 26.Nov.2009 8:29:57 AM   
isaman_2009

 

Posts: 3
Joined: 24.Nov.2009
Status: offline
We are not using Autoproxy and the bypass are configured for all internal networks.

The behaviour is the same if you access a node directly. I've also got ISA 2006 SP1 Standard installed on a test box and the same happens so I don't think it's an Enterprise problem. I can switch in ISAPI filter debug and see what turns up.

Can anyone tell me what the correct behaviour should be? Are user meant to see the URL of the page they attempted to go to or the URL of the ISA server?

(in reply to pfearns23)
Post #: 5
RE: Websense Blocking Behaviour - 26.Nov.2009 12:24:49 PM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
It might also be helpful to gather a network trace to see exactly what is going on on the wire.

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to isaman_2009)
Post #: 6
RE: Websense Blocking Behaviour - 2.Dec.2009 9:49:27 AM   
pfearns23

 

Posts: 8
Joined: 6.Nov.2009
Status: offline
As Richard has suggested it would be good to get a packet trace to see exactly what is going on.

The url once blocked should show the url of the blockpage ie:

http://192.168.1.1:15871/cgi-bin/blockpage.cgi?ws-session=583456564

If you want a quick way to ensure you can access it through ISA you can just access

http://192.168.1.1:15871/cgi-bin/blockpage.cgi

and you should get the response 'Invalid Session'

Can you post or PM to me a pic of the blockpage you receive ?

If you run a packet trace and access a blocked site you shouldsee  the response for the initial page being a '302' this is the redirect and you should then see the blockpage url (as above) and the response to that should be a 200

You mentioned that ISA responds with a 200 - do you see the 302 at all ?

_____________________________

Paul Fearns,
Technical Consultant
Celestix Networks - Europe.
http://www.celestix.com

(in reply to richardhicks)
Post #: 7
RE: Websense Blocking Behaviour - 14.Apr.2010 11:28:23 AM   
kissattila1064

 

Posts: 2
Joined: 14.Apr.2010
From: Budapest, Hungary
Status: offline
Hi,

I am facing with just the same problem.
I did traces on both the cliant, the ISA and the Websense server.
It shows that ISA just send an ACK to the request then stops sending any data to client. It starts negotiation the authentication type when works fine.

Some month went by since the last post, is there any solution for the problem?

regs,

(in reply to isaman_2009)
Post #: 8
RE: Websense Blocking Behaviour - 14.Apr.2010 12:48:06 PM   
pwindell

 

Posts: 2243
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
It shows that ISA just send an ACK to the request then stops sending any data to client.

If ISA sent an ACK then it is not supposed to send anything else. If the ISA is the one sending the ACK then it means the machine on the other end initiated the connection and ISA is doing what it is supposed to do after sending an ACK,...which is to sit there and wait for a response.

_____________________________

Phillip Windell

(in reply to kissattila1064)
Post #: 9
RE: Websense Blocking Behaviour - 15.Apr.2010 4:38:07 AM   
kissattila1064

 

Posts: 2
Joined: 14.Apr.2010
From: Budapest, Hungary
Status: offline
Hi,

Thanks for the quick answare.
I compared the trace with the another portion when it sends the normal blocking page: After thar particular ACK, ISA sends first some packets to initiate an authentication negotiation then lastly sends a 302 move redirect to the client in order to redirect the browser to the blocling page prepared by the Websense server.
What was the solution in your case (if there was any)?

(in reply to isaman_2009)
Post #: 10
RE: Websense Blocking Behaviour - 5.Oct.2010 5:24:20 PM   
CRasch

 

Posts: 10
Joined: 28.Apr.2002
From: Fresno, CA
Status: offline
You will want to add the IP address of the Websense Filtering servers not to be proxied, since they are providing the block page. You do not want ISA to cache the response.

(in reply to richardhicks)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Misc.] >> 3rd Party Add-ons >> Websense Blocking Behaviour Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts